Hi Collin,
Does anyone have any remoting (i.e. RemoteObject) examples of how to
do authentication and authorization with Acegi? I have been reading
it doesn't seem too difficult. the current version of my app
(http://www.searchcoders.com/flex) uses container managed authentication
and i am migrating it over to acegi. so, my comments here about acegi
integration do not apply to production environments:
1. create a class that implements LoginCommand and has an
authenticationManager property
2. create and setup an ApplicationContextAware bean. this is required
in your custom LoginCommand so you can initialize it later.
3. configure your LoginCommand bean with the property name
authenticationManager. Reference your acegi config's
authenticationManager.
4. In the LoginCommand constructor, configureBean your
loginCommand bean (i think this can be done a better way but I haven't
had time to experiment).
5. in the LoginCommand doAuthentication:
a. create a UsernamePasswordAuthenticationToken and pass it the
username and credentials as String
b. authenticationManager.authenticate(authToken)
c. result of authenticate is Authentication, catch any exceptions.
d. return Authentication as the Principal. That's it.
For authorization, extract the principal and compare the list of roles
with the GrantedAuthority[] of the Authentication obj.
Note that with this current strategy you will lose the ability to
share the authentication result with the non-flex segment of your app.
So, if you send the user to a resource on your container which has a
security-constraint then it will think not know that it's been
authenticated. You will have to somehow integrate with the
authenticationProcessingFilter.
I will post more details on my blog: http://www.machine501.com/ when i
have found and tested a suitable solution for integrating acegi/spring/fds.
download the FDS2 javadocs (scroll down to the bottom Complete Flex 2
documentation):
http://www.adobe.com/support/documentation/en/flex/
good luck.
/r
http://www.searchcoders.com/flex/
http://www.laflex.org/
Collin Peters wrote:
Does anyone have any remoting (i.e. RemoteObject) examples of how to
do authentication and authorization with Acegi? I have been reading
the LiveDocs on securing destinations at
http://livedocs.adobe.com/flex/201/html/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Book_Partsfile=ent_services_config_097_15.html,
but this provides no clues as to how it would work with Spring
security (acegi).
Collin
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
Yahoo! Groups Links
