[aerogear-dev] aerogear security and android

marceloheck marceloheck at gmail.com
Mon Apr 7 12:23:09 EDT 2014


hello , sorry , i  will try to explain

a changed project jaxrs shiro to running WildFly 8.0.0.Final:

remove interface  IdentityManagement  
 
interceptor jar web.xml
  <interceptors>
       
<class>org.jboss.aerogear.security.interceptor.SecurityInterceptor</class>
    </interceptors>

and change IdentityManagementImpl


@ShiroSecurity //for Secure.java
@Default
@ApplicationScoped
public class* IdentityManagementImpl* implements IdentityManagement<User> {


   @Override
    public boolean hasRoles(Set<String> roles) {

        return subject.hasAllRoles(roles);
    }
...

i changed service/

    @GET
    @Path("/bacon")
    @Produces(MediaType.APPLICATION_JSON)
    @Secure("simple")
    public List<String> bacons() {
        return Arrays.asList(new String[]{"bacon", "Jowl", "Canadian",
"Speck", "Pancetta"});
    }
    
    @GET
    @Path("/livre")
    @Produces(MediaType.APPLICATION_JSON)
    public List<String> livre() {
        return Arrays.asList(new String[]{"livre", "Jowl", "Canadian",
"Speck", "Pancetta"});
    }

    @GET
    @Path("/cerveja")
    @Produces(MediaType.APPLICATION_JSON)
    @Secure("admin")
    public List<String> beers() {
        return Arrays.asList(new String[]{"cerveja", "California",
"Michigan", "Ireland", "British"});
    }


my problem in  login and autorization service

i login  (mar is role "simple")
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d '{"loginName":"mar","password":"123"}'
-X POST http://localhost:8080/appteste/rest/auth/login
    HTTP 200: Authorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon
    HTTP 401: Unauthorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja
and is ok 
but
another pc 
i login (adm is role "adm")
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d '{"loginName":"adm","password":"123"}'
-X POST http://localhost:8080/appteste/rest/auth/login
    HTTP 200: Authorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja
    HTTP 401: Unauthorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon
is ok 

now i request again user mar , mar not access rest

two users not login in one application 

in mobile too 








--
View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-security-and-android-tp6703p7397.html
Sent from the aerogear-dev mailing list archive at Nabble.com.


More information about the aerogear-dev mailing list