Re: [flexcoders] HTTPS and Remote passwords
On Thursday 13 July 2006 18:59, Peter Farland wrote: Load your SWF from HTTPS. Ensure your channel-definition is correct (i.e. using SecureAMFEndpoint and SecureAMFChannel classes in the config and ensure https is in the endpoint url). Ensure the id of this channel is in the list of channels for your destination. Ensure you're compiling against the new configuration. Yup, got all that. Beyond this, we might need to talk off list about getting better access to your app/config/code to see what's wrong. I'll ping you a mail with out services-config, Apache config. It's just a normal Cairngorm app using RemoteObject to CF. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. Yahoo! Groups Sponsor ~-- Check out the new improvements in Yahoo! Groups email. http://us.click.yahoo.com/6pRQfA/fOaOAA/yQLSAA/nhFolB/TM ~- -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [flexcoders] HTTPS and Remote passwords
On Wednesday 12 July 2006 15:00, Tom Chiverton wrote: All right, fixed that, my bad :-) I take it all back :-( If I have the end point URL (http://somehost/flex2gateway) protected at the web server level, how can I make Flex send along a particular username/password in the HTTP 'Authorization' header when it calls a remote object ? Neither setCredentials() or setRemoteCredentials() work - the web browser just displays it's normal HTTP 'authorisation needed' prompt, and once entered there all proceeds well, so it's just a case of making Flex do the same thing. All is well if I protect the root URL (but then the web browser prompts the user before loading the Flex before passing on the Authorization header OK). Any word on HTTPS endpoints ? *No one* is trying to do CFC remoting over SSL ? With destination id=environmentService channels channel ref=my-cfamf-arch-sec/ /channels properties sourcecom.XXX.EnvironmentService/source access use-mappingstrue/use-mappings method-access-levelremote/method-access-level /access property-case force-cfc-lowercasefalse/force-cfc-lowercase force-query-lowercasefalse/force-query-lowercase force-struct-lowercasefalse/force-struct-lowercase /property-case /properties /destination and channel-definition id=my-cfamf-arch-sec class=mx.messaging.channels.SecureAMFChannel endpoint uri=https://archiving.localdomain:443/flex2gateway/; class=flex.messaging.endpoints.AMFEndpoint/ properties polling-enabledfalse/polling-enabled serialization instantiate-typesfalse/instantiate-types /serialization /properties /channel-definition I get an error when trying to use it that says destination environmentService not accessible over channel my-cfamf-arch-sec :-( The SWF is being served via HTTPS from the same host name, but I've stuck the following cross domain policy file in anyway to no avail: cross-domain-policy allow-access-from domain=* secure=false / /cross-domain-policy -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [flexcoders] HTTPS and Remote passwords
Flex is restricted by the functionality of the Flash Player. The underlying API flash.net.URLLoader will not let Flex set any of the headers required to mimic what you're asking for, i.e. pre-authentication. If you're using Basic Authentication from the J2EE web application container, then the popup is what you're going to see. This is out of our control on the server too. The J2EE app server does not give us access to the messaging payload until the request is authenticated. setCredentials is only for custom authentication (i.e. the destination is constrained and credentials are checked against the login-command registered for the FDS Message Broker). setRemoteCredentials is only for communication with 3rd party endpoints from an FDS adapter, such as ColdFusion. Pete -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tom Chiverton Sent: Thursday, July 13, 2006 10:11 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] HTTPS and Remote passwords On Wednesday 12 July 2006 15:00, Tom Chiverton wrote: All right, fixed that, my bad :-) I take it all back :-( If I have the end point URL (http://somehost/flex2gateway) protected at the web server level, how can I make Flex send along a particular username/password in the HTTP 'Authorization' header when it calls a remote object ? Neither setCredentials() or setRemoteCredentials() work - the web browser just displays it's normal HTTP 'authorisation needed' prompt, and once entered there all proceeds well, so it's just a case of making Flex do the same thing. All is well if I protect the root URL (but then the web browser prompts the user before loading the Flex before passing on the Authorization header OK). Any word on HTTPS endpoints ? *No one* is trying to do CFC remoting over SSL ? With destination id=environmentService channels channel ref=my-cfamf-arch-sec/ /channels properties sourcecom.XXX.EnvironmentService/source access use-mappingstrue/use-mappings method-access-levelremote/method-access-level /access property-case force-cfc-lowercasefalse/force-cfc-lowercase force-query-lowercasefalse/force-query-lowercase force-struct-lowercasefalse/force-struct-lowercase /property-case /properties /destination and channel-definition id=my-cfamf-arch-sec class=mx.messaging.channels.SecureAMFChannel endpoint uri=https://archiving.localdomain:443/flex2gateway/; class=flex.messaging.endpoints.AMFEndpoint/ properties polling-enabledfalse/polling-enabled serialization instantiate-typesfalse/instantiate-types /serialization /properties /channel-definition I get an error when trying to use it that says destination environmentService not accessible over channel my-cfamf-arch-sec :-( The SWF is being served via HTTPS from the same host name, but I've stuck the following cross domain policy file in anyway to no avail: cross-domain-policy allow-access-from domain=* secure=false / /cross-domain-policy -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links Yahoo! Groups Sponsor ~-- Great things are happening at Yahoo! Groups. See the new email design. http://us.click.yahoo.com/TISQkA/hOaOAA/yQLSAA/nhFolB/TM ~- -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group
Re: [flexcoders] HTTPS and Remote passwords
On Thursday 13 July 2006 15:48, Peter Farland wrote: setCredentials is only for custom authentication (i.e. the destination is constrained and credentials are checked against the login-command registered for the FDS Message Broker). setRemoteCredentials is only for communication with 3rd party endpoints from an FDS adapter, such as ColdFusion. Ah *ha* right. Which is why calling setCredentials() on a Basic auth'ed connection doesn't work :-) Which means I *really* have to figure out what is up with access RemoteObject's over SSL :-) -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. Yahoo! Groups Sponsor ~-- Something is new at Yahoo! Groups. Check out the enhanced email design. http://us.click.yahoo.com/SISQkA/gOaOAA/yQLSAA/nhFolB/TM ~- -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [flexcoders] HTTPS and Remote passwords
One thing I noticed, class=flex.messaging.endpoints.AMFEndpoint - class=flex.messaging.endpoints.SecureAMFEndpoint - Cathy -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tom Chiverton Sent: Thursday, July 13, 2006 10:11 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] HTTPS and Remote passwords On Wednesday 12 July 2006 15:00, Tom Chiverton wrote: All right, fixed that, my bad :-) I take it all back :-( If I have the end point URL (http://somehost/flex2gateway) protected at the web server level, how can I make Flex send along a particular username/password in the HTTP 'Authorization' header when it calls a remote object ? Neither setCredentials() or setRemoteCredentials() work - the web browser just displays it's normal HTTP 'authorisation needed' prompt, and once entered there all proceeds well, so it's just a case of making Flex do the same thing. All is well if I protect the root URL (but then the web browser prompts the user before loading the Flex before passing on the Authorization header OK). Any word on HTTPS endpoints ? *No one* is trying to do CFC remoting over SSL ? With destination id=environmentService channels channel ref=my-cfamf-arch-sec/ /channels properties sourcecom.XXX.EnvironmentService/source access use-mappingstrue/use-mappings method-access-levelremote/method-access-level /access property-case force-cfc-lowercasefalse/force-cfc-lowercase force-query-lowercasefalse/force-query-lowercase force-struct-lowercasefalse/force-struct-lowercase /property-case /properties /destination and channel-definition id=my-cfamf-arch-sec class=mx.messaging.channels.SecureAMFChannel endpoint uri=https://archiving.localdomain:443/flex2gateway/; class=flex.messaging.endpoints.AMFEndpoint/ properties polling-enabledfalse/polling-enabled serialization instantiate-typesfalse/instantiate-types /serialization /properties /channel-definition I get an error when trying to use it that says destination environmentService not accessible over channel my-cfamf-arch-sec :-( The SWF is being served via HTTPS from the same host name, but I've stuck the following cross domain policy file in anyway to no avail: cross-domain-policy allow-access-from domain=* secure=false / /cross-domain-policy -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links Yahoo! Groups Sponsor ~-- Great things are happening at Yahoo! Groups. See the new email design. http://us.click.yahoo.com/TISQkA/hOaOAA/yQLSAA/nhFolB/TM ~- -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [flexcoders] HTTPS and Remote passwords
On Thursday 13 July 2006 15:38, Cathy Reilly wrote: class=flex.messaging.endpoints.AMFEndpoint - class=flex.messaging.endpoints.SecureAMFEndpoint Ah ha, good catch, I'd only changed the definition class. Nothing changes after I recompile though. Oddly, if I load the SWF not over https, it appears to work, but doesn't return anything, and eventualy Apache closes the connection: [Thu Jul 13 17:13:01 2006] [info] (70007)The timeout specified has expired: SSL input filter read failed. Loading the SWF over https, I get the same 'destination not accessible over channel' -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [flexcoders] HTTPS and Remote passwords
Load your SWF from HTTPS. Ensure your channel-definition is correct (i.e. using SecureAMFEndpoint and SecureAMFChannel classes in the config and ensure https is in the endpoint url). Ensure the id of this channel is in the list of channels for your destination. Ensure you're compiling against the new configuration. Beyond this, we might need to talk off list about getting better access to your app/config/code to see what's wrong. Pete -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tom Chiverton Sent: Thursday, July 13, 2006 12:17 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] HTTPS and Remote passwords On Thursday 13 July 2006 15:38, Cathy Reilly wrote: class=flex.messaging.endpoints.AMFEndpoint - class=flex.messaging.endpoints.SecureAMFEndpoint Ah ha, good catch, I'd only changed the definition class. Nothing changes after I recompile though. Oddly, if I load the SWF not over https, it appears to work, but doesn't return anything, and eventualy Apache closes the connection: [Thu Jul 13 17:13:01 2006] [info] (70007)The timeout specified has expired: SSL input filter read failed. Loading the SWF over https, I get the same 'destination not accessible over channel' -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links Yahoo! Groups Sponsor ~-- Check out the new improvements in Yahoo! Groups email. http://us.click.yahoo.com/6pRQfA/fOaOAA/yQLSAA/nhFolB/TM ~- -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[flexcoders] HTTPS and Remote passwords
First question, to get you all started. If my CF server is running SSL over HTTPS port 443, what do I have to change in services-config.xml to make it work ? Changing endpoint uri=http://archiving.localdomain:80/flex2gateway/; class=flex.messaging.endpoints.AMFEndpoint/ to endpoint uri=https://archiving.localdomain:443/flex2gateway/; class=flex.messaging.endpoints.AMFEndpoint/ (or .SecureAMFEndpoint) just makes Apache moan: [Wed Jul 12 14:13:07 2006] [info] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page [Wed Jul 12 14:13:07 2006] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!? Secondly, if said endpoint is set to use basic authentication, I thought I could setRemoteCredtionals() to have Flex enter the details without asking the user, but despite setting that (and with out the 'Remote'), the web browser still pops up a prompt - what could be up ? -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [flexcoders] HTTPS and Remote passwords
On Wednesday 12 July 2006 14:28, Tom Chiverton wrote: Secondly All right, fixed that, my bad :-) And word on HTTPS endpoints ? -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. Yahoo! Groups Sponsor ~-- Something is new at Yahoo! Groups. Check out the enhanced email design. http://us.click.yahoo.com/SISQkA/gOaOAA/yQLSAA/nhFolB/TM ~- -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
