[aerogear-dev] Security / HTTP Basic: server interaction for Login/logout ?

Matthias Wessendorf matzew at apache.org
Tue May 28 13:52:31 EDT 2013 

On Tue, May 28, 2013 at 7:48 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Do you think is a good idea to put it at AG-Sec-Auth?
>
> Maybe specifying server and client bits?
>

Probably good idea.

Used AG-Sec-Auth, since it describes the server-side enpoints.

Some more generic client/server specs would be good. I think that goes into
the direction you mentioned during the meeting, on Monday, right ?





>
> Matthias Wessendorf wrote:
> > TL;DR
> >
> > https://issues.jboss.org/browse/AGSEC-60
> >
> >
> >
> >
> > On Fri, May 24, 2013 at 9:27 AM, Matthias Wessendorf <matzew at apache.org
> > <mailto:matzew at apache.org>> wrote:
> >
> >     Hi,
> >
> >     we do have server side endpoints, for login/logout:
> >
> >     SPEC:
> >     http://aerogear.org/docs/specs/aerogear-rest-api/
> >
> >     TODO demo:
> >
> https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162
> >     (routes to
> >
> https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java
> )
> >
> >     One thing that I noticed, when talking w/ Christos about the HTTP
> >     BASIC support, is that currently the modules "just" set the
> >     credentials on "LOGIN",
> >     and they perform a "clean-up", on the logout.
> >
> >     For both, login/logout, no request is send to the matching
> >     "endpoints" on the server-side
> >
> >
> >     Android (logout):
> >
> https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147
> >
> >     iOS (logout):
> >
> https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139
> >
> >     Not sure, but ususally, a logout against the server also performs
> >     some sort of clean up. For instance in the TODO demo, it issues a
> >     logout against the IDM:
> >
> https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113
> >
> >
> >     Greetings,
> >     Matthias
> >
> >
> >
> >     --
> >     Matthias Wessendorf
> >
> >     blog: http://matthiaswessendorf.wordpress.com/
> >     sessions: http://www.slideshare.net/mwessendorf
> >     twitter: http://twitter.com/mwessendorf
> >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130528/5469417c/attachment.html

More information about the aerogear-dev mailing list