Announcement Announcement Module
Collapse
No announcement yet.
Access 'UserDetails' on flex Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access 'UserDetails' on flex

    hi guys

    For our flex project We are using sitemider for authentication and spring security for authorization.
    Our goal is to do roles based authorizations using spring security .

    On the spring security side, in UserDetailService we have
    Code:
    		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException 
       		  {
    			//Based on the username i am using webserivce to populate the role of user and returning UserDetails.
    		  }
    Now i want flex to know the role so that i can perform authorizations (hide/unhide) data on the mxml.
    What is the best way to pass the java 'UserDetails' to flex side once UserDetails has been populated.

    Any ideas appreciated.

    thanks
    Last edited by jaggernat; Feb 21st, 2011, 01:05 AM.

  • #2
    http://static.springsource.org/sprin...e/preauth.html

    I don't think there will be any changes to how you access the authorities because of your requirement. You'll get the authorities to flex-side inside the ResultEvent object (event.result.authorities)

    Comment


    • #3
      Thanks for the answer. I am new to flex so trying to understand.
      After user logs in using sitrminder login screen (and authorities get
      populated using preauthentication filter) and user lands on Secured.html (the compiled flex file), how do I access the ResultEvent object?That is once the user lands on secured.html

      Comment


      • #4
        jaggernat , I'm new to flex as well - I'll see if I can find something today and keep you posted. Do the same for me?

        Comment


        • #5
          the problem is i am not using authentication using flex screen so i am not sure how i can use the ResultEvent on the flex side to get the authorities


          this is my flex mxml
          Code:
          <?xml version="1.0" encoding="utf-8"?>
          <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" 
          				 
          creationComplete="init()"  backgroundGradientAlphas="[1.0, 1.0]" 
          <mx:Style source="style/projecteww.css"/>
          <mx:Script>
          		<![CDATA[
          			import com.flexspy.FlexSpy;						
          			import mx.collections.ArrayCollection;
          			import mx.controls.Alert;
          			import mx.rpc.events.FaultEvent;
          			import mx.rpc.events.ResultEvent;					
                                                [Bindable]
          			public var event:ResultEvent; 
          			
          			public function init():void {
          				
           if(event == null){
           Alert.show('null','No Resultevent'); 
            //right now this is getting invoked ,so ResultEvent is null. how do i access the ResultEvent
            here so that i can get the authorities? 		
          }
          
          if (event.result.authorities.indexOf("ROLE_ADMIN") >= 0) {
            Alert.show('admin','admin');
          } else {
            Alert.show('user','user');
          }
          
          }
          Last edited by jaggernat; Feb 22nd, 2011, 10:42 AM.

          Comment


          • #6
            If you log from a html page, it won't return a ResultEvent.

            One question, after you login, how do you load the swf?

            Other thing is, you can always get the Authentication object from Security context

            Code:
            SecurityContextHolder.getContext().getAuthentication()

            Comment


            • #7
              this is how i load the swf


              Code:
              <security:http access-denied-page="/login.jsp?login_error=1" >		
              		<security:form-login login-page="/login.jsp" login-processing-url="/loginProcess" 
              		default-target-url="/tests/main.html" />		
              	</security:http>
              
              <security:authentication-manager>
              		  <security:authentication-provider user-service-ref="CustomUserDetailService"/> 
              </security:authentication-manager>
              CustomUserDetailService implements UserDetailsService
              {
              populates the ROLES.
              }


              /login.jsp is right now spring security authentication but in future will be replaced with sitminder login page
              'default-target-url' attribute points to the swf file (we need to point to .html) so in this case it is /tests/main.html.

              It works fine, when i log in sucessfully it loads up the swf file.

              so the questoin now is i need to access the authorities inside the main.html which i am not able to.


              >>>SecurityContextHolder.getContext().getAuthentic ation()
              but how will that help me? I need the authorities on the flex side.

              thanks guys

              Comment


              • #8
                >>>SecurityContextHolder.getContext().getAuthent ic ation()
                but how will that help me? I need the authorities on the flex side.
                Once you are logged-in, do a remote call to middle-tier from Flex code and get the authorities. In middle-tier you can get the Authentication details from Security context.

                I'm not sure if this is the best way to do this. But it should solve your problem.

                Comment


                • #9
                  yeah, not sure if i would be reinventing the wheel here by making that remote call. If something is provided out of the box i can use that.
                  Can someone please confirm if we have a easy way to populate the authorities on the flex client for non-spring security authentications?

                  thanks

                  Comment


                  • #10
                    Actually its simple than i thought.
                    solution:
                    Add org.springframework.flex.security3.AuthenticationR esultUtils class in your security setup and it works. This is what i meant by not
                    reinventing the wheel
                    thanks guys for participating.

                    Comment


                    • #11
                      Code Sample?

                      @jaggernat
                      So for instance, somehow through the examples, I ended up with a bean declaration in security-config.xml like this:

                      Code:
                      <http auto-config="true">
                      	<intercept-url pattern="/index.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                      	<intercept-url pattern="/ldaplogin.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                      	<intercept-url pattern="/app-flex/**" access="ROLE_USER" />
                      	<form-login login-page='/index.jsp' default-target-url='/app-flex/Main.html'
                      		always-use-default-target='true' />
                      </http>
                      <beans:bean id="entryPoint" class="org.springframework.flex.security3.FlexAuthenticationEntryPoint"/>
                      Though I've yet to figure out accessing/leveraging the entryPoint bean in MXML. Do you have any samples or links you can share?

                      Thanks,
                      Brian

                      Comment


                      • #12
                        ofcourse, just download the spring-flex-test drive and look at the code (for mxml and java), its all in there

                        Comment


                        • #13
                          How are you getting the map without doing a remote call?

                          AuthenticationResultUtils also access the security context to get the map

                          Comment


                          • #14
                            yeah thats right , a remote call has to be made. The mistake i was making was i created a User class on the action script side and was trying to map the User.as to User.java which is totally unnecessary.

                            thanks for your help.

                            Comment


                            • #15
                              Please help with security

                              @jaggernat and @amiladomingo
                              I'm not sure I follow, could you point out an example of populating the roles via your CustomUserDetailService class? Are you setting properties on Spring managed beans that are supplied out of the box for this?

                              Similarly to you, I am not using a Flex authentication screen ( http://forum.springsource.org/showth...181#post347181 )

                              I have a JSP page that calls an NTLM service and returns to me a user object with privileges. Is there a way I can set some properties on a spring managed UserDetails object from JSP that I can then reference once my swf is loaded ?

                              Any help would be so appreciated, I've been struggling quite a bit with this. I'm using
                              Code:
                              http://www.springframework.org/schema/security/spring-security-3.0.xsd
                              in my config files , though I'm not sure which version of the jars it relates to
                              Code:
                              spring-security-core-3.0.2.RELEASE.jar
                              I believe, but might accidently be referencing
                              Code:
                              spring-security-core-3.1.0.RC1.jar
                              Thank you in advance,
                              Brian
                              Last edited by BrianBLong; Feb 24th, 2011, 02:21 PM. Reason: Specifying version #

                              Comment

                              Working...
                              X