Flex :: Security - Blaze DS Not Passing OpenSSO Authentication Cookie?
Jun 15, 2010
I have a set of RESTful web services. These services are protected on a Glassfish server by OpenSSO. When I attempt to call the RESTful services directly from a browser, OpenSSO intercepts the request, then forwards the request to the REST service once the user's credentials are authenticated. OpenSSO utilizes a session cookie on subsequent requests (until the session is invalidated) . I'm sure this piece is working correctly.We'd like to call these services from a Flex client. In order to enable PUT and DELETE operations, we set up BlazeDS to proxy the RESTful requests from the flex client to the REST service. When security to the RESTful services is disabled, this piece works great.
Now we're trying to secure the entire application. We've placed the Flex SWF into a war and deploy to Glassfish. We've placed security around this resource and when a user attempts to download the SWF (through an HTML link in the war), OpenSSO intercepts the request, then forwards to the application on successful authorization (just like it does for the RESTful web services).The problem is - the RESTful calls made by the Flex application (via BlazeDS) are failing. OpenSSO seems to be intercepting these requests as well and again asking for the users credentials. It doesn't seem the authentication cookies are being passed to (or maybe by) the BlazeDS proxy.
View 1 Replies
Similar Posts:
Jul 22, 2009
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication.channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().hat I want to do: Check from Flex to know if a user is already in a session.
View 3 Replies
Dec 12, 2010
i have a flash application connected with a script on a remote server(X)different from the server hosting the website(Y)the application on server X needs to get some user information so i need to identify the user by what i have in the cookie
remote server X will get those informations from server Y is there any way i can get the user name or user id from the CAKEPHP cookie var?the authentication is the one found on cakephp website
[flash]----request---->[server X]----request---->[server Y]----response---->[server Y]...
View 1 Replies
Aug 1, 2011
Is it possible to pass a cookie with a url call?
View 3 Replies
Feb 15, 2011
I'm just looking for some direction to integrate my Flex app with SiteMinder. I can't find any working examples online to get me started.
View 1 Replies
Mar 29, 2012
I just set up my environment (Flex 4.6 SDK, Blaze DS 4.01) and I'm wondering where the needed mx.* packages might be found, since I want to import classes, such as mx.messages.Producer / Consumer, in my non-MXML-Project and instanciate them programmatically. Blaze DS API ref says, they are part of the Blaze-WAR but I just can't find them.
View 1 Replies
May 18, 2010
I need to save email-id in my login form through the cookies. if I use shared object I am able to save but my requirement is need to save in cookies. How can I save? I got sample code from net. Attaching that code `package com {
import flash.external.ExternalInterface;
/**
* The Cookie class provides a simple way to create or access
* cookies in the embedding HTML document of the application.
[Code].....
View 1 Replies
Dec 20, 2009
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
View 1 Replies
Jul 20, 2011
The question says it. Does anybody know the answer to this? We're running into problems when 3rd-party cookies are disabled.
View 1 Replies
Sep 6, 2010
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files.
Below is the SOAP envelop required by the service.
[Code]...
View 1 Replies
Aug 9, 2010
I made a blog widget in flex. I need manipulate cookie in my widget which is added to my user's blog. But under some circumstance, some blog hosts forbid accessing to javascript, so i can not access cookie in flex by externalInterface. Does anyone know how to access cookie in this context?
View 3 Replies
May 31, 2010
my login form in flex when I login I have created a cookie in jsp like this name setValueCookie.jsp [code]through the httpservice value i am getting but if i open a new window or any new tab cookie value is not getting how can i solve this?
View 1 Replies
Sep 16, 2010
I have a flex app that uses AMF to talk to a Spring Java backend. How do I get the values of cookies that have been set by the server and are being sent back by AMF?
View 1 Replies
Jun 4, 2010
I want to have flex portlets side by side with JSP portlets. How can we implement the authentication mechanism? [ Authentication will be handled by the portal and how can we share the same session with flex portlets ]
View 1 Replies
Sep 17, 2010
I am developing an application in Adobe Flex. This application is to be hosted on a Joomla Website. I want to achieve Single Sign On between my Joomla website and this Flex Application. The Users log in using the default Joomla Mechanisms however I want the username as well as some other details about the user inside my Flex Application.
View 1 Replies
Feb 4, 2011
Some background: I have a Flex app embedded in an HTML page and am using Flex to send a soap request to my Java backend that does some authentication depending on the username and password entered in the Flex form. If I enter the correct login everything works fine and the Flex app can continue making further requests. But with an incorrect username/password, an "Authentication Required" dialog box pops up in my Browser and my Flex app won't respond with its proper handler until I click cancel. I'd like to get rid of the dialog box somehow,
View 2 Replies
Jul 24, 2011
How would one create a video or audio stream using OSMF when there must be basic authentication on the url?Can one feed in Audio/Video using HTTPService to provide the header authentication?
View 2 Replies
Feb 2, 2011
We have a situation where a web application within an intranet requires windows authentication. This way employees of the company can login to their desktops and have automatic access to the web application and also be identified automatically without having to login because Windowns Authentication takes care of that. The problem is that we've added a Flex module to the web application. The web application comes up fine and authenticates the user can then navigate to the page where we have the Flex application. Which loads fine. The problem is that the Flex application also needs to communicate with the same server about this user but this communication is not working and is prompting the user for a password. Even if the correct user/pass is entered it fails and the Flex application can't talk to the server which requires Windows authentication.
Our expectations was the since the IE browser housing the flex application was already authenticated that all communication from the Flex app would also carry with it the necessary information to enable it to access the server without authentication.
View 2 Replies
Jul 6, 2011
As the title indicates the question is in regards to the service layer of a flex application. Specifically in a test case class. To call the services the user must first authenticate through an html/CF based page. Once that's done and the authentication has occurred the user is directed to the html page with the flex application embedded in. Once authenticated the server side CF code writes a cookie to the users computer. This cookie is then read by the flex app and is required for the flex app to make calls to the CF services.
The question is: how should this be handled in a test case class for the service class in the flex app? The following steps need to basically take place: use some account data to hit the server and authenticate, the cookie then needs to be written (which it will already), then the test case needs to pick up the session id from the cookie and pass it to the service call within the test case. That just all seems like too much for a test case class.
So, how is this type of thing usually handled. From what I gather it's typical for web service calls to require a session id like this.
View 1 Replies
Sep 24, 2009
In AIR on Mac, when I send login creds to a service and they're incorrect, AIR displays a native popup window to try logging in again without dispatching an error event. Twitter provides a header (suppress_response_codes=true), which returns any error as a status 200 with the error message. I'm using HTTPService to connect to a service without a header like this. Are there any properties or headers I can send to avoid this popup?
View 3 Replies
Nov 4, 2010
I have flex client application with php as a server and i want to implements domain user and password authentication. I'm sending the user and the password from the flex client through httpservice to php script and the php script authenticate the user and the password with the domain But! I want to encrypt the user's password in flex and to decrypt it in the php. I have the as3crypto.swc module for the flex but I don't find any way to decrypt it in the php. So, how can I do that and If this is not the right way to do that how can I do that?
View 1 Replies
Jul 24, 2011
I would like to load a an image from an external domain and I have the below so far:
private function get_coverArt(coverArtID:String):void
{
var requestString:String = "/rest/getCoverArt.view?v=1.5.0&c=AirSub&id=" + coverArtID;
[Code].....
View 1 Replies
Feb 15, 2012
I have a web application developed using flex and cakephp. My client need to make a desktop application of that web application using Adobe Air. The conversion of the flex to Air is done successfully. I the flex application the communication of flex and cakephp is handled using a remotes controller. In air application I have a problem of authenticating the user with cakephp default user authentication
View 2 Replies
May 30, 2009
Almost everything is in the title : Here's what I'd like to do :A nice html page with a php authentication process (http first then http**s** & so on) Launch a flex app which knows (I don't know how (this is the actual question !)) the user has already been authenticated and display his/her stuff he/she has to do for the day (or whatever...).
Of course if someone try to call directly the flex app I would display an "authentication error" message and then redirect to the authentication page.I'm sorry for my English which is perfectible.I was thinking about the session cookie : first authenticate then ass a variable on the server side, something like :
[Code]...
View 3 Replies
Mar 27, 2012
I want to call web service which has basic authentication.once url get authenticated then want to call particular service example xyz() which takes 2 parameter and return a flag .
View 1 Replies
Aug 23, 2011
I currently have a c++ client which can play SWF, AVI, BIK etc It uses DirectX9 to render the graphics I currently have a requirement for dynamic SWF files, which would retrieve data from a BlazeDS server and put certain text in certain places depending on the retrieved data From what I have read, BlazeDS talks to Adobe Flex and Adobe AIR applications Would that mean I would have to convert my current c++ client into a Flex application I'm just having trouble trying to figure out how Blaze and Flex and Air all fit together
View 1 Replies
Jan 5, 2012
I have an AIR app that I need to define a proxy for because the services sit behind a firewall. We are not using BlazeDS so I can't define the proxy settings in the proxy-config.xml file. So, how do I do it? I'm guessing that I'm not the first person who has had to work behind a firewall when accessing data so I'm not sure why I can't find any documentation on the web anywhere about this.AIR says it is supposed to automatically know and use the proxy configuration from your system, i.e. default browser. In there, I don't set a manual proxy, I use the 'automatic configuration' and point it to a .dat file. Could this be where the problem is? Does AIR not know how to understand this?There's no way to set a proxy on an HTTPService component unless you are using Blaze DS or LCDS? Is this true? I'd hate to have to add that to my application just so I can get this accomplished.
View 1 Replies
Feb 4, 2010
Inside a flex app, I have a user login. The login calls a ColdFusion function as a remote object which authenticates the user and, if applicable, returns their id and access level. This works fine, but now I'm at the point where I want to also create a cookie for another ColdFusion template (called from fileReference.upload()) to be able to access later. I have tried several different methods for creating the cookie -- cfcookie, creating a cookie with JavaScript inside the ColdFusion function, and creating the cookie with JavaScript with an external interface once the coldfusion function returns to the flex result handler. All of these have been tried with a plethora of options regarding expiration, path, and domain tags.
[Code]...
View 1 Replies
Feb 14, 2012
Does an AIR app built with Flex have something similar to a browser cookie? I want the app to remember a simple value, like date when the app was last opened. I'd rather not create a SQlite database just for this.
View 1 Replies
Dec 8, 2009
I have a flex app that allows the user to upload a file.The flex side uses the FileReference.upload method that goes to an .aspx page that handles the upload. It works only intermittently when I have IIS set to integrated windows authentication.That said, for testing purposes,I wrote a separate aspx page that does a file upload and this always works.I'd like to leverage the file import,though, within the nice looking flex app and not kick off a new webpage for a file upload.In looking at the IIS logs I have a hypothesis as to what's happening, and want to know if someone has full understanding as to why it may only intermittently work and can confirm or deny this: Flex' FileReference upload guts does whatever it does on the client then initiates a POST request to my .aspx page.On the times it failes, the IIS logs state that IE didn't pass the credentials so denies the request then sends a 401 response.
I don't get this 401 response on the flex side even though I'm listening for HTTP status codes (flash bug?).A new request is somehow immediately made to perform the upload again (it's not my code). I'm inferring this by looking at the IIS lgos which shows a second POST right after the previous one, only this time the user credentials are sent through, but the kicker is that the file the user uploaded is not uploaded this time. I infer this by the fact that the IIS logs show 0 bytes are posted, whereas the previous 401 request show a lot of bytes are POSTed.On the times it does work, what happens is that the first request for the HTTP POST the FileReference makes so happens to send the windows credentials along, so the client is not challenged.
View 1 Replies