[aerogear-dev] Security / HTTP Basic: server interaction for Login/logout ?
Bruno Oliveira
bruno at abstractj.org
Tue May 28 16:07:19 EDT 2013
Sure thing, thanks Matthias.
Matthias Wessendorf wrote:
>
>
>
> On Tue, May 28, 2013 at 7:48 PM, Bruno Oliveira <bruno at abstractj.org
> <mailto:bruno at abstractj.org>> wrote:
>
> Do you think is a good idea to put it at AG-Sec-Auth?
>
> Maybe specifying server and client bits?
>
>
> Probably good idea.
>
> Used AG-Sec-Auth, since it describes the server-side enpoints.
>
> Some more generic client/server specs would be good. I think that goes
> into the direction you mentioned during the meeting, on Monday, right ?
>
>
>
>
> Matthias Wessendorf wrote:
> > TL;DR
> >
> > https://issues.jboss.org/browse/AGSEC-60
> >
> >
> >
> >
> > On Fri, May 24, 2013 at 9:27 AM, Matthias Wessendorf
> <matzew at apache.org <mailto:matzew at apache.org>
> > <mailto:matzew at apache.org <mailto:matzew at apache.org>>> wrote:
> >
> > Hi,
> >
> > we do have server side endpoints, for login/logout:
> >
> > SPEC:
> > http://aerogear.org/docs/specs/aerogear-rest-api/
> >
> > TODO demo:
> >
> https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162
> > (routes to
> >
> https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java)
> >
> > One thing that I noticed, when talking w/ Christos about the HTTP
> > BASIC support, is that currently the modules "just" set the
> > credentials on "LOGIN",
> > and they perform a "clean-up", on the logout.
> >
> > For both, login/logout, no request is send to the matching
> > "endpoints" on the server-side
> >
> >
> > Android (logout):
> >
> https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147
> >
> > iOS (logout):
> >
> https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139
> >
> > Not sure, but ususally, a logout against the server also performs
> > some sort of clean up. For instance in the TODO demo, it issues a
> > logout against the IDM:
> >
> https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113
> >
> >
> > Greetings,
> > Matthias
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list