Announcement Announcement Module
Collapse
No announcement yet.
Flex Spring Security Integration Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Flex Spring Security Integration

    Hi ,

    I could successfully integrate Flex and Spring and Spring Security using Spring BlazeDS Integration 1.0.0.RC1. I need to find to find the granted authorities at the flex side.

    The reference document has a code snippet which used authorities . The code given in the reference document is

    var token:AsyncToken = myChannelSet.login("jeremy","atlanta");
    token.addResponder(
    new AsyncResponder(
    function(event:ResultEvent, token:Object = null):void {
    if (event.result.authorities.indexOf("ROLE_ADMIN") >= 0) {
    displayAdminPanel(event.result.name);
    } else {
    displayUserPanel(event.result.name);
    }
    },
    function(event:FaultEvent, token:Object = null):void {
    displayErrorMessage("Login Failed: "+event.fault.faultString);
    }
    )
    );


    However , Flex throws an error "ReferenceError: Error #1069: Property authorities not found on String and there is no default value"

    So, What needs to be done at the Flex side to get the granted Authorities ??

    Thanks

  • #2
    It sounds like you don't have the security integration set up correctly and you're just getting the standard "Success" result string back. Can you show your Spring config?

    P.S. Please use the code tags when posting code snippets...makes it much easier to read.

    Comment


    • #3
      Hi ,

      Yes , it is true that I am getting "Success" in the result.
      This is the configuration file

      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      
      <beans xmlns="http://www.springframework.org/schema/beans"
          	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          	xmlns:tx="http://www.springframework.org/schema/tx" 
          	xsi:schemaLocation="http://www.springframework.org/schema/beans
              	http://www.springframework.org/schema/beans/spring-beans- .5.xsd
              	http://www.springframework.org/schema/tx
      			http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">
      
      <import resource ="beans-security.xml" /> 
      <import resource ="beans_flex.xml" /> 
      <import resource ="beans-quesValid.xml" />
      The contents of beans_flex.xml is as follows:

      Code:
      <beans xsi:schemaLocation="  http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans-2.5.xsd  http://www.springframework.org/schema/flex  http://www.springframework.org/schema/flex/spring-flex-1.0.xsd">
      −
      <flex:message-broker>
      <flex:secured/>
      </flex:message-broker>
      </beans>
      The contents of beans-security.xml is as follows:

      Code:
      <beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
      	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/security"
      	xsi:schemaLocation="http://www.springframework.org/schema/beans 
      		http://www.springframework.org/schema/beans/spring-beans.xsd 
      		http://www.springframework.org/schema/security 
      		http://www.springframework.org/schema/security/spring-security-2.0.xsd">
      
      	<http session-fixation-protection="none" auto-config="true" ></http>
      	
      	<!--<beans:bean id="preAuthenticatedEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
      	
      	<beans:bean id="jasyptPasswordEncryptor"
      		class="org.jasypt.util.password.StrongPasswordEncryptor" />
      
      	<beans:bean id="passwordEncoder" class="org.jasypt.spring.security2.PasswordEncoder">
      		<beans:property name="passwordEncryptor">
      			<beans:ref bean="jasyptPasswordEncryptor" />
      		</beans:property>
      	</beans:bean>
      
      	<beans:bean id="daoAuthenticationProvider"
      		class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
      		<beans:property name="userDetailsService" ref="userDetailsService" />
      		<beans:property name="passwordEncoder">
      			<beans:ref bean="passwordEncoder" />
      		</beans:property>
      	</beans:bean>
      
      	<authentication-provider>
      
      		<jdbc-user-service id="userDetailsService"
      			data-source-ref="dataSource"
      			users-by-username-query="SELECT EmailId as username , Password as password , 'true' as enabled
      		FROM credential 
      		WHERE EmailId=?"
      			authorities-by-username-query="SELECT EmailId as username, Roles as authorities
      		FROM credential
      		WHERE EmailId = ?" />
      
      	</authentication-provider>
      </beans:beans>
      The contents for beans-quesValid.xml

      Code:
      <beans xsi:schemaLocation="http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-2.5.xsd         http://www.springframework.org/schema/flex   http://www.springframework.org/schema/flex/spring-flex-1.0.xsd">
      −
      <bean id="dataEntryOperatorDao" class="cdacnoida.noes.registration.dao.HibernateDataEntryOperatorDao">
      <property name="sessionFactory" ref="sessionFactory"/>
      </bean>
      −
      <bean id="expertDao" class="cdacnoida.noes.registration.dao.HibernateExpertDao">
      <property name="sessionFactory" ref="sessionFactory"/>
      </bean>
      <!-- Controller Service -->
      −
      <bean id="controllerService" class="cdacnoida.noes.registration.impl.ControllerServiceImpl">
      </bean>
      <!-- Expose the Controller service -->
      <flex:remote-service ref="controllerService" channels="my-amf"/>
      </beans>
      Regards

      Comment


      • #4
        Config looks good to me. Are you sure you have RC1 on your classpath and not M2? And what version of BlazeDS do you have?

        Comment


        • #5
          Hey Jeremy, we got some security-issue on M2.

          Just a basic login. Login works fine, but on logout() comes this:

          Flex alert:
          Code:
          There was an unhandled failure on the server. getId: Session already invalidated
          Our conf:

          Code:
          <!--not working M2 -->
          	<flex:secured>
          Fixed with this:
          Code:
          	
          <!--working M2 -->
          <flex:secured per-client-authentication="true" invalidate-flex-session="false">
          Is this the right way to configure per-client authentication and invalidate-flex-session?

          Comment


          • #6
            Per-client-authentication was not yet working in M2. You need RC1 for that to work correctly. RC1 will likely solve session invalidation problems as well, as some work was done there for better compatibility with Spring Security's session fixation protection feature.

            Comment


            • #7
              Thanks for the info

              Comment

              Working...
              X