Announcement Announcement Module
Collapse
No announcement yet.
I must be stupid... some explanation of some basic things..also possible Bug? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • I must be stupid... some explanation of some basic things..also possible Bug?

    First off, is this the main forum for asking questions about BlazeDS and Spring Security? The forum seems awfully quiet, so either 'everything is easy' - in which case I'm stupid, or else people are managing their security needs in older ways (if so, what's the most common older/non-spring way of doing things?)

    I posted some concerns I had here http://forum.springsource.org/showthread.php?t=76973 about finding some good examples, but I'll restate some more specific questions:

    1) Is the Testdrive security section when you click on the security tab it seems to missing the context "testdrive" so you get page can't be found. Also even when you add the context the channel definition seems to also be missing the context 'testdrive.' To me this is a bug in the example code isn't it or did I do something wrong running the testdrive app?

    2) How do I make sure calling channelSet.logout() truly logs you out of the application. The behavior I'm seeing seems inadequate. If you logout and try to login with a different username you get an error about "cannot re-authetnicate in the same session." This makes no sense to me. How do I force a true logout when I click a logout button. (I'd love to see this in the testdrive application because I think it's the behavior one expects when trying to logout.)

    3) How does one get access to the logged in user and the roles on the server side of things?

    4) In the examples I see most making a call to the full url of the channel, but it seems to work when I build the channel set from a channel like:

    var channel:AMFChannel = new AMFChannel("myt-amf", "/my-app-context/messagebroker/amf"

    Is this a bad approach to use? (other than the hardcoded context name which I can get from a config file.) Is there a reason to use the whole http://yourURLort/... definition?

  • #2
    In regard to question 2 (Re-quoted below), ignore it I guess, since whatever I did, my app is now behaving as expected. I swore I was getting that "cannot re-authenticate" error for a while. I'm not now, though, so all is well on that front.

    2) How do I make sure calling channelSet.logout() truly logs you out of the application. The behavior I'm seeing seems inadequate. If you logout and try to login with a different username you get an error about "cannot re-authetnicate in the same session." This makes no sense to me. How do I force a true logout when I click a logout button. (I'd love to see this in the testdrive application because I think it's the behavior one expects when trying to logout.)

    Comment


    • #3
      Well, first see my response to your previous post.

      As for question (4), we have the full URL in the example only for the sake of simplicity. There are a number of different ways to handle them better. I personally think the best approach is to using something like Spring ActionScript to better encapsulate such runtime configuration options. Of course if you don't mind compiling against services-config.xml (as we do in the sample, also for the sake of simplicity), I believe you can get the channel configuration through the ServerConfig class in ActionScript.

      Comment

      Working...
      X