Announcement Announcement Module
Collapse
No announcement yet.
Session timeout in BlazeDS Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session timeout in BlazeDS

    Hi All,

    I'm using AMFChannel to communicating Spring DAO from flex user interface(UI). Everything is working good, I'm able to send requests from Flex and it is calling Spring DAO for getting values.

    I'm having following code for communicating with Spring DAO in Flex

    Code:
        var amfChannel:Channel = new AMFChannel("my-amf","http://localhost:7001/flexbb/spring/messagebroker/amf"); 
    		var amfChannelSet:ChannelSet = new ChannelSet(); 
    		amfChannelSet.addChannel(amfChannel); 		
    		this.ro.channelSet = amfChannelSet;
    With above ro(remote object) variable, I'm making calls to spring beans.

    Now, say I configure session timeout in web.xml file to 20 min, when user leaves web page for more than 20 minutes(in-active) upon for next request from this user I'd like to display login page, how to do this using BlazeDS?

    Session timedout will be happening in server side so every request coming from flex channel we need to check server session for this user and we need to display login page in case of session timedout. What changes we need to make for doing this functionality.

    Thanks in advance.

    Regards,
    Sharath.

  • #2
    Assuming you are using the Spring Security integration, a good way to do this would be with either the "secured-channel" or "secured-endpoint-path" tag. These provide a Flex-appropriate alternative to Spring Security's "intercept-url" tag. If you want to lock down everything, then the idea would be to require authentication (which is in turn stored in the session) for all of your endpoints. Then would would need to provide a FaultHandler to handle the security error that will occur upon session timeout by displaying your login screen.

    If you're locking down all channels, and they all use the same URL pattern, then "secured-endpoint-path" is the easiest. Based on your config, it would just be something like:

    Code:
    <flex:secured>
        <flex:secured-endpoint-path access="ROLE_USER" />
    </flex:secured>
    There is an optional "pattern" attribute, but it defaults to "**/messagebroker/*" which would fit your example.

    Comment


    • #3
      Sorry for digging this out, but I'm trying to achieve similar behavior in my app. I'm using the Spring Security integration. The only difference is that I can't secure everything (for example the channel used to log in). What should I do? Define several channels, let's say two: first, unsecured, to log in and second secured, which will be used across whole app? Is this a proper solution, or should I try something else?

      Comment


      • #4
        Actually, you should still be able to use a secured channel to log in. The interceptor is designed to allow login operations to pass through.

        Comment


        • #5
          Example Available?

          Is there any example code on how to accompish this?

          I'm using Spring Security + Spring BlazeDS Integration and was hoping this would solve the "An Authentication object was not found in the SecurityContext" issue I get.

          Much appreciated.

          Comment


          • #6
            Originally posted by gromitski View Post
            Sorry for digging this out, but I'm trying to achieve similar behavior in my app. I'm using the Spring Security integration. The only difference is that I can't secure everything (for example the channel used to log in). What should I do? Define several channels, let's say two: first, unsecured, to log in and second secured, which will be used across whole app? Is this a proper solution, or should I try something else?
            Hi,

            Were you able to solve this? If then, can you please post your configurations + code. We have a similar problem.

            Comment


            • #7
              I abondoned this idea and I've started to annotate services with @Secured instead.

              Comment

              Working...
              X