RE: [flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
In the case of RTMP, the doAuthentication() hook of your LoginCommand runs when
the client invokes ChannelSet.login(...) or as a result of invoking the legacy
setCredentials() method on service components. The advantage of using
ChannelSet.login() is that it gives you back a token for the call that you can
register a responder with. setCredentials() may or may not even make a login
call, depending on whether the client is connected, and when the login happens
there's no good way to handle faults.
If doAuthentication() is successful the returned Principal is cached in the
FlexSession. Because RTMP connections are long-lived and stateful, this will
only happen once.
After that, any client interaction with a destination secured with a security
constraint will trigger a call to doAuthentication() - you get the cached
Principal and the list of roles to test for membership in. So this hook will
likely be called many times. If you security system depends on any extra
context, say in thread locals, your login command would need to manage that
properly.
Seth
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Geoffrey
Sent: Monday, August 25, 2008 4:00 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
I was wondering if anyone knows exactly when the AcegiLoginCommand
class gets processes. Does it get processed once when you create a
DataService object, or does it get processed every time an RTMP
request is made?
--- In flexcoders@yahoogroups.commailto:flexcoders%40yahoogroups.com,
Geoffrey [EMAIL PROTECTED] wrote:
One last thing I had to do to get it to work. I added
-Dacegi.security.strategy=MODE_INHERITABLETHREADLOCAL to my Tomcat
JVM arguments. Otherwise, setting and getting the Authentication
object was accessing different instances of some security object.
~Geoff
--- In flexcoders@yahoogroups.commailto:flexcoders%40yahoogroups.com,
Geoffrey gtb104@ wrote:
I seem to have got it working. Thanks for your help jahhaj12345!
What I ended up doing was to create a custom LoginCommand class. I
used the one from here:
http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made
two changes shown below:
//The name of our Acegi configuration file.
private static String[] CONFIG_LOCATIONS =
{classpath:security-context.xml};
//ldapAuthenticationProvider is from our Acegi config file, and it
the name of the bean that is used for authentication via LDAP.
authenticationProvider =
(AuthenticationProvider)applicationContext.getBean(ldapAuthenticationProvider);
I then updated services-config.xml and added:
security
login-command class=com.gdais.security.AcegiLoginCommand
server=Tomcat/
security-constraint id=basic-read-access
auth-methodBasic/auth-method
roles
roleROLE_MANAGERS/role
roleROLE_USERS/role
/roles
/security-constraint
/security
//The roles came from the Acegi config file.
After that, I had to add the [managed] metadata tag to one of my
ValueObjects and it all seemed to work.
I'll be honest, I don't really understand why this works, it just
does. What I mean by 'works' is that the managed collection on the
client gets filled with data successfully. I haven't yet tested
pushing new entries to that managed collection after the initial fill.
I hope this post helps someone else.
~Geoff
--- In flexcoders@yahoogroups.commailto:flexcoders%40yahoogroups.com,
jahhaj12345 halvorsonj@ wrote:
I don't know of a way to just authenticate the client. From
everything
I've read, you have to authenticate the HTTP and RTMP sessions
individually. For my application, I had to create my own
LoginCommand
to handle the flex RTMP authentication.
Here's my understanding of how it's working for me:
1. On my client, I get the channelset to use and then call
channelSet.login(username, password). You could also call the
setCredentials on the actual DataService the same way, but my
services
are all created at runtime on the server instead of being statically
defined in services-config.xml.
2. That channelSet (or dataservice) from above authenticates
through the
login-command configured in services-config.xml. This is where the
custom LoginCommand I created is configured. The doAuthentication
function of LoginCommand is as follows:
public Principal doAuthentication(String username, Object
credentials) {
Authentication auth =
authenticationProvider.authenticate(new
UsernamePasswordAuthenticationToken(username, credentials)); //
authenticationProvider is a spring security
DaoAuthenticationProvider
SecurityContextHolder.getContext().setAuthentication(auth);
return auth;
}
This should authenticate the RTMP session. I don't know if this
is the
best way, but it seems to work.
--- In flexcoders@yahoogroups.commailto:flexcoders
RE: [flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
Make that: After that, any client interaction with a destination secured with a
security constraint will trigger a call to doAuthorization()
Seth
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Seth
Hodgson
Sent: Tuesday, August 26, 2008 10:18 AM
To: flexcoders@yahoogroups.com
Subject: RE: [flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
In the case of RTMP, the doAuthentication() hook of your LoginCommand runs when
the client invokes ChannelSet.login(...) or as a result of invoking the legacy
setCredentials() method on service components. The advantage of using
ChannelSet.login() is that it gives you back a token for the call that you can
register a responder with. setCredentials() may or may not even make a login
call, depending on whether the client is connected, and when the login happens
there's no good way to handle faults.
If doAuthentication() is successful the returned Principal is cached in the
FlexSession. Because RTMP connections are long-lived and stateful, this will
only happen once.
After that, any client interaction with a destination secured with a security
constraint will trigger a call to doAuthentication() - you get the cached
Principal and the list of roles to test for membership in. So this hook will
likely be called many times. If you security system depends on any extra
context, say in thread locals, your login command would need to manage that
properly.
Seth
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Geoffrey
Sent: Monday, August 25, 2008 4:00 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
I was wondering if anyone knows exactly when the AcegiLoginCommand
class gets processes. Does it get processed once when you create a
DataService object, or does it get processed every time an RTMP
request is made?
--- In flexcoders@yahoogroups.commailto:flexcoders%40yahoogroups.com,
Geoffrey [EMAIL PROTECTED] wrote:
One last thing I had to do to get it to work. I added
-Dacegi.security.strategy=MODE_INHERITABLETHREADLOCAL to my Tomcat
JVM arguments. Otherwise, setting and getting the Authentication
object was accessing different instances of some security object.
~Geoff
--- In flexcoders@yahoogroups.commailto:flexcoders%40yahoogroups.com,
Geoffrey gtb104@ wrote:
I seem to have got it working. Thanks for your help jahhaj12345!
What I ended up doing was to create a custom LoginCommand class. I
used the one from here:
http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made
two changes shown below:
//The name of our Acegi configuration file.
private static String[] CONFIG_LOCATIONS =
{classpath:security-context.xml};
//ldapAuthenticationProvider is from our Acegi config file, and it
the name of the bean that is used for authentication via LDAP.
authenticationProvider =
(AuthenticationProvider)applicationContext.getBean(ldapAuthenticationProvider);
I then updated services-config.xml and added:
security
login-command class=com.gdais.security.AcegiLoginCommand
server=Tomcat/
security-constraint id=basic-read-access
auth-methodBasic/auth-method
roles
roleROLE_MANAGERS/role
roleROLE_USERS/role
/roles
/security-constraint
/security
//The roles came from the Acegi config file.
After that, I had to add the [managed] metadata tag to one of my
ValueObjects and it all seemed to work.
I'll be honest, I don't really understand why this works, it just
does. What I mean by 'works' is that the managed collection on the
client gets filled with data successfully. I haven't yet tested
pushing new entries to that managed collection after the initial fill.
I hope this post helps someone else.
~Geoff
--- In flexcoders@yahoogroups.commailto:flexcoders%40yahoogroups.com,
jahhaj12345 halvorsonj@ wrote:
I don't know of a way to just authenticate the client. From
everything
I've read, you have to authenticate the HTTP and RTMP sessions
individually. For my application, I had to create my own
LoginCommand
to handle the flex RTMP authentication.
Here's my understanding of how it's working for me:
1. On my client, I get the channelset to use and then call
channelSet.login(username, password). You could also call the
setCredentials on the actual DataService the same way, but my
services
are all created at runtime on the server instead of being statically
defined in services-config.xml.
2. That channelSet (or dataservice) from above authenticates
through the
login-command configured in services-config.xml. This is where the
custom LoginCommand I created is configured. The doAuthentication
function of LoginCommand is as follows:
public Principal doAuthentication(String username, Object
credentials) {
Authentication auth =
authenticationProvider.authenticate(new
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
I was wondering if anyone knows exactly when the AcegiLoginCommand
class gets processes. Does it get processed once when you create a
DataService object, or does it get processed every time an RTMP
request is made?
--- In flexcoders@yahoogroups.com, Geoffrey [EMAIL PROTECTED] wrote:
One last thing I had to do to get it to work. I added
-Dacegi.security.strategy=MODE_INHERITABLETHREADLOCAL to my Tomcat
JVM arguments. Otherwise, setting and getting the Authentication
object was accessing different instances of some security object.
~Geoff
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I seem to have got it working. Thanks for your help jahhaj12345!
What I ended up doing was to create a custom LoginCommand class. I
used the one from here:
http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made
two changes shown below:
//The name of our Acegi configuration file.
private static String[] CONFIG_LOCATIONS =
{classpath:security-context.xml};
//ldapAuthenticationProvider is from our Acegi config file, and it
the name of the bean that is used for authentication via LDAP.
authenticationProvider =
(AuthenticationProvider)applicationContext.getBean(ldapAuthenticationProvider);
I then updated services-config.xml and added:
security
login-command class=com.gdais.security.AcegiLoginCommand
server=Tomcat/
security-constraint id=basic-read-access
auth-methodBasic/auth-method
roles
roleROLE_MANAGERS/role
roleROLE_USERS/role
/roles
/security-constraint
/security
//The roles came from the Acegi config file.
After that, I had to add the [managed] metadata tag to one of my
ValueObjects and it all seemed to work.
I'll be honest, I don't really understand why this works, it just
does. What I mean by 'works' is that the managed collection on the
client gets filled with data successfully. I haven't yet tested
pushing new entries to that managed collection after the initial fill.
I hope this post helps someone else.
~Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 halvorsonj@ wrote:
I don't know of a way to just authenticate the client. From
everything
I've read, you have to authenticate the HTTP and RTMP sessions
individually. For my application, I had to create my own
LoginCommand
to handle the flex RTMP authentication.
Here's my understanding of how it's working for me:
1. On my client, I get the channelset to use and then call
channelSet.login(username, password). You could also call the
setCredentials on the actual DataService the same way, but my
services
are all created at runtime on the server instead of being statically
defined in services-config.xml.
2. That channelSet (or dataservice) from above authenticates
through the
login-command configured in services-config.xml. This is where the
custom LoginCommand I created is configured. The doAuthentication
function of LoginCommand is as follows:
public Principal doAuthentication(String username, Object
credentials) {
Authentication auth =
authenticationProvider.authenticate(new
UsernamePasswordAuthenticationToken(username, credentials)); //
authenticationProvider is a spring security
DaoAuthenticationProvider
SecurityContextHolder.getContext().setAuthentication(auth);
return auth;
}
This should authenticate the RTMP session. I don't know if this
is the
best way, but it seems to work.
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I'm guessing that we don't implement security the correct way
(or the
best way) right now. Currently, I have a login State that
takes the
username and password and makes an HTTPService call to the JSP
page
that does user authentication. If that comes back successfully,
then
I change State to the main application.
That seems to take care of all of the HTTP requests, but the RTMP
requests obviously fail (or else I wouldn't be here ;-)).
I read the docs about using LoginCommand, but I didn't see how
that
ties into Acegi.
I'm wondering if you can authenticate the Flex client, and not
just
the session. If so, wouldn't the sessions (HTTP and RTMP) also be
authenticated since they fall under the FlexClient object? Just a
thought.
Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 halvorsonj@
wrote:
I'm having the same problems you are. I've been through several
options but haven't found one that's acceptable from a security
point
of view if you are trying to use the rememberme functionality.
To get it working without rememberme, provide a login form
from your
flex application and once authenticated using form login,
use that
username/password
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
One last thing I had to do to get it to work. I added
-Dacegi.security.strategy=MODE_INHERITABLETHREADLOCAL to my Tomcat
JVM arguments. Otherwise, setting and getting the Authentication
object was accessing different instances of some security object.
~Geoff
--- In flexcoders@yahoogroups.com, Geoffrey [EMAIL PROTECTED] wrote:
I seem to have got it working. Thanks for your help jahhaj12345!
What I ended up doing was to create a custom LoginCommand class. I
used the one from here:
http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made
two changes shown below:
//The name of our Acegi configuration file.
private static String[] CONFIG_LOCATIONS =
{classpath:security-context.xml};
//ldapAuthenticationProvider is from our Acegi config file, and it
the name of the bean that is used for authentication via LDAP.
authenticationProvider =
(AuthenticationProvider)applicationContext.getBean(ldapAuthenticationProvider);
I then updated services-config.xml and added:
security
login-command class=com.gdais.security.AcegiLoginCommand
server=Tomcat/
security-constraint id=basic-read-access
auth-methodBasic/auth-method
roles
roleROLE_MANAGERS/role
roleROLE_USERS/role
/roles
/security-constraint
/security
//The roles came from the Acegi config file.
After that, I had to add the [managed] metadata tag to one of my
ValueObjects and it all seemed to work.
I'll be honest, I don't really understand why this works, it just
does. What I mean by 'works' is that the managed collection on the
client gets filled with data successfully. I haven't yet tested
pushing new entries to that managed collection after the initial fill.
I hope this post helps someone else.
~Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 halvorsonj@ wrote:
I don't know of a way to just authenticate the client. From
everything
I've read, you have to authenticate the HTTP and RTMP sessions
individually. For my application, I had to create my own LoginCommand
to handle the flex RTMP authentication.
Here's my understanding of how it's working for me:
1. On my client, I get the channelset to use and then call
channelSet.login(username, password). You could also call the
setCredentials on the actual DataService the same way, but my services
are all created at runtime on the server instead of being statically
defined in services-config.xml.
2. That channelSet (or dataservice) from above authenticates
through the
login-command configured in services-config.xml. This is where the
custom LoginCommand I created is configured. The doAuthentication
function of LoginCommand is as follows:
public Principal doAuthentication(String username, Object
credentials) {
Authentication auth = authenticationProvider.authenticate(new
UsernamePasswordAuthenticationToken(username, credentials)); //
authenticationProvider is a spring security DaoAuthenticationProvider
SecurityContextHolder.getContext().setAuthentication(auth);
return auth;
}
This should authenticate the RTMP session. I don't know if this
is the
best way, but it seems to work.
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I'm guessing that we don't implement security the correct way
(or the
best way) right now. Currently, I have a login State that takes the
username and password and makes an HTTPService call to the JSP page
that does user authentication. If that comes back successfully,
then
I change State to the main application.
That seems to take care of all of the HTTP requests, but the RTMP
requests obviously fail (or else I wouldn't be here ;-)).
I read the docs about using LoginCommand, but I didn't see how that
ties into Acegi.
I'm wondering if you can authenticate the Flex client, and not just
the session. If so, wouldn't the sessions (HTTP and RTMP) also be
authenticated since they fall under the FlexClient object? Just a
thought.
Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 halvorsonj@ wrote:
I'm having the same problems you are. I've been through several
options but haven't found one that's acceptable from a security
point
of view if you are trying to use the rememberme functionality.
To get it working without rememberme, provide a login form
from your
flex application and once authenticated using form login, use that
username/password combination for the RTMP's ChannelSet login.
And
depending on how you handle authentication on your end, you
may need
to provide your own LoginCommand and UserDetailsService. I've
done
both of these and it works.
Does anyone out there have a way to get rememberme working for
RTMP?
I know the problem is cause by the RTMPFlexSession being
outside the
HTTPSession. Is there anyway to
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues - SOLVED
I seem to have got it working. Thanks for your help jahhaj12345!
What I ended up doing was to create a custom LoginCommand class. I
used the one from here:
http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made
two changes shown below:
//The name of our Acegi configuration file.
private static String[] CONFIG_LOCATIONS =
{classpath:security-context.xml};
//ldapAuthenticationProvider is from our Acegi config file, and it
the name of the bean that is used for authentication via LDAP.
authenticationProvider =
(AuthenticationProvider)applicationContext.getBean(ldapAuthenticationProvider);
I then updated services-config.xml and added:
security
login-command class=com.gdais.security.AcegiLoginCommand
server=Tomcat/
security-constraint id=basic-read-access
auth-methodBasic/auth-method
roles
roleROLE_MANAGERS/role
roleROLE_USERS/role
/roles
/security-constraint
/security
//The roles came from the Acegi config file.
After that, I had to add the [managed] metadata tag to one of my
ValueObjects and it all seemed to work.
I'll be honest, I don't really understand why this works, it just
does. What I mean by 'works' is that the managed collection on the
client gets filled with data successfully. I haven't yet tested
pushing new entries to that managed collection after the initial fill.
I hope this post helps someone else.
~Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 [EMAIL PROTECTED] wrote:
I don't know of a way to just authenticate the client. From everything
I've read, you have to authenticate the HTTP and RTMP sessions
individually. For my application, I had to create my own LoginCommand
to handle the flex RTMP authentication.
Here's my understanding of how it's working for me:
1. On my client, I get the channelset to use and then call
channelSet.login(username, password). You could also call the
setCredentials on the actual DataService the same way, but my services
are all created at runtime on the server instead of being statically
defined in services-config.xml.
2. That channelSet (or dataservice) from above authenticates through the
login-command configured in services-config.xml. This is where the
custom LoginCommand I created is configured. The doAuthentication
function of LoginCommand is as follows:
public Principal doAuthentication(String username, Object
credentials) {
Authentication auth = authenticationProvider.authenticate(new
UsernamePasswordAuthenticationToken(username, credentials)); //
authenticationProvider is a spring security DaoAuthenticationProvider
SecurityContextHolder.getContext().setAuthentication(auth);
return auth;
}
This should authenticate the RTMP session. I don't know if this is the
best way, but it seems to work.
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I'm guessing that we don't implement security the correct way (or the
best way) right now. Currently, I have a login State that takes the
username and password and makes an HTTPService call to the JSP page
that does user authentication. If that comes back successfully, then
I change State to the main application.
That seems to take care of all of the HTTP requests, but the RTMP
requests obviously fail (or else I wouldn't be here ;-)).
I read the docs about using LoginCommand, but I didn't see how that
ties into Acegi.
I'm wondering if you can authenticate the Flex client, and not just
the session. If so, wouldn't the sessions (HTTP and RTMP) also be
authenticated since they fall under the FlexClient object? Just a
thought.
Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 halvorsonj@ wrote:
I'm having the same problems you are. I've been through several
options but haven't found one that's acceptable from a security
point
of view if you are trying to use the rememberme functionality.
To get it working without rememberme, provide a login form from your
flex application and once authenticated using form login, use that
username/password combination for the RTMP's ChannelSet login. And
depending on how you handle authentication on your end, you may need
to provide your own LoginCommand and UserDetailsService. I've done
both of these and it works.
Does anyone out there have a way to get rememberme working for RTMP?
I know the problem is cause by the RTMPFlexSession being outside the
HTTPSession. Is there anyway to sync these up? Or is there anyway
to
do a single sign-on with RTMP?
Jason
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I've looked around the net and haven't found anything helpful.
Any
suggestions would be
great.
Thanks,
Geoff
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I'm wondering if anyone out there has implemented LiveCycle Data
Services
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues
I'm having the same problems you are. I've been through several options but haven't found one that's acceptable from a security point of view if you are trying to use the rememberme functionality. To get it working without rememberme, provide a login form from your flex application and once authenticated using form login, use that username/password combination for the RTMP's ChannelSet login. And depending on how you handle authentication on your end, you may need to provide your own LoginCommand and UserDetailsService. I've done both of these and it works. Does anyone out there have a way to get rememberme working for RTMP? I know the problem is cause by the RTMPFlexSession being outside the HTTPSession. Is there anyway to sync these up? Or is there anyway to do a single sign-on with RTMP? Jason --- In flexcoders@yahoogroups.com, Geoffrey [EMAIL PROTECTED] wrote: I've looked around the net and haven't found anything helpful. Any suggestions would be great. Thanks, Geoff --- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote: I'm wondering if anyone out there has implemented LiveCycle Data Services using Spring Security as their security layer? I'm having issues with RTMP communications between server/client, meaning I'm not getting any. I've modified our existing Java delegate to ast as the Assembler for a managed collection. When the Assembler's fill() method gets called, it tries to retrieve the desired information from our Service class. I get an AuthenticationCredentialsNotFoundException as seen below: error snippet org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecuri tyInterceptor.java:339) at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityIn terceptor.java:254) at org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodS ecurityInterceptor.java:63) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho dInvocation.java:161) at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercep t(Cglib2AopProxy.java:630) ... /error snippet I think it's because the HTTPFlexSession is authenticated, but the RTMPFlexSession operates outside the context. I don't know how to make it authenticated, or to authenticate the client so that all sessions have valid credentials. Any suggestions would be appreciated. ~Geoff
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues
I'm guessing that we don't implement security the correct way (or the best way) right now. Currently, I have a login State that takes the username and password and makes an HTTPService call to the JSP page that does user authentication. If that comes back successfully, then I change State to the main application. That seems to take care of all of the HTTP requests, but the RTMP requests obviously fail (or else I wouldn't be here ;-)). I read the docs about using LoginCommand, but I didn't see how that ties into Acegi. I'm wondering if you can authenticate the Flex client, and not just the session. If so, wouldn't the sessions (HTTP and RTMP) also be authenticated since they fall under the FlexClient object? Just a thought. Geoff --- In flexcoders@yahoogroups.com, jahhaj12345 [EMAIL PROTECTED] wrote: I'm having the same problems you are. I've been through several options but haven't found one that's acceptable from a security point of view if you are trying to use the rememberme functionality. To get it working without rememberme, provide a login form from your flex application and once authenticated using form login, use that username/password combination for the RTMP's ChannelSet login. And depending on how you handle authentication on your end, you may need to provide your own LoginCommand and UserDetailsService. I've done both of these and it works. Does anyone out there have a way to get rememberme working for RTMP? I know the problem is cause by the RTMPFlexSession being outside the HTTPSession. Is there anyway to sync these up? Or is there anyway to do a single sign-on with RTMP? Jason --- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote: I've looked around the net and haven't found anything helpful. Any suggestions would be great. Thanks, Geoff --- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote: I'm wondering if anyone out there has implemented LiveCycle Data Services using Spring Security as their security layer? I'm having issues with RTMP communications between server/client, meaning I'm not getting any. I've modified our existing Java delegate to ast as the Assembler for a managed collection. When the Assembler's fill() method gets called, it tries to retrieve the desired information from our Service class. I get an AuthenticationCredentialsNotFoundException as seen below: error snippet org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecuri tyInterceptor.java:339) at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityIn terceptor.java:254) at org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodS ecurityInterceptor.java:63) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho dInvocation.java:161) at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercep t(Cglib2AopProxy.java:630) ... /error snippet I think it's because the HTTPFlexSession is authenticated, but the RTMPFlexSession operates outside the context. I don't know how to make it authenticated, or to authenticate the client so that all sessions have valid credentials. Any suggestions would be appreciated. ~Geoff
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues
I don't know of a way to just authenticate the client. From everything
I've read, you have to authenticate the HTTP and RTMP sessions
individually. For my application, I had to create my own LoginCommand
to handle the flex RTMP authentication.
Here's my understanding of how it's working for me:
1. On my client, I get the channelset to use and then call
channelSet.login(username, password). You could also call the
setCredentials on the actual DataService the same way, but my services
are all created at runtime on the server instead of being statically
defined in services-config.xml.
2. That channelSet (or dataservice) from above authenticates through the
login-command configured in services-config.xml. This is where the
custom LoginCommand I created is configured. The doAuthentication
function of LoginCommand is as follows:
public Principal doAuthentication(String username, Object
credentials) {
Authentication auth = authenticationProvider.authenticate(new
UsernamePasswordAuthenticationToken(username, credentials)); //
authenticationProvider is a spring security DaoAuthenticationProvider
SecurityContextHolder.getContext().setAuthentication(auth);
return auth;
}
This should authenticate the RTMP session. I don't know if this is the
best way, but it seems to work.
--- In flexcoders@yahoogroups.com, Geoffrey [EMAIL PROTECTED] wrote:
I'm guessing that we don't implement security the correct way (or the
best way) right now. Currently, I have a login State that takes the
username and password and makes an HTTPService call to the JSP page
that does user authentication. If that comes back successfully, then
I change State to the main application.
That seems to take care of all of the HTTP requests, but the RTMP
requests obviously fail (or else I wouldn't be here ;-)).
I read the docs about using LoginCommand, but I didn't see how that
ties into Acegi.
I'm wondering if you can authenticate the Flex client, and not just
the session. If so, wouldn't the sessions (HTTP and RTMP) also be
authenticated since they fall under the FlexClient object? Just a
thought.
Geoff
--- In flexcoders@yahoogroups.com, jahhaj12345 halvorsonj@ wrote:
I'm having the same problems you are. I've been through several
options but haven't found one that's acceptable from a security
point
of view if you are trying to use the rememberme functionality.
To get it working without rememberme, provide a login form from your
flex application and once authenticated using form login, use that
username/password combination for the RTMP's ChannelSet login. And
depending on how you handle authentication on your end, you may need
to provide your own LoginCommand and UserDetailsService. I've done
both of these and it works.
Does anyone out there have a way to get rememberme working for RTMP?
I know the problem is cause by the RTMPFlexSession being outside the
HTTPSession. Is there anyway to sync these up? Or is there anyway
to
do a single sign-on with RTMP?
Jason
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I've looked around the net and haven't found anything helpful.
Any
suggestions would be
great.
Thanks,
Geoff
--- In flexcoders@yahoogroups.com, Geoffrey gtb104@ wrote:
I'm wondering if anyone out there has implemented LiveCycle Data
Services using Spring Security as their security layer?
I'm having issues with RTMP communications between
server/client,
meaning I'm not getting any. I've modified our existing Java
delegate
to ast as the Assembler for a managed collection. When the
Assembler's fill() method gets called, it tries to retrieve the
desired information from our Service class. I get an
AuthenticationCredentialsNotFoundException as seen below:
error snippet
org.acegisecurity.AuthenticationCredentialsNotFoundException: An
Authentication object was not found in the SecurityContext
at
org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFo\
und(AbstractSecuri
tyInterceptor.java:339)
at
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation\
(AbstractSecurityIn
terceptor.java:254)
at
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor\
.invoke(MethodS
ecurityInterceptor.java:63)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Ref\
lectiveMetho
dInvocation.java:161)
at
org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedIntercept\
or.intercep
t(Cglib2AopProxy.java:630)
...
/error snippet
I think it's because the HTTPFlexSession is authenticated, but
the
RTMPFlexSession operates outside the context. I don't know how
to
make it authenticated, or to authenticate the client so that all
sessions have valid credentials.
Any
[flexcoders] Re: RTMP and Spring Security(Acegi) Issues
I've looked around the net and haven't found anything helpful. Any suggestions would be great. Thanks, Geoff --- In flexcoders@yahoogroups.com, Geoffrey [EMAIL PROTECTED] wrote: I'm wondering if anyone out there has implemented LiveCycle Data Services using Spring Security as their security layer? I'm having issues with RTMP communications between server/client, meaning I'm not getting any. I've modified our existing Java delegate to ast as the Assembler for a managed collection. When the Assembler's fill() method gets called, it tries to retrieve the desired information from our Service class. I get an AuthenticationCredentialsNotFoundException as seen below: error snippet org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecuri tyInterceptor.java:339) at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityIn terceptor.java:254) at org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodS ecurityInterceptor.java:63) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho dInvocation.java:161) at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercep t(Cglib2AopProxy.java:630) ... /error snippet I think it's because the HTTPFlexSession is authenticated, but the RTMPFlexSession operates outside the context. I don't know how to make it authenticated, or to authenticate the client so that all sessions have valid credentials. Any suggestions would be appreciated. ~Geoff
