[aerogear-dev] [JS - auth] isAuthenticated issue...

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] [JS - auth] isAuthenticated issue...

Matthias Wessendorf
Hi,

I noticed some interesting behavior with the 'isAuthenticated' function.

It returns TRUE even when the pipe is not authenticated, because a
wrong(or no) authenticator has been attached,

See:

https://gist.github.com/3812824


IMO it should return FALSE when no authenticator is attached. Even on
a 'pipe connection' where no auth is required, the
'isAuthenticated:false' would be still wrong, as the connection is not
authenticated - since not required...

Any thoughts ?


Of course, this brings up the question if there should be some
'callback' that is invoke when the 'pipe' receives a 401. To indicate
'wrong' (or no) auth provided.. ?!

-Matthias

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] [JS - auth] isAuthenticated issue...

Kris Borchers

On Oct 1, 2012, at 11:29 AM, Matthias Wessendorf <[hidden email]> wrote:

> Hi,
>
> I noticed some interesting behavior with the 'isAuthenticated' function.
>
> It returns TRUE even when the pipe is not authenticated, because a
> wrong(or no) authenticator has been attached,
>
> See:
>
> https://gist.github.com/3812824
>
>
> IMO it should return FALSE when no authenticator is attached. Even on
> a 'pipe connection' where no auth is required, the
> 'isAuthenticated:false' would be still wrong, as the connection is not
> authenticated - since not required...
>
> Any thoughts ?

Yes, this is a good point. I think in the rush to get something working, i have combined isAuthenticated with something like hasAuthenticator which is wrong. This is still being worked out, along with "privatizing" methods and none of the docs have been written yet so give me a little more time and this will be straightened out.

>
>
> Of course, this brings up the question if there should be some
> 'callback' that is invoke when the 'pipe' receives a 401. To indicate
> 'wrong' (or no) auth provided.. ?!

That is what the statusCode options is for so that not only 401 but any specific status code can be handled appropriately. Again, once the docs are done this should be clearer. :)

>
> -Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] [JS - auth] isAuthenticated issue...

Matthias Wessendorf
On Mon, Oct 1, 2012 at 6:47 PM, Kris Borchers <[hidden email]> wrote:

>
> On Oct 1, 2012, at 11:29 AM, Matthias Wessendorf <[hidden email]> wrote:
>
>> Hi,
>>
>> I noticed some interesting behavior with the 'isAuthenticated' function.
>>
>> It returns TRUE even when the pipe is not authenticated, because a
>> wrong(or no) authenticator has been attached,
>>
>> See:
>>
>> https://gist.github.com/3812824
>>
>>
>> IMO it should return FALSE when no authenticator is attached. Even on
>> a 'pipe connection' where no auth is required, the
>> 'isAuthenticated:false' would be still wrong, as the connection is not
>> authenticated - since not required...
>>
>> Any thoughts ?
>
> Yes, this is a good point. I think in the rush to get something working, i have combined isAuthenticated with something like hasAuthenticator which is wrong. This is still being worked out, along with "privatizing" methods and none of the docs have been written yet so give me a little more time and this will be straightened out.
>
>>
>>
>> Of course, this brings up the question if there should be some
>> 'callback' that is invoke when the 'pipe' receives a 401. To indicate
>> 'wrong' (or no) auth provided.. ?!
>
> That is what the statusCode options is for so that not only 401 but any specific status code can be handled appropriately. Again,
> once the docs are done this should be clearer. :)


ah, that is sweet :)

$.ajax({
  statusCode: {
    404: function() {
      alert("page not found");
    }
  }
});



-M




>>
>> -Matthias
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>> _______________________________________________
>> aerogear-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] [JS - auth] isAuthenticated issue...

Matthias Wessendorf
In reply to this post by Kris Borchers
Filed AEROGEAR-504

-M

On Mon, Oct 1, 2012 at 6:47 PM, Kris Borchers <[hidden email]> wrote:

>
> On Oct 1, 2012, at 11:29 AM, Matthias Wessendorf <[hidden email]> wrote:
>
>> Hi,
>>
>> I noticed some interesting behavior with the 'isAuthenticated' function.
>>
>> It returns TRUE even when the pipe is not authenticated, because a
>> wrong(or no) authenticator has been attached,
>>
>> See:
>>
>> https://gist.github.com/3812824
>>
>>
>> IMO it should return FALSE when no authenticator is attached. Even on
>> a 'pipe connection' where no auth is required, the
>> 'isAuthenticated:false' would be still wrong, as the connection is not
>> authenticated - since not required...
>>
>> Any thoughts ?
>
> Yes, this is a good point. I think in the rush to get something working, i have combined isAuthenticated with something like hasAuthenticator which is wrong. This is still being worked out, along with "privatizing" methods and none of the docs have been written yet so give me a little more time and this will be straightened out.
>
>>
>>
>> Of course, this brings up the question if there should be some
>> 'callback' that is invoke when the 'pipe' receives a 401. To indicate
>> 'wrong' (or no) auth provided.. ?!
>
> That is what the statusCode options is for so that not only 401 but any specific status code can be handled appropriately. Again, once the docs are done this should be clearer. :)
>>
>> -Matthias
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>> _______________________________________________
>> aerogear-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev