|
You sure that JAAS successfully stores the
Principal back in the user request? If you did something similar via JSP would
everything come through correctly? I haven’t played with JBoss but
WebSphere for example failed to store the authenticated principal in the
request even when I went through JAAS to login my user in. You traced to see that
your login module is called? From: No one has any thoughts/ideas on this? ------------------------------------------------- Jim Schneider KJ Interactive, Inc. 1-877-370-6906 1-612-605-5399 From: I finally got back to looking at this. I
Instrumented my code to look at
flashgateway.Gateway.getHttpRequest().getRemotePrincipal() and getRemoteUser().
RemoteUser is empty and remote principal is null. I see the
userid/password credentials in the amf trace from the client (setting
UsernamePassword on the service), but nothing in the service. I’m using remote objects. Remote
object is a spring bean. I’ve implemented a JAAS login module
that appears to be functioning correctly (loginContext succeeds). Using JBoss 4.0.x. Any thoughts? Thanks, Jim From: If you use standard J2EE auth to the
container, you can get the remote user provided you are not using the proxy.
There is currently an issue with the proxy not forwarding the cookie in most (
all that we've seen ) circumstances. We have received a fix from Adobe on
this that we are in the process of testing. This being said, if you don't use the
proxy, you'll be able to acccess the user without issue from within your
service implementations. Here's the kicker. The AS2 VM doesn't not
handle HTTP status code 500. It stops parsing the HTTP response when it sees a
500 which means that you will never be able to get at any data that occurs due
to a SOAP Fault. Per the web services spec, the container is required to return
an HTTP 500 status code when returning a fault. Effectively, you can't handle
SOAP faults when you don't use the proxy and you get that meaningless error
message that looks like it simply couldn't connect to the service. This
issue is "handled" by the proxy. It changes that HTTP status code to
200 so that the flash player can parse the request. This is a kludge if
you ask me but that's where we are today. As a note, this is being
addressed in FP8.5 but the fix will very likely not ( according to Adobe ) be
fixed in earlier versions due to backward compatibility. ____________________________________________
From: I think you should be able to get it from
the flashgateway.Gateway.getHttpRequest().getRemotePrincipal() or
getRemoteUser(). From: After calling setUsernamePassword on a service, is this
information “available” to the backend services (remote object or
web service)? Or perhaps after a J2EE/JAAS login? If so, how/where? We have a requirement to do a lot of logging of who’s
doing what in the system and was wondering whether there are any alternatives
to passing a username/id with most/all APIs.
Jim
|
- RE: [flexcoders] setUsernamePassword and J2EE login (bounc... Matt Chotin
- [flexcoders] Re: setUsernamePassword and J2EE login (... Dave Wolf
- RE: [flexcoders] Re: setUsernamePassword and J2EE... Jim Schneider
- Re: FW: [flexcoders] setUsernamePassword and J2EE log... Douglas Knudsen
