[aerogear-dev] aerogear security and android

Bruno Oliveira bruno at abstractj.org
Wed Mar 12 10:18:40 EDT 2014 

Hi Marcelo, answers inline.

--  
abstractj

On March 12, 2014 at 8:42:10 AM, marceloheck (marceloheck at gmail.com) wrote:
> > sorry Matthias! thanks for you response,
>  
> I replied in Portuguese to answer doubts bruno

As Matthias said ML is not a one to one conversation, otherwise people won’t benefit of this discussion.

>  
> because we really need to solve, or we abandon aerogear

That would be bad, but at the same time is hard to guess what’s happening if you do not provide details.

>  
>  
> The AEROGEAR on the server side calling with android safely this  
> our problem
> , as we do not use the bus, we need to use token , encryption , push  
> , or
> all to protect that rest between the android and the server .

It seems to me too generic. Please make sure to provide more details like: 

- What are you trying to do on the server side?
- Which version of JBoss, AG are you running on the server? Which modules?
- What are you trying to do on the client side?
- Do you have stacktraces? That would help
- Our documentation is clear? What’s missing? What kind of example do you want?
- Have you tried the cookbooks? Are they enough?


>  
> As the AEROGEAR ( can be with Shiro ) can be used in this set , we modeled

AeroGear can be used with any thing as I mentioned before. We are not tied to a single server solution. 
   
> the example and putting the interceptors , inject or not doing  
> and we have a
> problem , do the login, and returns ok as android and server are  
> left

Have you managed to login using Shiro *only* and send cURL HTTP requests? How your endpoint looks like?

> communicating after that? the next call .... rest data and the  
> security
> group access hangs in ejb , by the examples gets very shallow can 

How does it work with cURL, wget?

> not see it
> working with android
>  
> do not know if I could explain it , it seems that in earlier versions 

I could barely understand due to the lack of details about what’s going on the server. Maybe stacktraces, code snippets, gists would be nice.

> of
> AEROGEAR token passed and now it is done underneath or not , we  
> are working
> at a time and almost gave up because I could not integrate and could  
> not
> find an example that does and has little in aerogear


The authorization token was provided by PicketBox, I guess 1 year and a half ago, but removed once we moved to PicketLink. Keep in mind that you don’t need: AeroGear Security, AeroGear Security Picketlink or AeroGear Security Shiro on the server — They are just a dozen of class wrappers to make the bare minimum simple, if you want to go advance, you must use the plain APIs from Shiro.

I strongly recommend you to use plain Shiro on the server and integrate it with AeroGear Android.

More information about the aerogear-dev mailing list