Hi Seth,
Thanks for the response but I am a bit of a dummy in this area so I need a
bit more direction.
On 11/29/06, Seth Hodgson <[EMAIL PROTECTED]> wrote:
Hi Hank,
How do you do your logins now against your account database? You're not
using general J2EE auth?
I am not live yet, but as a place holder, I just call a function called
"login" on my server. Its not tied into j2ee. I know this isnt sufficient,
hence the questions. Now when you talk about j2ee I am not sure if you are
being loose with the definition, but I am using tomcat which is a servlet
container, not a j2ee server. Does the j2ee auth machinery you are talking
about exist in tomcat? If so I am not clear on how to do this. My servlet
programming book (o'reilly) talks about the roles and accounts being defined
in xml, which is fairly useless for a database driven app. I am sure I am
missing something, but I just need a bit of a nudge in the right direction.
Role based security in FDS just wraps the existing J2EE auth machinery
provided by your app server. You can code your login UI in your Flex app and
before any calls or data exchange are permitted through a protected
destination authentication will be performed automatically using the
credentials you've specified via setCredentials().
How exactly do you create the a ui that uses this authentication? Are there
any examples anywhere? Do you make a call to some flex function that is
kinda like a remoting call? How do you get results back?
You add a security constraint to a destination like so (only users who are
members of the 'admin' role are allowed access in this case):
<destination id="...">
<security>
<security-constraint ref="admins" />
</security>
...
</destination>
The actual authentication is performed via an app server specific login
command class. FDS ships with implementations for all supported servers. The
command class to use is specified in the security section of the core config
file like so:
<security>
<login-command class="flex.messaging.security.JRunLoginCommand"
server="JRun"/>
...
I dont understand what this does. how does this class authenticate? How does
it know whether a user is valid or not. Is there some server side function
that I have to implement in order to tell the server that user x is valid?
Thanks for your help.
Hank
