I'm honestly very surprised that this hasn't been brought up before (or
maybe it has and i need to practice my searching skills). I am
attempting to implement custom authentication into my flex applicaiton
which is based on cairngorm. I would like to hear what others have to
say about my idea for an implementation.
I added an abstract SecureCommand class which implements Responder.
In the onFault method, I check for "Client.Authentication" or
"Client.Authorization" in the event.fault.faultcode property. If found,
I use the EventBroadcaster to broadcast an EVENT_SHOW_LOGON_WINDOW event
using the original event as the EVENT_SHOW_LOGON_WINDOW's event data in
the broadcastEvent method.
In the onResult method, I simply broadcast an EVENT_HIDE_LOGON_WINDOW
event to hide the window since we are authenticated if we reach this
point. Note that this is a preference. You could destroy the LogonWindow
after submitting the logon form, but I prefer the user see an
indeterminate progress bar instead of a blank screen.
Any command which accesses secured remote objects must extend
SecureCommand.
My ShowLogonWindowCommand accesses the showLogonWindow() method of my
SecureDelegate which creates the LogonWindow using the PopUpManager's
createPopUp() method.
The showLogonWindow() method of SecurityDelegate takes one argument: the
original Event. So while calling that method from
ShowLogonWindowCommand, I pass a reference to the original Event object
with it. in the showLogonWindow() method of my SecurityDelegate, I pass
a reference of the original event to the LogonWindow
(logonWindow.logonWindowViewHelper.originalEvent = event).
At this point the LogonWindow has a reference to the username, password
and a reference to the original event. from here, when the logon button
is pressed, the LogonWindowViewHelper broadcasts an EVENT_LOGON event
which triggers the LogonCommand to execute. The LogonCommand's execute
method accesses the setUsernamePassword() method of the
SecurityDelegate.
The setUsernamePassword() method of the SecurityDelegate sets the
username and password properties of my own extended ServiceLocator:
SecureServiceLocator. I use SecureServiceLocator in my application's
mxml files just like the ServiceLocator. I all my secure RemoteObjects
in there.
My SecureServiceLocator overrides cairngorm's ServiceLocator's
getService() method. Inside SecureServiceLocator's getService() method,
I call super's getService() to obtain a reference to the service. At
this point, I call the setUsernamePassword() method of the service with
the username and password of the SecureServiceLocator which was set
inside of the SecurityDelegate's setUsernamePassword() method.
Phew... I hope at least some of you got through this post and understand
me. So what do you think? The only part of this implementation that I do
not like is that the setUsernamePassword() method of the RemoteObject is
called everytime SecureServiceLocator.getService() method is called.
Todd Boland
Charged Software
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
