RE: [flexcoders] Authentication with Macromedia Flex

[allister_dickson]

Hi Dimitrios,   From reading through your earlier posts I get the impression that you are using a two methods to authenticate users. Initially, you authenticate the user using standard J2EE form based authentication. Then when using a service if you receive an authentication fault you use a flex popup window to re authenticate. Is this correct?    Also, if you get a session time out do you resubmit the original service request after re-authentication? If so, what is the best way to generically resubmit the request?   Regards,   Allister   ----- Original Message ----- From: Dimitrios Gianninas To: flexcoders@yahoogroups.com Sent: Monday, October 10, 2005 12:59 AM Subject: RE: [flexcoders] Authentication with Macromedia Flex I put theh handling of the failed authentication directly in the Services.mxml... simple and works.   <mx:Script> function handleRemoteFault( event ):Void {     if( event.fault.faultcode == "Client.Authentication" || event.fault.faultcode == "401" ) {         // do whatever you want here, its a free country     }     else {         event.call.faultHandler( event );     } } </mx:Script>     Dimitrios "Jimmy" Gianninas RIA Developer Optimal Payments Inc.   From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Friday, October 07, 2005 9:53 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Authentication with Macromedia Flex so, I got auth working using the approach you mentioned CallbackHandler handler = new SimpleCallbackHandler( userName, password );      Subject subject = Authentication.login( handler );      ServletAuthentication.runAs( subject, httpRequest ); silightly different looking under JRun of course.  Now, I'm horribly stuck on getting the roles of the user after logging in.  I have set up Roles under teh JMC, JRuns instance manager.  I tested it all with BASIC auth, so I know the autentication and authorisation are working.  I've been working all week on getting the roles for the user after authenticating and can't find squat of an example.  Any hints perhaps? On a similar note...  Using service.setUserNamePassword() in Flex I know it will authenticate a user, does it also authorise the user by gathering up the roles defined in the containers JAAS config? and one more concerning cairingrom....  to use service.setUserNamePassword()  effectively, it appears you would need to modify the onfault event of a service in services.mxml file to check for a failed authentication.  If not here then every command using the service would need this check, eh?  What other way can this be done possibly?  Create a AuthCommand abstract class to extend or something? DK On 10/7/05, Dimitrios Gianninas <[EMAIL PROTECTED]> wrote: Ah yes about accessing the session, I read that article as well. I plan to change this in the future, just haven't gotten there yet.   Dimitrios "Jimmy" Gianninas RIA Developer Optimal Payments Inc.   From: flexcoders@yahoogroups.com [mailto:flexcoders@yahoogroups.com] On Behalf Of Douglas Knudsen Sent: Thursday, October 06, 2005 3:54 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Authentication with Macromedia Flex http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=9636f34e&pss=rss_flex_9636f34e there. Thanks for the hint about using JAAS via CallBackHandler, etc in th eother thread...I have not got it working 100% on JRun yet...but still banging away at it. DK On 9/26/05, Dimitrios Gianninas <[EMAIL PROTECTED]> wrote: Where did you hear that it was not the approach to take? We have it working this way for one of our projects.   Yes, when you user source="servlet", you must configure the source attribute in the remote-objects section of the flex-config.xml. You have to set it to the name of your context. So if your web application context is "localhost:8080/batman", then you must set:   <source>batman</source>   or for no security at all (don't do this in production):   <source>*</source>   Dimitrios "Jimmy" Gianninas RIA Developer Optimal Payments Inc.   From: flexcoders@yahoogroups.com [mailto: flexcoders@yahoogroups.com] On Behalf Of Douglas Knudsen Sent: Sunday, September 25, 2005 9:51 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Authentication with Macromedia Flex I was under the impression this was not the approach to take in 1.5.  IIRC, when messing with source= "servlet" I had to add some info to the flex.config file.  Can you comment on this?  Just curious as there seems to be so many ways to do this. DK On 9/24/05, Dimitrios Gianninas <[EMAIL PROTECTED] > wrote: Ok here is how to do this.   Basically you will have a login.jsp page that will authenticate the user using FORM authentication. Once the user has logged in successfully, then you must retrieve the user information from your DB and save it to the session, this might look something like this:   UserVO user = userAdmin.getUser( userName ); session.setAttribute( "user", userLogin );   Now that the user object is in the session, once the Flex app loads, you can retrieve it from the session and make use of it as you please. First you must declare a RO that will connect with the current session:   <mx:RemoteObject id="sessionSvlt" source="servlet" result= "handleSessionResult( event.result)" fault= "handleSessionFault(event)" showBusyCursor="true" /> And then you get the object from the session like so: sessionSvlt.session( "get", "user" );    Dimitrios "Jimmy" Gianninas RIA Developer Optimal Payments Inc.   From: flexcoders@yahoogroups.com [mailto: flexcoders@yahoogroups.com] On Behalf Of jagabcdeff Sent: Friday, September 23, 2005 7:08 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Authentication with Macromedia Flex Hi all, I working on small application. The flow is like Macromedia Flex<->Spring<->Hibernate<->DB using Jboss Server. Now i have to use JAAS to this application. Please guide me how to do authentication when user login with username and password . Thanks & Regards, Jagan -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:   [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:   [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:   [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:  [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.