Did anyone ever patch that issue I found with model glue and the bean factory? I don’t remember if I have check the code since I found that issue or not..
- Derek From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Scott Sent: Friday, April 20, 2007 6:24 AM To: [email protected] Subject: [coldspring-dev] Securing Remote Proxy Beans The Remote Proxy Bean is AOP based. You can take any existing advice class and just drop it in in the interceptor names just like ProxyFactoryBean. RemoteProxyBean does set the return type on the methods it creates to ANY. So, you could either throw an exception (which way or may not be viewed as a good idea) or, perform your security in an around advice and return a security error message, as you would in a rest style response. One thing have thought quiet a bit about is creating base Responder objects in Flex which could either provide a default onFault (if we are throwing exceptions) or a method to check for the failed authentication. There are many ways to deal with the actual authentication / securityimplementation be it session or cflogin, but basically, you should be able to easily get the same functionality as you would with adding the roles attribute to your method. As an aside, the security framework I have worked on for coldspring doesoptionally use function metadata... C Chris Scott [EMAIL PROTECTED] http://cdscott.blogspot.com/ http://www.coldspringframework.org/ On Apr 20, 2007, at 3:54 AM, Sean Corfield wrote: On 1/5/07, Derek Perez <[EMAIL PROTECTED]> wrote: I am messing with coldspring and creating an application that is going to make use of the remote proxy beans, but I am slightly worried about having exposed remote services that aren't secured in any way. This is why I have always written remote facades by hand - I don't think you can just take a service layer and create a remote copy and have it solve the problem. Now, having said that, I made some similar off-handed comment about ColdSpring's remote proxy mechanism and got rebuked - it's more sophisticated than I seem to think apparently and, I must admit, I haven't looked at it in any great depth really. So... I'll be interested to see reponses in this thread... but my gut says that hand-coded remote facades are the way to go (especially since I tend toward REST rather than SOAP these days). -- Sean A Corfield -- (904) 302-SEAN An Architect's View -- http://corfield.org/ "If you're not annoying somebody, you're not really alive." -- Margaret Atwood
image001.gif
Description: GIF image
