Announcement Announcement Module
Collapse
No announcement yet.
channelSet.logout Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • channelSet.logout

    Dear All,

    I am developing a flex modular application using SpringBlazeDS Integration.

    I am still not sure about the channelSet.logout();

    currently in flex Application I create a channel and add it to channelSet

    Code:
    private  var channel:AMFChannel = new AMFChannel("my-amf", "/appName/messagebroker/amf");
    public  var channelSet:ChannelSet = new ChannelSet();
    And on initialization of the flex Application
    Code:
    	channelSet.addChannel(channel);
    And then load the login module
    In its initialization I set

    Code:
     RP_LOGIN.channelSet =  Application.application.channelSet;
    And when user clicks login button
    Code:
    var token:AsyncToken = RP_LOGIN.channelSet.login(username.text, password.text);
                   token.addResponder(new AsyncResponder(resultHandler, faultHandler));
    On successful login I load other modules and they all have Remote object and i set there channelset from the application property (Application.application.channelSet)
    Now everything works fine.

    But when I logout I just specify

    channelSet.logout() and not any remoteobject.channelSet.logout()

    on logout I close all the modules and load the login module again.
    but the strange thing I see in the log file is
    Code:
    BlazeDS]06/25/2009 14:48:17.489 [DEBUG] [Endpoint.AMF] Deserializing AMF/HTTP request
    Version: 3
      (Message #0 targetURI=null, responseURI=/4)
        (Array #0)
          [0] = (Typed Object #0 'flex.messaging.messages.CommandMessage')
            operation = 9
            correlationId = ""
            messageId = "C9002BFD-4252-D22B-3993-16B55163427E"
            body = (Object #1)
            headers = (Object #2)
              DSEndpoint = "my-amf"
              DSId = "397033E3-501F-91C3-B73E-C3A2F0211D51"
            timestamp = 0
            destination = "auth"
            timeToLive = 0
            clientId = null
    
    [BlazeDS]06/25/2009 14:48:17.489 [DEBUG] [Endpoint.FlexSession] FlexSession with id 'BD1289EA7F080F3B486AFF274D487CC4' for an Http-based client connection has been invalidated.
    [BlazeDS]06/25/2009 14:48:17.505 [DEBUG] [Endpoint.FlexSession] FlexSession created with id '49A867FDABB300D4469F7D1D6C225739' for an Http-based client connection.
    [BlazeDS]06/25/2009 14:48:17.505 [DEBUG] [Endpoint.AMF] Serializing AMF/HTTP response
    Version: 3
      (Message #0 targetURI=/4/onResult, responseURI=)
        (Typed Object #0 'flex.messaging.messages.AcknowledgeMessage')
          timestamp = 1.245921497505E12
          headers = (Object #1)
          body = "success"
          correlationId = "C9002BFD-4252-D22B-3993-16B55163427E"
          messageId = "3970AC4A-110D-4295-8CAF-E741CC3E7397"
          timeToLive = 0.0
          clientId = "3970AC23-011A-68BD-5C9B-F52FDE1F3E37"
          destination = null

    It is creating a new session after invalidating the existing
    So to test this, In flex application I have a popup window opened(search window) , I auto logout the user by calling channelSet.logout() without closing the popup, but I close all modules and load the login module, And I find still when I do some search on popup it goes to server and fetches result.

    So now I understand that I am not using the channelSet.logout in a proper way, and when I looked at the example in test drive they call the channelSet.logout() with respect to a remote object.(like remoreobject.channelSet.logout , but I just call channelset.logout , As i wanted to invalidate all the remote objects created during the user time)

    But lets say In case of module application, where there is many modules loaded simultaniously with many remote objects and there is no tracking of created remote objects , How to invalidate all the remote object channelset and completely invalidate the session of the client


    Thanks in advance

  • #2
    Originally posted by kannanMugundan View Post
    It is creating a new session after invalidating the existing
    I believe this is expected behavior. A FlexSession gets created anytime a request is received by BlazeDS and one does not already exist. This is not the same as actually being authenticated.

    Originally posted by kannanMugundan View Post
    So to test this, In flex application I have a popup window opened(search window) , I auto logout the user by calling channelSet.logout() without closing the popup, but I close all modules and load the login module, And I find still when I do some search on popup it goes to server and fetches result.
    Are you sure the search functionality is actually secured?

    Originally posted by kannanMugundan View Post
    So now I understand that I am not using the channelSet.logout in a proper way, and when I looked at the example in test drive they call the channelSet.logout() with respect to a remote object.(like remoreobject.channelSet.logout , but I just call channelset.logout , As i wanted to invalidate all the remote objects created during the user time)
    From what I understand from looking at the Flex API docs, just calling channelSet.logout() should work. Is the behavior actually different if you call remoteObject.channelSet.logout()?

    Comment


    • #3
      Originally posted by jeremyg484 View Post
      Are you sure the search functionality is actually secured?

      Hi,

      I got it fixed. Thanks for your thought, I went through the things you mentioned, and found that

      I had commented
      <flex:secured-channel channel="my-amf" access="ROLE_USER" />

      because, if I have access="ROLE_USER" , and if my user had different role like ROLE_ADMIN then, I was not able to access anything.

      Now i changed it to IS_AUTHENTICATED_FULLY and it works now.
      once I call channelset.logout() all the access is denied. but the error message thrown is not user friendly. (An Authentication object was not found in the SecurityContext)



      once again thanks for your great help
      Last edited by kannanMugundan; Jun 30th, 2009, 11:01 PM.

      Comment

      Working...
      X