[aerogear-dev] Allow Push Without Master-Secret?

Sebastien Blanc scm.blanc at gmail.com
Wed Apr 16 13:58:06 EDT 2014


Hi,
Thanks for your interest and your project sounds interesting.
<DISCLAIMER>Please reconsider twice before removing this security, you
should really not do this </DISCLAIMER>

But, here is where it happens
https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/sender/PushNotificationSenderEndpoint.java#L55-L64
or
https://github.com/aerogear/aerogear-unifiedpush-server/blob/0.10.x/server/src/main/java/org/jboss/aerogear/unifiedpush/rest/sender/PushNotificationSenderEndpoint.java#L55-L67for
the 0.10.x version.
The code is pretty straighforward and remember your alias will be in
UnifiedMessage.

Are you using the cartdridge for OpenShift ? if yes, you will not able to
deploy your "patched" version. You will have to compile it, package a WAR
and deploy it on a JBOSS/Wildfly OpenShift cartdridge.




On Wed, Apr 16, 2014 at 2:53 PM, Florian Schrofner <
florian.schrofner at outlook.com> wrote:

> Hey there guys!
>
> We are currently working on our semester project which allows you to sync
> notifications across different devices. The notifications themselves are
> stored on a separate webserver, but we are using the aerogear unified
> pushserver to start a sync.
> All the devices which should receive the push (and start the sync) are
> using
> the same alias, the push will be triggered by one of these devices
> On Android it should work fine, since we are able to use the Java Client
> and
> the secret without a problem (at least i think the secret would not be
> visible to anyone on Android).
> But we are also planning to implement a Chrome Addon and we don't really
> like the idea to make the master-secret visible to everyone.
>
> We know that the unified push server is not intended to be used as
> client-to-client push server atm, but since the pushes don't contain any
> important data it would be a sufficient solution to just disable the need
> for a master-secret if an alias is given (this would at least prevent
> broadcasts from being sent by third persons).
>
> So we wanted to ask you guys which lines of code we should modify inorder
> to
> allow pushes without master-secret, if an alias is given?
> It should only be an additional "if", I guess.. or does it get more
> complicated?
> We are currently hosting our unified pushserver on OpenShift (would be nice
> if you could also roughly tell us how to push the changes onto the server..
> do we need to recompile everything?)
>
> Cheers,
> Florian
>
>
>
> --
> View this message in context:
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Allow-Push-Without-Master-Secret-tp7474.html
> Sent from the aerogear-dev mailing list archive at Nabble.com.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140416/0b90d22d/attachment.html 


More information about the aerogear-dev mailing list