tags:

views:

2450

answers:

3
+7  Q: 

BlazeDS authentication

I am confused about authentication with BlazeDS. Most of the few examples I have found for authentication and authorization in BlazeDS and consequently Java Servlets in general make use of HTTP basic and digest authentication and realms for authorization. These examples are very simplistic and involve XML files with the user credentials rather than using a database. My past experience in web applications used form based logins and sessions for authentication and authorization, but I am not sure how to do this with Flex apps with BlazeDS backends.

What I want to do is have some way to access some service on the backend to handle authentication like an HTML form and some way to store session data in a cookie for authorization, but I am having trouble finding relevant details using cookies in BlazeDS and Flex applications.

If HTTP authentication with either basic or digest authentication is the best way, then is there any resource to find out how to authentication users with the credentials stored in the database rather than an XML file?

I am not particularly interested in web frameworks since I would like to understand how to authenticate/authorize users with a plain Servlet and BlazeDS.

+6  A: 

Authentication with BlazeDS and Flex is no different than with traditional web apps. Flex uses the same networking stack as the browser. So just follow instructions for securing your app server and then it should just work. If you want to have the login form in Flex then you can just send the credentials to j_security_check (for form based auth). Alternatively you can call login on the channelSet. Spring Security and Spring BlazeDS Integration M2 makes this very easy. Check out the Test Drive for a great sample (the usernames and passwords are still in an XML file but you can easily following the Spring documentation to move those to a database or LDAP server).

James Ward  2009-03-28 14:29:19
In the Test Drive, it looks like the channelSet gets reset on each browser refresh. If you've authenticated and refresh the page and check channelSet.authenticated, it says false, but your remoteObject call will still work. It looks like you stay authenticated to Spring, but Flex doesn't know about it. I'd like to find a way to login using Spring security and have it carry over to Flex, JSPs, whatever (like SSO). I'd like to be able to check from Flex to see if you're already authenticated with Spring (other than calling a hack method and seeing if you get denied access).
I Never Finish Anythi  2009-07-22 18:54:34
+1  A: 

Use Spring Security and check this website link text. I hope it will help.

Gok Demir  2009-06-19 00:40:41
+1  A: 

You may also want to check: http://livedocs.adobe.com/blazeds/1/blazeds_devguide/help.html?content=services_security_1.html

regjo  2010-01-15 18:15:21

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.