Hello, I'm trying to setup a scenario where calls to an HTTPService can be authenticated using Digest or Basic authentication where the backend is a JEE container managed security. After much research on the web and on this list I've decided to simply ask the question - is robust security available within Flex without using the Live Cycle Data Server?
Peter Farland in this thread - (RE: [flexcoders] WebService Basic Authentication over HTTPS?) states: "Despite what the ASDoc say, WebService.setCredentials() is only for authenticating with LCDS (nee FDS) itself when making use of a destination registered with the Proxy Service. WebService.setRemoteCredentials() is only for LCDS too, it's what is used by the Proxy Service to handle any HTTP Basic Authentication challenges while contacting the 3rd party endpoint." This statement leads me to conclude that security/authentication aspects of the Flex HTTPService has been designed to require the Adobe LCDS server and Flex API options haven't been provided which allow for flexible and robust security where you Our goal is to be able to make use of the standard JEE security model without the LCDS dependency. Regards, Steve
