Do you have a copy of the Developing Rich
Clients book? The Integration Tier section (primarily chapters 20 and 21)
would probably help you out. The docs talk about setting up your
J2EE server with authentication support here: http://livedocs.macromedia.com/flex/15/flex_docs_en/00000760.htm.
You can also point your developers here: http://livedocs.macromedia.com/flex/15/flex_docs_en/00002247.htm
to learn about ways the RemoteObject can get access to the session information
including user roles.
I don’t have any explicit examples of login, I think
we have some example code in the docs but I don’t have any code right
now.
As far as your apps noticing when the user’s role is
changed, it certainly won’t come automatically. You could have your
Flex app occasionally check with a RemoteObject if the role is still valid, but
just like HTML it won’t be immediate.
Hope this can get you in the right direction,
Matt
From: flexcoders@yahoogroups.com [mailto:flexcoders@yahoogroups.com] On Behalf Of Leif Wells
Sent: Tuesday, May 17, 2005 8:10
PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Explaining
Flex Log In and User Role Functionality to Java Developers
Here's the deal. I have a client putting together a (fairly large) Flex
application; actually the company that I work for is putting together the Flex
portion and the client and another vendor is putting together the J2EE
back-end.
So they come to me and say "How are we handling logging in a user. Are we
using cookies?"
What we've done in the past with Flash (sorry. I know that's a dirty word here)
is have the user log in and have the server pass back a user object that
contains (among other things) a role. If the server doesn't pass the user
object, then they get the login screen again. If the user is logged in, they
see screens/forms per what level their role is set. The security on this new
application is going to need to be a bit more strict.
My problem is this: I am NOT a full-time J2EE developer and the people who are
asking these questions are very experienced J2EE developers. Every time I
attempt to explain to them how we should handle user log in I appearently am
not using the correct words. Can someone either point me to a document that
explains how user log in would normally would be handled with Flex in a J2EE
environment? Or give it to me is easy to understand language so I can relieve
these guys' (and my) stress? Is there a best practice for handling user login
in a secure application?
Also, they threw me a curve today: "How do we handle it if a user's role
is demoted or promoted in the middle of a session? Can we immediately change
what they see on-screen? Or can we immediately have them log off?"
Any thoughts?
Leif
http://www.leifwells.com
Yahoo! Groups Links
