Embeded FLEX Control Hosted in JBOSS, How do i use Http Basic Authentication with "embed" or "object" tags?

Question

So we have three FLEX controls hosted within a JBOSS server instance, and an IIS (MVC) application which has pages that have the object (and embed) tags to render the controls. We are wanting to setup HTTP basic authentication on the jboss server which is hosting other services (Solr, some custom webservices, and tika) and have figured out how to pass the credentials.

How can you send those basic http authentication credentials to a flex control in object/embed tags??

Answer 1

Be fully aware that this option is very insecure as simply viewing the HTML source will reveal the user's credentials.

First Step

If what you want is to pass credentials (demouser/demouser) to the Flash control declared inside object/embed tags during development you can modify the noscript section and several other places where you pass in flash vars using JavaScript in the html-template/index.template.html file inside your Flex builder project -

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
            id="${application}" width="${width}" height="${height}"
            codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"&gt;
            <param name="movie" value="${swf}.swf" />
            <param name="quality" value="high" />
            <param name="bgcolor" value="${bgcolor}" />
            <param name="allowScriptAccess" value="sameDomain" />
            <param name="http_user" value="demouser" />
                    <param name="http_password" value="demouser" />
            <embed src="${swf}.swf" quality="high" bgcolor="${bgcolor}"
                width="${width}" height="${height}" name="${application}" align="middle"
                play="true"
                loop="false"
                quality="high"
                allowScriptAccess="sameDomain"
                type="application/x-shockwave-flash"
                flashVars="http_user=demouser&http_password=demouser"
                pluginspage="http://www.adobe.com/go/getflashplayer"&gt;
            </embed>
    </object>

When deploying you would need to wrap the generated HTML wrapper file (usually in your bin-debug/ folder in a JSP page and use scriptlets or JSTL tags to write out the credentials on a per user basis). So for instance,

flashVars="http_user=demouser&http_password=demouser"

would become

flashVars="http_user=<%=username%>&http_password=<%=password%>"

Second Step

In your Flex code, retrieve the username and password via:

import mx.core.Application;

var username:String = Application.application.parameters["http_user"];
var password:String = Application.application.parameters["http_password"];