[aerogear-dev] (no subject)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] (no subject)

Matthias Wessendorf
Hi Bruno,

when issuing a HTTP request against a protected resource (I am not
logged in), I am getting 401 (fine), but I don't see a
'WWW-Authenticate' header on the response. I also don't see any info
on this in the security roadmap (see [1]). Was there a special reason
to leave it out? I ask b/c usually that header is sent for basic,
digest or even oauth on the response header.

Thanks,
Matthias

[1] http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/


--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] (no subject)

Bruno Oliveira
We're not using basic authentication, but database authentication only.


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Tuesday, October 2, 2012 at 5:33 AM, Matthias Wessendorf wrote:

Hi Bruno,

when issuing a HTTP request against a protected resource (I am not
logged in), I am getting 401 (fine), but I don't see a
'WWW-Authenticate' header on the response. I also don't see any info
on this in the security roadmap (see [1]). Was there a special reason
to leave it out? I ask b/c usually that header is sent for basic,
digest or even oauth on the response header.

Thanks,
Matthias



--
Matthias Wessendorf

_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] (no subject)

Matthias Wessendorf
See my other mail, but I the WWW-Authenticate is required on 401 responses.

-M

On Tue, Oct 2, 2012 at 1:36 PM, Bruno Oliveira <[hidden email]> wrote:

> We're not using basic authentication, but database authentication only.
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Tuesday, October 2, 2012 at 5:33 AM, Matthias Wessendorf wrote:
>
> Hi Bruno,
>
> when issuing a HTTP request against a protected resource (I am not
> logged in), I am getting 401 (fine), but I don't see a
> 'WWW-Authenticate' header on the response. I also don't see any info
> on this in the security roadmap (see [1]). Was there a special reason
> to leave it out? I ask b/c usually that header is sent for basic,
> digest or even oauth on the response header.
>
> Thanks,
> Matthias
>
> [1] http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] (no subject)

Bruno Oliveira
It was team's choice ;)


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Tuesday, October 2, 2012 at 8:39 AM, Matthias Wessendorf wrote:

See my other mail, but I the WWW-Authenticate is required on 401 responses.

-M

On Tue, Oct 2, 2012 at 1:36 PM, Bruno Oliveira <[hidden email]> wrote:
We're not using basic authentication, but database authentication only.


--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Tuesday, October 2, 2012 at 5:33 AM, Matthias Wessendorf wrote:

Hi Bruno,

when issuing a HTTP request against a protected resource (I am not
logged in), I am getting 401 (fine), but I don't see a
'WWW-Authenticate' header on the response. I also don't see any info
on this in the security roadmap (see [1]). Was there a special reason
to leave it out? I ask b/c usually that header is sent for basic,
digest or even oauth on the response header.

Thanks,
Matthias



--
Matthias Wessendorf

_______________________________________________
aerogear-dev mailing list



_______________________________________________
aerogear-dev mailing list



--
Matthias Wessendorf

_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev