Hi there, You can use headers on SOAP, take a look at http://livedocs.macromedia.com/flex/2/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00001158.html
I'm using that in an application and works fine. You can also use https for the login. Diego. On Mon, 27 Nov 2006 11:19:48 +1300, Sebastian Zarzycki <[EMAIL PROTECTED]> wrote: > Tom Chiverton wrote: >>> means that I have to add this token parameter to *every* >>> webservice method. This is not acceptable, as I want (in fact, my >>> customer wants) my services to be free of such things. Authorization >>> should be transparent (but flexible). Then again I could have one big >>> thing, ServiceLocator or something like that, so that >>> >> >> It can't be transparent and work. >> Somewhere along the line (no matter if HTTP basic or digest, token >> based, ...) >> your client will have to do something. >> > > Maybe I put myself wrong. What I thought of is to have some kind of > proxy layer, managing ws authorization. > WS-Security standard and my serverside (xfire) provides something like > that (attaching filters to webservices, that are launched before actual > webservice method, checking credentials and so on). But I don't have > such thing (pack SOAP call into WS-Security standard) in client - and I > miss that. By "transparent" I mean, that my actual webservice method > looks as its just POJO, so, let's say "getObjectByID(int id)" does not > translate into something like "getObjectByID(Token token, int id)". > I'm just asking about how much control do I have about what Flex sends > (with SOAP) to actual webservice? Can I put additional things into soap > body/header? Could webservice AS3 class be extended to allow that? > > > Dave Wolf wrote : > >> >> What is wrong with standard J2EE security constraints? Place a >> security constraint on the URI of the web service. You can then use >> either FORM or BASIC auth for your Flex application as a whole an the >> web service calls will inherit those credentials. > > Could you explain this a bit more? I'm afraid, I don't know what you are > suggesting. > > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/flexcoders/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
