[aerogear-dev] aerogear security and android
marceloheck
marceloheck at gmail.com
Mon Apr 7 12:23:09 EDT 2014
hello , sorry , i will try to explain
a changed project jaxrs shiro to running WildFly 8.0.0.Final:
remove interface IdentityManagement
interceptor jar web.xml
<interceptors>
<class>org.jboss.aerogear.security.interceptor.SecurityInterceptor</class>
</interceptors>
and change IdentityManagementImpl
@ShiroSecurity //for Secure.java
@Default
@ApplicationScoped
public class* IdentityManagementImpl* implements IdentityManagement<User> {
@Override
public boolean hasRoles(Set<String> roles) {
return subject.hasAllRoles(roles);
}
...
i changed service/
@GET
@Path("/bacon")
@Produces(MediaType.APPLICATION_JSON)
@Secure("simple")
public List<String> bacons() {
return Arrays.asList(new String[]{"bacon", "Jowl", "Canadian",
"Speck", "Pancetta"});
}
@GET
@Path("/livre")
@Produces(MediaType.APPLICATION_JSON)
public List<String> livre() {
return Arrays.asList(new String[]{"livre", "Jowl", "Canadian",
"Speck", "Pancetta"});
}
@GET
@Path("/cerveja")
@Produces(MediaType.APPLICATION_JSON)
@Secure("admin")
public List<String> beers() {
return Arrays.asList(new String[]{"cerveja", "California",
"Michigan", "Ireland", "British"});
}
my problem in login and autorization service
i login (mar is role "simple")
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d '{"loginName":"mar","password":"123"}'
-X POST http://localhost:8080/appteste/rest/auth/login
HTTP 200: Authorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon
HTTP 401: Unauthorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja
and is ok
but
another pc
i login (adm is role "adm")
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d '{"loginName":"adm","password":"123"}'
-X POST http://localhost:8080/appteste/rest/auth/login
HTTP 200: Authorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja
HTTP 401: Unauthorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon
is ok
now i request again user mar , mar not access rest
two users not login in one application
in mobile too
--
View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-security-and-android-tp6703p7397.html
Sent from the aerogear-dev mailing list archive at Nabble.com.
More information about the aerogear-dev
mailing list