tags:

views:

91

answers:

3
+1  Q: 

Spring security with Flex using Container Preauth

I've got the Spring Security preauthentication sample configured and working with JBoss. The next step is to somehow get the user information into a flex client GUI.

What are some methods that will let me get the Authentication or UserDetails object that's created by spring-security on http access into the flex client? Since I'm logging in externally, I can't use channelset.login(), right? All the examples I've seen so far assume that the user logs in manually through the flex client, but the requirement is for container-based authentication.

Using flex3, spring 3.0.4, spring-security-3.0.3

A: 

There is an article on Adobe DevNet covering this topic: http://www.adobe.com/devnet/flex/articles/flex_security.html

David Collie  2010-09-21 10:10:43
that's one of the examples that has the user entering username and password into flex. I don't want that. The user's already been authenticated through http BASIC before he ever hit the flex client, and now I want to pull that data into flex.
Gary  2010-09-21 11:30:58
Ah gotcha, I'm not an expert on Spring, but usually in these type of scenario's the answer would be to hit an HTTP endpoint to return credentials that can then be used in the Flex ChannelSet.login().
David Collie  2010-09-21 12:19:33
If you are using HTTP endpoints and your Flex endpoints are on the same domain as your HTTP auth endpoint, then you can enforce just by checking the cookie.
David Collie  2010-09-21 12:20:21
+1  A: 

If you use spring-flex together with blazeds for the flex to java http plumbing, then what you have to do is to :

  • enable the Spring Security filter chain in web.xml

  • secure your blazeds service with your expected security constraints

  • make your spring-security AuthenticationProvider use your authentication mechanism

Francois  2010-09-22 09:32:32
A: 

Use PreAuthenticatedAuthenticationProvider as your authentication provider. Flex sessions will automatically map 1:1 with HTTP sessions, and you can access the authentication object using a session-scoped call to SecurityContextHolder.getContext().getAuthentication()

Gary  2010-10-06 17:03:34

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.