Here are snippets from my Flex code, and my Acegi configuration. If
you notice, what we did, was set up Acegi, so it's successful and
unsucessful authentication url's point to XML documents that contains
the result of the login.
Point your http service to the acegi entry point
<mx:HTTPService
id="loginService"
url="{InsightConfigurator.rootUrl}/loginCheck"
showBusyCursor="true"
result="loginServiceResultHandler()">
<mx:request>
<j_username>{userName.text}</j_username>
<j_password>{password.text}</j_password>
</mx:request>
</mx:HTTPService>
//check the result of xml that acegi returns
private function loginServiceResultHandler() : void
{
if(loginService.lastResult.status == "LOGGEDIN")
{
//user logged in
}
else
{
// failed to log in
}
}
Here is my Acegi file (a couple modifications):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<beans>
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="sunbridgeAcegiDAO"
class="com.sunbridgecapital.security.acegi.SunbridgeAcegiDAOImp">
<property name="userDAO">
<ref bean="userDAO"/>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref local="sunbridgeAcegiDAO" />
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/UnSecure/xml/UnSuccessfulLoginResponse.xml</value>
</property>
<property name="defaultTargetUrl">
<value>/Secure/xml/SuccessfulLoginResponse.xml</value>
</property>
<property name="filterProcessesUrl">
<value>/loginCheck</value>
</property>
</bean>
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/**=ROLE_USER
</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"><ref
local="authenticationProcessingFilterEntryPoint"/></property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl"><value>/login.htm</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
<bean id="accessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property
name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
</beans>
--- In flexcoders@yahoogroups.com, "flxcoder" <[EMAIL PROTECTED]> wrote:
>
> I am sorry but can you go to the 101 level with this one, I am not
> very up to speed with acegi, just to the point of getting it working.
>
> Ok, in my previous jsp based project we did this
>
> <bean id="authenticationProcessingFilter"
> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
> <property name="authenticationManager"><ref
> bean="authenticationManager"/></property>
> <property name="authenticationFailureUrl"><value>/
> acegilogin.jsp?login_error=1</value></property>
> <property name="defaultTargetUrl"><value>/</value></property>
> <property name="filterProcessesUrl"><value>/
> j_acegi_security_check</value></property>
> </bean>
>
> <bean id="authenticationProcessingFilterEntryPoint"
>
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> <property name="loginFormUrl"><value>/acegilogin.jsp</value></
> property>
> <property name="forceHttps"><value>false</value></property>
> </bean>
>
> where /*.htm was to have the ROLE_USER. now its the same with flex, I
> use the same format httpservice urls, so the authentication/
> authorization roles are similar, if the authentication object is not
> created, make sure the person logs in.
>
> in the xml fragment above, say i have my main app at mainapp.htm
> which holds the mainapp.swf, so is this what i am to do
>
> <property name="loginFormUrl"><value>/mainapp.htm</value></property>
>
> and in the
> <property name="authenticationFailureUrl"><value>/mainapp.htm</
> value></property>
>
> is this something similar to what you have done. could you possibly
> paste your xml config-security.xml fragments.
>
> sorry for the long-winded email, but since you have already done
> this, it will save me time and avoid going to the springframework
> forums.
>
> Thanks .
>
>
> --- In flexcoders@yahoogroups.com, "Allen Riddle" <ariddle@> wrote:
> >
> > We are using that exact combination. Nothing special had to be
> done. We
> > just have Flex use an HttpService to log in (point's to your Acegi
> > authentication endpoint), and Flex then uses the cookie that's
> returned.
> > After that, all SOAP calls are secured by Acegi. If you're wanting
> to
> > use Acegi to try to secure you're actual SWF files, then you'd just
> need
> > to put the url pattern of the .swf in the Aecegi configuration, so
> it
> > will secure it.
> >
> >
> >
> > ________________________________
> >
> > From: flexcoders@yahoogroups.com
> [mailto:[EMAIL PROTECTED] On
> > Behalf Of flxcoder
> > Sent: Monday, July 24, 2006 10:08 AM
> > To: flexcoders@yahoogroups.com
> > Subject: [flexcoders] Re: Acegi/Spring/Flex authentication
> >
> >
> >
> > Any tips here? Is it possible to use acegi with Flex?
> >
> > Thanks.
> >
> > --- In flexcoders@yahoogroups.com
> <mailto:flexcoders%40yahoogroups.com>
> > , "flxcoder" <flxcoder@> wrote:
> > >
> > > Hi all.
> > >
> > > Maybe not a flex question but relevant.
> > >
> > > I am trying to authenticate flex into my middle tier by using
> > acegi.
> > > I am moderately familiar with acegi and the saying goes that the
> > > filter checks the entry point as
> > >
> > > <bean id="authenticationProcessingFilterEntryPoint"
> > >
> >
> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPo
> > int">
> > > <property name="loginFormUrl"><value>/acegilogin.jsp</value></
> > > property>
> > > <property name="forceHttps"><value>false</value></property>
> > > </bean>
> > >
> > > Question is then, has anyone integrated acegi with flex because
> in
> > > the above case maybe the loginFormUrl can be /acegiLogin.jsp
> where
> > > the jsp holds the main swf for flex.
> > >
> > > Looking for tips on where to start and where to head off with the
> > > integration.
> > >
> > > Thanks.
> > >
> >
>
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
