I had presented a similar question a few days ago regarding Flex and CF7 which runs on j2EE.
I can share with you what I know, but I am also looking to learn more about security with Remoting, myself.
You should be able to attach setCredentials to your Remote Call. I know setCredentials is configurable with CFLogin, which compiled down to Java on J2ee.
Searching the Macromedia site for CFLogin and setCredentials should yield some additional information. Also, from my recollection, you will want to check permissions on each request before passing back data. Within Flex, you could check permissions on the result to see if permissions have changed.
More info here: http://livedocs.macromedia.com/flex/15/flex_docs_en/wwhelp/wwhimpl/js/html/wwhelp.htm?href=""
Also, the carbonFive project will have more information in depth for remoting and Java:
http://carbonfive.sourceforge.net/flashgatekeeper/api/com/carbonfive/flashgateway/security/package-summary.html
Dave
On 5/17/05, Leif Wells <[EMAIL PROTECTED]> wrote:
Here's the deal. I have a client putting together a (fairly large) Flex application; actually the company that I work for is putting together the Flex portion and the client and another vendor is putting together the J2EE back-end.
So they come to me and say "How are we handling logging in a user. Are we using cookies?"
What we've done in the past with Flash (sorry. I know that's a dirty word here) is have the user log in and have the server pass back a user object that contains (among other things) a role. If the server doesn't pass the user object, then they get the login screen again. If the user is logged in, they see screens/forms per what level their role is set. The security on this new application is going to need to be a bit more strict.
My problem is this: I am NOT a full-time J2EE developer and the people who are asking these questions are very experienced J2EE developers. Every time I attempt to explain to them how we should handle user log in I appearently am not using the correct words. Can someone either point me to a document that explains how user log in would normally would be handled with Flex in a J2EE environment? Or give it to me is easy to understand language so I can relieve these guys' (and my) stress? Is there a best practice for handling user login in a secure application?
Also, they threw me a curve today: "How do we handle it if a user's role is demoted or promoted in the middle of a session? Can we immediately change what they see on-screen? Or can we immediately have them log off?" Any thoughts?
Leif
http://www.leifwells.com
Yahoo! Groups Links
- To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Yahoo! Groups Links
- To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
