Several web containers require more than just the session id. When using basic authentication, user name and password must be sent on each and every request. Can you verify that the headers include authorization credentials?
--- In [email protected], "Douglas Knudsen" <[EMAIL PROTECTED]> wrote: > > Carson, yes, I verified this is being sent in the headers for calls made to > the messagebroker. > > What I have found: If I remove the security node from within the > destination node in my remoting-config.xml file, I can get > FlexContext.getFlexSession().getUserPrincipal().getName() > But I can not access any roles the user is in via > FlexContext.getFlexSession().isUserInRole("reader") > > If I add the security node back within the destination node in my > remoting-config.xml file, I get nothgin but a 'server.processing' error. > Below is the security node. Note, I have confirmed these roles are in use > via a JSP. > > So, must be a config mishap somewhere, eh? > > <security> > <security-constraint> > <auth-method>Custom</auth-method> > <roles> > <role>editor</role> > <role>reader</role> > </roles> > </security-constraint> > </security> > > On 1/5/07, Carson Hager <[EMAIL PROTECTED]> wrote: > > > > I would take a look at the http request contents to make sure that the > > same jsessionid is being passed for your remoteobject calls and other http > > calls from your browser such as JSPs, Servlets, etc. You can do this with > > any number of tools/browser plugins. This is the best way to make sure that > > the communication is working as it should before digging any further. > > > > > > Carson > > > > ____________________________________________ > > > > Carson Hager > > Cynergy Systems, Inc. > > http://www.cynergysystems.com > > > > Email: [EMAIL PROTECTED] > > Office: 866-CYNERGY > > Mobile: 1.703.489.6466 > > > > > > ------------------------------ > > *From:* [email protected] [mailto:[EMAIL PROTECTED] *On > > Behalf Of *Douglas Knudsen > > *Sent:* Friday, January 05, 2007 5:57 AM > > *To:* [email protected] > > *Subject:* Re: [flexcoders] flex and j2ee session > > > > nope same context. I can drop a jsp page in and retrieve the > > userprincipal object too. > > > > DK > > > > On 1/4/07, Dimitrios Gianninas < [EMAIL PROTECTED]> > > wrote: > > > > > > > > > When the user logs in, is it under a diff context than where the flex > > > apps resides? > > > > > > Dimitrios Gianninas > > > Optimal Payments Inc. > > > > > > > > > > > > -----Original Message----- > > > From: [email protected] on behalf of Douglas Knudsen > > > Sent: Thu 1/4/2007 5:45 PM > > > To: [email protected] > > > Subject: [flexcoders] flex and j2ee session > > > > > > ok, a oft beat about topic I know. Porting a Flex 1.5 app over to 2.0. > > > Using Tomcat. Under 1.5 I got the session in a remoteobject POJO like > > > this > > > > > > flashgateway.Gateway.getHttpRequest().getUserPrincipal().getName(); > > > > > > For the new Flex 2 version I'm using > > > > > > FlexContext.getFlexSession().getUserPrincipal().getName(); > > > > > > but this is bombing out. I'm using container based security with BASIC > > > auth for development. I'm not trying to log a user in with a Flex UI, > > > user > > > is already logged in before the Flex UI comes up. > > > > > > Something I'm missing somewhere? > > > > > > > > > -- > > > Douglas Knudsen > > > http://www.cubicleman.com > > > this is my signature, like it? > > > > > > -- > > > WARNING > > > ------- > > > This electronic message and its attachments may contain confidential, > > > proprietary or legally privileged information, which is solely for the use > > > of the intended recipient. No privilege or other rights are waived by any > > > unintended transmission or unauthorized retransmission of this message. If > > > you are not the intended recipient of this message, or if you have received > > > it in error, you should immediately stop reading this message and delete it > > > and all attachments from your system. The reading, distribution, copying or > > > other use of this message or its attachments by unintended recipients is > > > unauthorized and may be unlawful. If you have received this e-mail in > > > error, please notify the sender. > > > > > > AVIS IMPORTANT > > > -------------- > > > Ce message électronique et ses pièces jointes peuvent contenir des > > > renseignements confidentiels, exclusifs ou légalement privilégiés destinés > > > au seul usage du destinataire visé. L'expéditeur original ne renonce à > > > aucun privilège ou à aucun autre droit si le présent message a été transmis > > > involontairement ou s'il est retransmis sans son autorisation. Si vous > > > n'êtes pas le destinataire visé du présent message ou si vous l'avez reçu > > > par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi > > > que toutes ses pièces jointes, de votre système. La lecture, la > > > distribution, la copie ou tout autre usage du présent message ou de ses > > > pièces jointes par des personnes autres que le destinataire visé ne sont pas > > > autorisés et pourraient être illégaux. Si vous avez reçu ce courrier > > > électronique par erreur, veuillez en aviser l'expéditeur. > > > > > > > > > > > > -- > > > Flexcoders Mailing List > > > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > > > Search Archives: > > > http://www.mail-archive.com/flexcoders%40yahoogroups.com > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > -- > > Douglas Knudsen > > http://www.cubicleman.com > > this is my signature, like it? > > > > > > > > > > -- > Douglas Knudsen > http://www.cubicleman.com > this is my signature, like it? >
