You can store user-specific data in the server-side FlexSession or FlexClient instances that you can access via the FlexContext class. A FlexSession represents the connection between a client and server, and in the case of servlet-based HTTP, wraps the app server's HttpSession. One thing that can trip people up is that a cookie-based browser session is scoped to the browser process, meaning all tabs/frames/etc. share the same session. The FlexClient instance on the server represents a specific Flex application (a swf). Both provide APIs for storing and getting attributes and you can access them from within your assembler. Login commands return a Principal as a result of successful authentication, and this is stored in either the FlexSession or FlexClient depending on how you want to scope your authentication. The default is to store it with the FlexSession, but this can be controlled using the <per-client-authentication/> config setting for your login command in services-config.xml. Seth
________________________________ From: flexcoders@yahoogroups.com on behalf of cartewn Sent: Tue 7/1/2008 4:49 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] blazeds & spring security let assembler fetch data based on current user Hi, I'm currently learning flex by trying to build an application with flex, blazeds and Spring. My application lets users log on using spring security (which I will probably combine with AcegiLogonCommand). I would like my assemblers to return different data based on which user is currently logged on (for instance to show that specific user's to-do list). To do this, I added a userId property to my spring security principals (by subclassing org.springframework.security.userdetails.User) and added user_id columns to user-specific data in the database. Now I would like to know how I can get the currently logged on user in my assembler so I can use its userId to fetch the user's data. Is the assembler the right place to decide which data to send to my flex application? If so, can anyone tell me how to determine which user is currently logged on in my assembler? If not, what would be the recommended way of dealing with user-specific data in my database in combination with blazeds? The only examples I have been able to find on the Internet so far only use different roles to determine what a user is or is not allowed to do, I have yet to find any examples where users store and retrieve user-specific data. Kind regards, Jeroen
<<winmail.dat>>