I was wondering if anyone knows exactly when the AcegiLoginCommand class gets processes. Does it get processed once when you create a DataService object, or does it get processed every time an RTMP request is made?
--- In flexcoders@yahoogroups.com, "Geoffrey" <[EMAIL PROTECTED]> wrote: > > One last thing I had to do to get it to work. I added > "-Dacegi.security.strategy=MODE_INHERITABLETHREADLOCAL" to my Tomcat > JVM arguments. Otherwise, setting and getting the Authentication > object was accessing different instances of some security object. > > ~Geoff > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote: > > > > I seem to have got it working. Thanks for your help jahhaj12345! > > > > What I ended up doing was to create a custom LoginCommand class. I > > used the one from here: > > http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made > > two changes shown below: > > > > //The name of our Acegi configuration file. > > private static String[] CONFIG_LOCATIONS = > > {"classpath:security-context.xml"}; > > > > //"ldapAuthenticationProvider" is from our Acegi config file, and it > > the name of the bean that is used for authentication via LDAP. > > authenticationProvider = > > > (AuthenticationProvider)applicationContext.getBean("ldapAuthenticationProvider"); > > > > > > I then updated services-config.xml and added: > > <security> > > <login-command class="com.gdais.security.AcegiLoginCommand" > > server="Tomcat"/> > > <security-constraint id="basic-read-access"> > > <auth-method>Basic</auth-method> > > <roles> > > <role>ROLE_MANAGERS</role> > > <role>ROLE_USERS</role> > > </roles> > > </security-constraint> > > </security> > > //The roles came from the Acegi config file. > > > > > > After that, I had to add the [managed] metadata tag to one of my > > ValueObjects and it all seemed to work. > > > > I'll be honest, I don't really understand why this works, it just > > does. What I mean by 'works' is that the managed collection on the > > client gets filled with data successfully. I haven't yet tested > > pushing new entries to that managed collection after the initial fill. > > > > > > I hope this post helps someone else. > > > > ~Geoff > > > > --- In flexcoders@yahoogroups.com, "jahhaj12345" <halvorsonj@> wrote: > > > > > > I don't know of a way to just authenticate the client. From > everything > > > I've read, you have to authenticate the HTTP and RTMP sessions > > > individually. For my application, I had to create my own LoginCommand > > > to handle the flex RTMP authentication. > > > > > > Here's my understanding of how it's working for me: > > > > > > 1. On my client, I get the channelset to use and then call > > > channelSet.login(username, password). You could also call the > > > setCredentials on the actual DataService the same way, but my services > > > are all created at runtime on the server instead of being statically > > > defined in services-config.xml. > > > > > > 2. That channelSet (or dataservice) from above authenticates > through the > > > login-command configured in services-config.xml. This is where the > > > custom LoginCommand I created is configured. The doAuthentication > > > function of LoginCommand is as follows: > > > > > > public Principal doAuthentication(String username, Object > > > credentials) { > > > Authentication auth = authenticationProvider.authenticate(new > > > UsernamePasswordAuthenticationToken(username, credentials)); // > > > authenticationProvider is a spring security DaoAuthenticationProvider > > > > > > SecurityContextHolder.getContext().setAuthentication(auth); > > > return auth; > > > } > > > > > > This should authenticate the RTMP session. I don't know if this > is the > > > best way, but it seems to work. > > > > > > > > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote: > > > > > > > > I'm guessing that we don't implement security the correct way > (or the > > > > best way) right now. Currently, I have a login State that takes the > > > > username and password and makes an HTTPService call to the JSP page > > > > that does user authentication. If that comes back successfully, > then > > > > I change State to the main application. > > > > > > > > That seems to take care of all of the HTTP requests, but the RTMP > > > > requests obviously fail (or else I wouldn't be here ;-)). > > > > > > > > I read the docs about using LoginCommand, but I didn't see how that > > > > ties into Acegi. > > > > > > > > I'm wondering if you can authenticate the Flex client, and not just > > > > the session. If so, wouldn't the sessions (HTTP and RTMP) also be > > > > authenticated since they fall under the FlexClient object? Just a > > > > thought. > > > > > > > > Geoff > > > > > > > > --- In flexcoders@yahoogroups.com, "jahhaj12345" halvorsonj@ wrote: > > > > > > > > > > I'm having the same problems you are. I've been through several > > > > > options but haven't found one that's acceptable from a security > > > point > > > > > of view if you are trying to use the rememberme functionality. > > > > > > > > > > To get it working without rememberme, provide a login form > from your > > > > > flex application and once authenticated using form login, use that > > > > > username/password combination for the RTMP's ChannelSet login. > And > > > > > depending on how you handle authentication on your end, you > may need > > > > > to provide your own LoginCommand and UserDetailsService. I've > done > > > > > both of these and it works. > > > > > > > > > > Does anyone out there have a way to get rememberme working for > RTMP? > > > > > I know the problem is cause by the RTMPFlexSession being > outside the > > > > > HTTPSession. Is there anyway to sync these up? Or is there > anyway > > > to > > > > > do a single sign-on with RTMP? > > > > > > > > > > Jason > > > > > > > > > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote: > > > > > > > > > > > > I've looked around the net and haven't found anything helpful. > > > Any > > > > > suggestions would be > > > > > > great. > > > > > > > > > > > > Thanks, > > > > > > Geoff > > > > > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote: > > > > > > > > > > > > > > I'm wondering if anyone out there has implemented > LiveCycle Data > > > > > > > Services using Spring Security as their security layer? > > > > > > > > > > > > > > I'm having issues with RTMP communications between > > > server/client, > > > > > > > meaning I'm not getting any. I've modified our existing Java > > > > delegate > > > > > > > to ast as the Assembler for a managed collection. When the > > > > > > > Assembler's fill() method gets called, it tries to > retrieve the > > > > > > > desired information from our Service class. I get an > > > > > > > AuthenticationCredentialsNotFoundException as seen below: > > > > > > > > > > > > > > <error snippet> > > > > > > > > org.acegisecurity.AuthenticationCredentialsNotFoundException: An > > > > > > > Authentication object was not found in the SecurityContext > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFo\ > > > und(AbstractSecuri > > > > > > tyInterceptor.java:339) > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation\ > > > (AbstractSecurityIn > > > > > > terceptor.java:254) > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor\ > > > .invoke(MethodS > > > > > > ecurityInterceptor.java:63) > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Ref\ > > > lectiveMetho > > > > > > dInvocation.java:161) > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedIntercept\ > > > or.intercep > > > > > > t(Cglib2AopProxy.java:630) > > > > > > > ... > > > > > > > </error snippet> > > > > > > > > > > > > > > I think it's because the HTTPFlexSession is authenticated, but > > > the > > > > > > > RTMPFlexSession operates outside the context. I don't > know how > > > to > > > > > > > make it authenticated, or to authenticate the client so > that all > > > > > > > sessions have valid credentials. > > > > > > > > > > > > > > Any suggestions would be appreciated. > > > > > > > > > > > > > > ~Geoff > > > > > > > > > > > > > > > > > > > > > > > > > > > >