He's actually not suggesting either. He's suggesting creating a test JSP that returns the user principal objec to verify that the JSP is within an authenticated session.
<%=request.getUserPrincipal().getName()%> It looks like you're going through a proxy which is using another "session". As I mentioned earlier, there are issues with the proxy and forwarding credentials from an existing session. Our context was the use of web services but this could very well be what you're seeing as well. Carson ____________________________________________ Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jim Schneider Sent: Wednesday, February 15, 2006 8:49 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: setUsernamePassword and J2EE login (bounce) Thanks for the responses. Sorry for my ignorance, but are you suggesting that the JSP simulate a login (invoking the loginContext/loginModule)? Or are you suggesting that the JSP set the UserPrincipal in the HTTP request (although I don't see a setter in the request interface API, which makes me wonder how JAAS injects the UserPrincipal into the request, but I can probably find that somewhere). To answer Matt's questions, no, I'm not sure JAAS successfully stores the principal, yes, the login module is being called, but I'll look at it more closely. Thanks again, Jim ------------------------------------------------- Jim Schneider EyeCodeRight, LLC 1-877-370-6906 1-612-605-5399 -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wolf Sent: Wednesday, February 15, 2006 8:37 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: setUsernamePassword and J2EE login (bounce) We have, as Carson mentioned, definately seen issues where the j_session_id is not properly propogated through the proxy. I would want to see, as Matt alludes to, do the credentials get propogated when we take the proxy out of the picture. I would create a simple JSP page which itself returns the UserPrincipal. Call that JSP from within your Flex app and read the value. -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, "Matt Chotin" <[EMAIL PROTECTED]> wrote: > > You sure that JAAS successfully stores the Principal back in the user > request? If you did something similar via JSP would everything come > through correctly? I haven't played with JBoss but WebSphere for > example failed to store the authenticated principal in the request even > when I went through JAAS to login my user in. You traced to see that > your login module is called? > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jim Schneider > Sent: Tuesday, February 14, 2006 2:12 PM > To: flexcoders@yahoogroups.com > Subject: FW: [flexcoders] setUsernamePassword and J2EE login (bounce) > > > > No one has any thoughts/ideas on this? > > > > ------------------------------------------------- > > Jim Schneider > > KJ Interactive, Inc. > > 1-877-370-6906 > > 1-612-605-5399 > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jim Schneider > Sent: Saturday, February 04, 2006 12:01 PM > To: flexcoders@yahoogroups.com > Subject: RE: [flexcoders] setUsernamePassword and J2EE login > > > > I finally got back to looking at this. I Instrumented my code to look at > flashgateway.Gateway.getHttpRequest().getRemotePrincipal() and > getRemoteUser(). RemoteUser is empty and remote principal is null. I > see the userid/password credentials in the amf trace from the client > (setting UsernamePassword on the service), but nothing in the service. > > > > I'm using remote objects. Remote object is a spring bean. > > > > I've implemented a JAAS login module that appears to be functioning > correctly (loginContext succeeds). > > > > Using JBoss 4.0.x. > > > > Any thoughts? > > > > Thanks, > > > > Jim > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Carson Hager > Sent: Saturday, January 21, 2006 10:22 PM > To: flexcoders@yahoogroups.com > Subject: RE: [flexcoders] setUsernamePassword and J2EE login > > > > If you use standard J2EE auth to the container, you can get the remote > user provided you are not using the proxy. There is currently an issue > with the proxy not forwarding the cookie in most ( all that we've seen ) > circumstances. We have received a fix from Adobe on this that we are in > the process of testing. > > > > This being said, if you don't use the proxy, you'll be able to acccess > the user without issue from within your service implementations. Here's > the kicker. The AS2 VM doesn't not handle HTTP status code 500. It > stops parsing the HTTP response when it sees a 500 which means that you > will never be able to get at any data that occurs due to a SOAP Fault. > Per the web services spec, the container is required to return an HTTP > 500 status code when returning a fault. Effectively, you can't handle > SOAP faults when you don't use the proxy and you get that meaningless > error message that looks like it simply couldn't connect to the service. > This issue is "handled" by the proxy. It changes that HTTP status code > to 200 so that the flash player can parse the request. This is a kludge > if you ask me but that's where we are today. As a note, this is being > addressed in FP8.5 but the fix will very likely not ( according to Adobe > ) be fixed in earlier versions due to backward compatibility. > > > > > > Carson > > ____________________________________________ > > Carson Hager > Cynergy Systems, Inc. > http://www.cynergysystems.com <http://www.cynergysystems.com/> > > Email: [EMAIL PROTECTED] > Office: 866-CYNERGY > Mobile: 1.703.489.6466 > > > > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Matt Chotin > Sent: Saturday, January 21, 2006 7:37 PM > To: flexcoders@yahoogroups.com > Subject: RE: [flexcoders] setUsernamePassword and J2EE login > > I think you should be able to get it from the > flashgateway.Gateway.getHttpRequest().getRemotePrincipal() or > getRemoteUser(). > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jim Schneider > Sent: Wednesday, January 18, 2006 8:32 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] setUsernamePassword and J2EE login > > > > After calling setUsernamePassword on a service, is this information > "available" to the backend services (remote object or web service)? Or > perhaps after a J2EE/JAAS login? If so, how/where? > > > > We have a requirement to do a lot of logging of who's doing what in the > system and was wondering whether there are any alternatives to passing a > username/id with most/all APIs. > > > Thanks for any help. > > > > Jim > > > > > > > > -- > Flexcoders Mailing List > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > Search Archives: > http://www.mail-archive.com/flexcoders%40yahoogroups.com > > > > > SPONSORED LINKS > > Web site design development > <http://groups.yahoo.com/gads?t=ms&k=Web+site+design+development&w1=Web+ > site+design+development&w2=Computer+software+development&w3=Software+des > ign+and+development&w4=Macromedia+flex&w5=Software+development+best+prac > tice&c=5&s=166&.sig=L-4QTvxB_quFDtMyhrQaHQ> > > Computer software development > <http://groups.yahoo.com/gads?t=ms&k=Computer+software+development&w1=We > b+site+design+development&w2=Computer+software+development&w3=Software+d > esign+and+development&w4=Macromedia+flex&w5=Software+development+best+pr > actice&c=5&s=166&.sig=lvQjSRfQDfWudJSe1lLjHw> > > Software design and development > <http://groups.yahoo.com/gads?t=ms&k=Software+design+and+development&w1= > Web+site+design+development&w2=Computer+software+development&w3=Software > +design+and+development&w4=Macromedia+flex&w5=Software+development+best+ > practice&c=5&s=166&.sig=1pMBCdo3DsJbuU9AEmO1oQ> > > Macromedia flex > <http://groups.yahoo.com/gads?t=ms&k=Macromedia+flex&w1=Web+site+design+ > development&w2=Computer+software+development&w3=Software+design+and+deve > lopment&w4=Macromedia+flex&w5=Software+development+best+practice&c=5&s=1 > 66&.sig=OO6nPIrz7_EpZI36cYzBjw> > > Software development best practice > <http://groups.yahoo.com/gads?t=ms&k=Software+development+best+practice&; > w1=Web+site+design+development&w2=Computer+software+development&w3=Softw > are+design+and+development&w4=Macromedia+flex&w5=Software+development+be > st+practice&c=5&s=166&.sig=f89quyyulIDsnABLD6IXIw> > > > > > > ________________________________ > > YAHOO! GROUPS LINKS > > > > * Visit your group "flexcoders > <http://groups.yahoo.com/group/flexcoders> " on the web. > > * To unsubscribe from this group, send an email to: > [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of > Service <http://docs.yahoo.com/info/terms/> . > > > > ________________________________ > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
