Flex :: Check Spring Security For User Authentication And Get Roles?
Jul 22, 2009
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication.channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().hat I want to do: Check from Flex to know if a user is already in a session.
I tried asking this on the Spring forums ([URL]) but did not get a response. I'm working on a web application that has an (end user) user interface built in Flex and a management user interface built using Spring MVC. I'm trying to secure both interfaces and can get each one working separately, but not together. I'm using a snapshot build of spring-flex-core 1.5.0 with Spring Security 3.1RC1 and Spring 3.1M1
I'm obviously missing something but while the Spring Flex documentation describes how to configure a hybrid MVC+Flex application at the servlet level it appears to only consider security from the perspective of a flex-only application.
Some background: I have a Flex app embedded in an HTML page and am using Flex to send a soap request to my Java backend that does some authentication depending on the username and password entered in the Flex form. If I enter the correct login everything works fine and the Flex app can continue making further requests. But with an incorrect username/password, an "Authentication Required" dialog box pops up in my Browser and my Flex app won't respond with its proper handler until I click cancel. I'd like to get rid of the dialog box somehow,
I am having an issue with flex states in my application. What I am looking to do is on creation complete of the application, obtain a user role guest/user/superUser (based on username and password) from a server, then set the state client side based on that information. My .mxml classes need to include certain graphic elements based on that state. I am running into the issues of including elements based on the states defined at the Application level of the project. I am trying to avoid having to define the states in each .mxml file that needs it.
...to a totally dynamic UI based on what is returned from the DB.I've read about role-based access control and understand that it's best that the server generates the UI after a user is authenticated, but apart from re-doing the entire backend to store MXML et al., is there a better approach? Is it a bad idea to have a Permissions object that has properties like:
The components visibility and includeInLayout properties will be bound to these values. The UI will also allow a user to create new roles and set permissions.The only drawback I see is that every time a new feature is added, the app will have to be recompiled to update the bindings.
I've got the Spring Security preauthentication sample configured and working with JBoss. The next step is to somehow get the user information into a flex client GUI. What are some methods that will let me get the Authentication or UserDetails object that's created by spring-security on http access into the flex client? Since I'm logging in externally, I can't use channelset.login(), right? All the examples I've seen so far assume that the user logs in manually through the flex client, but the requirement is for container-based authentication. Using flex3, spring 3.0.4, spring-security-3.0.3
I have a set of RESTful web services. These services are protected on a Glassfish server by OpenSSO. When I attempt to call the RESTful services directly from a browser, OpenSSO intercepts the request, then forwards the request to the REST service once the user's credentials are authenticated. OpenSSO utilizes a session cookie on subsequent requests (until the session is invalidated) . I'm sure this piece is working correctly.We'd like to call these services from a Flex client. In order to enable PUT and DELETE operations, we set up BlazeDS to proxy the RESTful requests from the flex client to the REST service. When security to the RESTful services is disabled, this piece works great.
Now we're trying to secure the entire application. We've placed the Flex SWF into a war and deploy to Glassfish. We've placed security around this resource and when a user attempts to download the SWF (through an HTML link in the war), OpenSSO intercepts the request, then forwards to the application on successful authorization (just like it does for the RESTful web services).The problem is - the RESTful calls made by the Flex application (via BlazeDS) are failing. OpenSSO seems to be intercepting these requests as well and again asking for the users credentials. It doesn't seem the authentication cookies are being passed to (or maybe by) the BlazeDS proxy.
I have a web application developed using flex and cakephp. My client need to make a desktop application of that web application using Adobe Air. The conversion of the flex to Air is done successfully. I the flex application the communication of flex and cakephp is handled using a remotes controller. In air application I have a problem of authenticating the user with cakephp default user authentication
Almost everything is in the title : Here's what I'd like to do :A nice html page with a php authentication process (http first then http**s** & so on) Launch a flex app which knows (I don't know how (this is the actual question !)) the user has already been authenticated and display his/her stuff he/she has to do for the day (or whatever...).
Of course if someone try to call directly the flex app I would display an "authentication error" message and then redirect to the authentication page.I'm sorry for my English which is perfectible.I was thinking about the session cookie : first authenticate then ass a variable on the server side, something like :
I'm using Google Engine App with Python. I want to add custom user authentication. How is it done, with the best practices? I want custom authentication because the app is built in Flex and I don't want to redirect to an HTML page.
The user value object is like this: class User(db.Model): email = db.EmailProperty(required = True, indexed = True) masked_password = db.StringProperty(required = True) # maybe more things here
I would like to mask the password, is there some built in function in GAE? Then, how I will remember the current user? Through sessions and cookies? Or what else?
The following is my codes. This is still work in progress; so, you will see some functions with empty contents. Plus, this is my first Flex application; please bear with me. This is a quiz application that gets the questions and answers to each questions from a ColdFusion web service. There are three types of questions, True or False, Multiple Choice with single selection, and Multiple Choice with multiple selections. So, based upon the question type, the application would dynamically generate the appropriate amount of radio buttons or check boxes for the users to select. I got these working. The problem that I am having is, I am not sure how to check what the users have actually selected. In some other forums and posts on other web site, it said that I can use event.currentTarget.selectedValue to get the user selection. But when I actually do it, I got a run-time error saying, "Property selectedValue not found on mx.controls.FormItem and there is no default value." My question is, what do I need to do to capture the user selections?
Got a site almost complete however the user authentication isn't working. Simply put, I wish my website to reference a PHP file, which is echoing a users authentication level. Via the Actionscript, Flash pushes the user to the frame on the timeline they have the authority to view.
My PHP Code <?phpecho 'checkLog=999';?>
My AS2 Code - This code is pasted in the first frame of the timeline appname="mikesapp"loadVariablesNum("newlogin.php", 0, "POST"); //This verifies the users status and forwards them to the portion of the website they are authorized to access.////Auth Level 100 = Regional Access, Auth Level 200 = Franchise Access, Auth Level 300 = Employee Access, Auth Level 400 = Denied Access and Back Button as they do not have the privileges to move forward from there.//
Because the "checkLog" value is 999, the user should be forwarded to the "denied" label in the timeline however it is not as the site simply loops over and over. I'm sure Flash is accessing the "newlogin.php" file as when I rename it, flash errors stating it cannot locate the file. I have changed it back to the correct name since.
we would like to purchase Flash Media Interactive Server 3.5 to solve the following problem
1.Broadcast network internet lectures on a paid subscription,with the possibility user authentication.
2. Broadcast video and audio.
3. Broadcasting from several sources (1 camera, 2 camera, TV tuner, etc.)within a single stream with the possibility of the user to choose the viewing source, other sources at this time, you can view the preview.
4. The intended audience for 10 000 users and more. 5. Estimated flow rate of 1 megabit per second.
1. Is it possible for broadcasters to use a single server, or they need more? What configuration? 2. Does Flash Media Interactive Server 3.5 multicast? 3. How to make the system user authorization? Additional software, plug-ins? 4. How many users can simultaneously connect to the broadcast Flash Media Interactive Server 3.5 and how we calculate the bandwidth and outbound traffic?
I'm developing a web application (client in Flash Builder 4, server in Eclipse 3.6 + Tomcat 7 + Spring 3 Framework). How do I make the Flex client automatically deploy in the Tomcat server and use BlazeDS messaging and remoting more seamlessly?
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
Flex with add-ons such as BlazeDs to integrate with Spring. I have no experience using Flex, I just read some articles and tutorial about it, but I really would like to learn something new :-) Google Web Toolkit, maybe with something like gwt-ext. No experience, but I really like to learn. It's plenty of support out there if I need, but I think I will struggle to maintain Spring MVC and GWT in the same project, I read that it's not so easy but there are a couple of patterns to follow.
I try to start JEE, so after studying the frameworks avalaible for this architecture, i choose to use the following one: Flex, BlazeDS, Spring, Hibernate, mysql. i will work with eclipse or STS.The problem is that, after trying different project all over web tutorial, i wasn't able to create an architecture that gather all the last versions off technologies i choose.SO, can someone send me a links which refer a tutorial where it's preferable that the source code is available to download, and it gives the explanation about what is done.
I have been trying to upgrade spring-flex 1.0.3 to 1.5.2 in order to check new features, i.e. Hibernate lazy fetching support in BlazeDS 4. I downloaded all necessary packages, changed dependencies in Maven for Spring (to 3.0.7), Hibernate (to 3.6.9) and Spring flex core (to 1.5.2). When I try to build and deploy application, I got NullPointerException which indicates cause in my domain class (at the end of stack trace):
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files.
Below is the SOAP envelop required by the service.
We have a Flex-BlazeDS-Spring-JMS application. The issue is sometimes we get a Blazeds error: NoSuchMethodException. It is not able to find the Java service. The weird issue with this it does not happen all the item...1 time it goes through and returns the result, the 2nd time it fails, 3rd time fails and so on. Also not all methods fail, only 2 method calls fail.
I'm going to be using Flex 4 with Spring and Hibernate.Everything is configured and working. I know this as I can do simple queries, like listing all values in a table.Problem is when I try to perform a 'select' query, then I get all the values, as I was getting before, and not the specific attributes through Select query.I'm a beginner, so kindly overlook my lack of more technically sound words..but I don use them as I don wanna mis-quote.This is class used to store data coming from the MySQL database--