RE: [flexcoders] Custom authentication in a destination

[Matt Chotin]

You definitely need the <roles> in the constraint, otherwise there’s nothing to test for.   Why are you not using the login command we provided for 5.5?  You would also need to copy the flex-tomcat-common.jar into the common/lib directory as specified in step 1, but then it should work.  The one we provide is flex.messaging.security.TomcatLoginCommand.   Matt   From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Xavi Beumala Sent: Sunday, April 16, 2006 3:30 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Custom authentication in a destination   Hi all, I'm trying to secure a remoting destination with a custom class as stated at http://livedocs.macromedia.com/labs/1/flex20beta2/00001546.html The steps I've followed are:    · Create a custom class which implements flex.messaging.security.LoginCommand with the methods start, stop, doAuthentication, doAuthorization and logout.    · Add a destination definition in flex-remoting-service.xml:     <destination id="sampleDest">         <properties>             <source>com.code4net.business.PhotoService</source>             <stateful>true</stateful>         </properties>                 <security>             <security-constraint ref="sample-users" />         </security>     </destination>   · Add a security definition tag in flex-enterprise-service.xml:     <security>         <security-constraint id="sample-users">             <auth-method>Custom</auth-method>         </security-constraint>         <login-command class="com.code4net.loginModules.CustomLogin" server="Tomcat"/>     </security>    · Place flex-tomcat-server.jar in server/lib (NOT shared/lib) (as stated in <fes_install_dir>/resources/security/tomcat/readme.txt      (I'm running tomcat 5.5)    · Copy context.xml in web application under the META-INF directory The problem is that with this configuration the destination isn't being secured and I can execute services on it normally. If I add a <roles> tag inside the security-constraint then I receive a security-exception eventhough I'm invoking setCredentials and setRemoteCredentials from the clientSide (using default users and roles defined in tomcat-users.xml). On the other hand if I run tomcat in debug mode from eclipse, any of the methods of CustomLogin class are invoked. I think I'm missing the way to bind CustomLogin class to my sampleDest destination. I'm missing something? Help is much apreciated X.   -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:  [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.