You can mix them. What you need to do is make 2 ROs -- one tied to the secure
service and one tied to the normal service.
<mx:RemoteObject id="RONormal" destination="ColdFusion" source="xxx"
showBusyCursor="true">
<mx:RemoteObject id="ROSecure" destination="SecureColdFusion" source="xxx"
showBusyCursor="true">
You can also build the the RO up in actionscript but I find it easier to use a
"standard" services-config.xml file. In our environment I can't change the file
so it's easier to use a common one on all our installs and customize things
like endpoints if needed in the individual application actionscript.
services-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<services-config>
<services>
<service id="coldfusion-flashremoting-service"
class="flex.messaging.services.RemotingService"
messageTypes="flex.messaging.messages.RemotingMessage">
<adapters>
<adapter-definition id="cf-object"
class="coldfusion.flash.messaging.ColdFusionAdapter" default="true"/>
</adapters>
<destination id="ColdFusion">
<channels>
<channel ref="my-cfamf"/>
</channels>
<properties>
<source>*</source>
<!-- define the resolution rules and access level of the
cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs, by
default only CFC files under your webroot can be found. -->
<use-mappings>true</use-mappings>
<!-- allow "public and remote" or just "remote" methods
to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</properties>
</destination>
<destination id="SecureColdFusion">
<channels>
<channel ref="my-secureamf"/>
</channels>
<properties>
<source>*</source>
<!-- define the resolution rules and access level of the
cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs, by
default only CFC files under your webroot can be found. -->
<use-mappings>true</use-mappings>
<!-- allow "public and remote" or just "remote" methods
to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</properties>
</destination>
</service>
</services>
<channels>
<channel-definition id="my-cfamf"
class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://{server.name}:{server.port}/flex2gateway/amf";
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
<polling-enabled>false</polling-enabled>
<serialization>
<instantiate-types>false</instantiate-types>
</serialization>
</properties>
</channel-definition>
<channel-definition id="my-secureamf"
class="mx.messaging.channels.SecureAMFChannel">
<endpoint
uri="https://{server.name}:{server.port}/flex2gateway/secureamf";
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
<polling-enabled>false</polling-enabled>
<serialization>
<instantiate-types>false</instantiate-types>
</serialization>
</properties>
</channel-definition>
</channels>
<logging>
<target class="flex.messaging.log.ConsoleTarget" level="Error">
<properties>
<prefix>[Flex] </prefix>
<includeDate>false</includeDate>
<includeTime>false</includeTime>
<includeLevel>false</includeLevel>
<includeCategory>false</includeCategory>
</properties>
<filters>
<pattern>Endpoint.*</pattern>
<pattern>Service.*</pattern>
<pattern>Configuration</pattern>
<pattern>Message.*</pattern>
</filters>
</target>
</logging>
<system>
</system>
</services-config>
----- Original Message -----
From: Laurence MacNeill
To: flexcoders@yahoogroups.com
Sent: Thursday, February 11, 2010 10:17 PM
Subject: Re: [flexcoders] A security question...
At 08:40 PM 2/11/2010, you wrote:
You can and (i think) should do both.
In my world of flex 3, I have created a secure destination (and channel) in
the Flex services-config.xml file and use this for my remote object connection.
I can post it if you like.
Warren Koch
Do you use it for all your RO connections? Because I don't really want to
use SSL for every connection -- just the few that I need encrypted... Is there
a way to "turn on" encryption just for one or two ROs, and leave the rest
insecure? I'm concerned about speed and bandwidth -- secure connections are
slower and take up more bandwidth. I don't want to bog the server down with
thousands of SSL ROs when I only need a few...
But yeah, I'd definitely like to see what you've created there -- please post
it at your earliest convenience.
Thanks,
Laurence MacNeill
Mableton, Georgia, USA
