[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Aerogear-dev] AeroGear Security - call for participation



Looks good Bruno.

As discussed on security-dev, DeltaSpike will probably provide:

* a lightweight authorization API (e.g. for REST endpoints, aerogear controller endpoints etc). This is implemented as a CDI interceptor, and delegates all work to it's SPI,
  *  we would probably want to write some extra integration for aerogear-controller and RESTEasy. This would allow us to do stuff like put the request and response in the InvocationContext. We might also want to add some support for wrapping any exceptions thrown in the right JAX-RS exception, adding response headers etc.
  * I would suggest using a security binding, rather than @Secured, as this is somewhat more powerful.
* a lightweight authentication API, which could be used by your REST endpoints for login/logout, perhaps with some auto-population of credentials.

On 27 Jul 2012, at 23:11, Bruno Oliveira wrote:

> Hi folks,
> 
> We've been discussing a lot about security on the server side this week and I would like to hear some feedback about the document below before going into more specific implementation details.
> 
> http://aerogear.abstractj.org/docs/AeroGearSecurity.html
> 
> Have a nice reading! :)
> -- 
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev redhat com
> https://www.redhat.com/mailman/listinfo/aerogear-dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]