tags:

views:

23

answers:

1
Q: 

What's different when implementing Flex authentication/authorization in a clustered environment?

Are there any differences implementing Flex application security in a clustered Java environment (such as Oracle Application Server/OC4J or a JBoss cluster) vs a single application server environment? (And/or does it depend on the specific environment software?)

What considerations are there in a situation where you need to authenticate with LDAP (AD) and store user access information in a database (ex. USER table containing username + permissions/roles info)?

Are sessions shared across nodes with no issues? Any differences between Blaze DS and Granite DS?

+1  A: 

Yes, Blaze DS is a pain when it comes to clustering full stop. LCDS isn't much better, but it at least has more support for clustering (with the downside of being ridiculously expensive).

The problem is the JSESSIONID which the instance uses to identify the Flex client that's making the call. The associated Flex Session object isn't shared in the cluster by default, and IIRC, BlazeDS doesn't have any option for sharing, while LCDS has limited options... Sticky Sessions or port broadcasting.

I can't speak for any of the Open Source options, but clustering support is usually the purview of paid-for solutions...

Gregor Kiddie  2010-09-28 13:33:36
So what are you saying? Flex sessions aren't shared at all, so Flex 'data services' aren't compatible with clustered environments out of the box? I'm thinking a good solution would be using Apache Shiro, which basically takes container based sessions out of the picture and doesn't care what type of "client" you have.
Crusader  2010-09-30 02:21:43
I've never managed it with BlazeDS, I'm not sure its actually possible. LCDS its doable but you have to make some compromises with your clustering setup. GraniteDS, et al, I have no idea.
Gregor Kiddie  2010-09-30 07:05:36
It's rather scary that there seems to be little anyone has to say about this topic in the Flex/Java community, anywhere. This response is the first real one I've ever seen on the topic, so kudos for that, but I do wish there was some more info out there on the subject.
Crusader  2010-10-03 23:50:09

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.