What is wrong with standard J2EE security constraints? Place a security constraint on the URI of the web service. You can then use either FORM or BASIC auth for your Flex application as a whole an the web service calls will inherit those credentials.
-- Dave Wolf Cynergy Systems, Inc. Adobe Flex Alliance Partner http://www.cynergysystems.com http://www.cynergysystems.com/blogs Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In [email protected], Sebastian Zarzycki <[EMAIL PROTECTED]> wrote: > > What kind of standards does Flex2 web services implementation support? > Which version of Soap, any WS- Standards? > > I'm trying to solve basic problem of securing access to my webservice on > server. I would like to use WS-Security standard, > but I'm afraid, there's no way for Flex to send proper request? Simple > webservice support in Flex may be not enough in the future... > Is this a matter of just writing some additional AS3 classes to extend > WS, or the internal flash/flex design? > > How to solve such problem then? What is your solution? Most obvious one > that comes to my mind is to ask server for login, > server generates token for client, and client uses his token. But this > means that I have to add this token parameter to *every* > webservice method. This is not acceptable, as I want (in fact, my > customer wants) my services to be free of such things. Authorization > should be transparent (but flexible). Then again I could have one big > thing, ServiceLocator or something like that, so that > every client request will point to this one (so authorization is in one > place), with real service name as parameter. This is even > harder to implement. > > So, any ideas? > > -- > | Sebastian Zarzycki / rat[tkin] >
