Hello Seth, I had not bumped across any of this so thanks! I will have a look and hopefully -NOT- let you know (ie it will work :-)
Thanks again, Fotis On Wed, Nov 26, 2008 at 2:26 AM, Seth Hodgson <[EMAIL PROTECTED]> wrote: > Hi Fotis, > > The client library caches credentials in order to support seamless fallback > through channels in your ChannelSet that preserves your desired > authenticated identity both at connect time, as well as for automatic > failover across peer servers in a cluster at any point after you've > initially connected. > > However, when you use a simple AMF channel, where we don't know your > session (connection) has timed out until a remoting call is made but fails > due to an auth constraint check, we didn't originally handle that scenario > seamlessly. Now we do, when you turn on the config flag I mentioned below, > and it applies to remoting calls, producer messages sends, DMS operations, > etc. (basically, any outbound message that fails in processing due to an > auth fault when you were previously successfully authenticated). > > In order for this to work though, you'd need to be logging in from within > the Flex app so that it has access to your creds. > We provide server-side LoginCommand impls for supported app servers that > plug into their various custom authentication layers and that's what Flex > login requests are processed by, but we don't ship an official > AcegiLoginCommand currently. I think folks in the community have implemented > that though, so try Googling for it, or perhaps someone else who's written > one will post a link? > > There's more detail here: > http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/lcds/help.html?content=services_security_2.html > > And here: > http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/lcds/help.html?content=services_security_5.html#348164 > > Best, > Seth > > From: [email protected] <flexcoders%40yahoogroups.com> [mailto: > [email protected] <flexcoders%40yahoogroups.com>] On Behalf Of > Fotis Chatzinikos > Sent: Tuesday, November 25, 2008 3:46 PM > To: [email protected] <flexcoders%40yahoogroups.com> > Subject: Re: [flexcoders] BlazeDS - Best practice for determining if server > session is invalid. > > > Hi Seth, > > the following line looks quite promising: > > >>It should handle this case seamlessly, removing the need to re-prompt the > user with a login dialog. > > Can you elaborate a bit? > > How is that possible? > > In my case I use spring-acegi to login, prior to the flash component, but > if there is another way - ie via a flash login box and automatic > re-authentication i would love a pointer on how to do it... > > Thanks, > Fotis > On Tue, Nov 25, 2008 at 11:15 PM, Seth Hodgson <[EMAIL > PROTECTED]<shodgson%40adobe.com>> > wrote: > Hi, > > In your services-config.xml file, within the <properties> for the > channel/endpoint you app is using to issue remoting calls to the server, try > turning on the following config option: > > <!-- Optional. Default is false. Setting this flag to true will cause > clients > to automatically attempt to re-authenticate themselves with the server when > they send a message that fails because credentials have been reset due to > server > session timeout. The failed message will be resent after re-authentication > making the > session timeout transparent to the client with respect to authentication. > --> > <login-after-disconnect>true</login-after-disconnect> > > This is also exposed as the 'loginAfterDisconnect' property on Channel, if > you're building your channels and ChannelSet directly in ActionScript. > > It should handle this case seamlessly, removing the need to re-prompt the > user with a login dialog. > If you really want to reprompt the user, in your fault handler for your > RemoteObject calls, you could watch for faults with an underlying > ErrorMessage with a faultCode of "Client.Authentication" and use that to > trigger transition back to your login view. > > The reason that the authenticated property doesn't change on the client is > that there's no way guaranteed way for the server to notify the client when > the session times out. So, it's not until you send your next request to the > server that we discover that. > > Best, > Seth > > From: [email protected] <flexcoders%40yahoogroups.com> [mailto: > [email protected] <flexcoders%40yahoogroups.com>] On Behalf Of > rydellfinn > Sent: Wednesday, November 05, 2008 6:15 PM > To: [email protected] <flexcoders%40yahoogroups.com> > Subject: [flexcoders] BlazeDS - Best practice for determining if server > session is invalid. > > Currently I am running BlazeDS on Tomcat, and I have a flex client > that is authenticating against a set of Remote Objects using > channelset.login(). > > As expected, if I walk away from the client for 30 minutes, the Tomcat > server invalidates the session, which of course effectively logs out > the client. > > What I would like to happen is when the server invalidates the > session, the client is returned to the login page. I can think of > different ways to accomplish this, but I was wondering if there is an > established pattern for this? > > I tried creating a timer on the client to check if the authenticated > property on the channelset was false. But I noticed that the > authenticated property never changed, even after the session invalidated. > > I'm tempted to do the same thing on the server, but instead check to > see if the session is valid, and throw an error if not. > > But I thought I'd check here first! > > Thanks in advance! > > -- > Fotis Chatzinikos, Ph.D. > Founder, > Phinnovation > [EMAIL PROTECTED] <Fotis.Chatzinikos%40gmail.com>, > > > -- Fotis Chatzinikos, Ph.D. Founder, Phinnovation [EMAIL PROTECTED],
