Hi Collin, > Does anyone have any remoting (i.e. RemoteObject) examples of how to > do authentication and authorization with Acegi? I have been reading
it doesn't seem too difficult. the current version of my app (http://www.searchcoders.com/flex) uses container managed authentication and i am migrating it over to acegi. so, my comments here about acegi integration do not apply to production environments: 1. create a class that implements LoginCommand and has an authenticationManager property 2. create and setup an ApplicationContextAware bean. this is required in your custom LoginCommand so you can initialize it later. 3. configure your LoginCommand bean with the property name "authenticationManager". Reference your acegi config's authenticationManager. 4. In the LoginCommand constructor, configureBean your loginCommand bean (i think this can be done a better way but I haven't had time to experiment). 5. in the LoginCommand doAuthentication: a. create a UsernamePasswordAuthenticationToken and pass it the username and credentials as String b. authenticationManager.authenticate(authToken) c. result of authenticate is Authentication, catch any exceptions. d. return Authentication as the Principal. That's it. For authorization, extract the principal and compare the list of roles with the GrantedAuthority[] of the Authentication obj. Note that with this current strategy you will lose the ability to "share" the authentication result with the non-flex segment of your app. So, if you send the user to a resource on your container which has a security-constraint then it will think not know that it's been authenticated. You will have to somehow integrate with the authenticationProcessingFilter. I will post more details on my blog: http://www.machine501.com/ when i have found and tested a suitable solution for integrating acegi/spring/fds. download the FDS2 javadocs (scroll down to the bottom "Complete Flex 2 documentation"): http://www.adobe.com/support/documentation/en/flex/ good luck. /r http://www.searchcoders.com/flex/ http://www.laflex.org/ Collin Peters wrote: > Does anyone have any remoting (i.e. RemoteObject) examples of how to > do authentication and authorization with Acegi? I have been reading > the LiveDocs on securing destinations at > http://livedocs.adobe.com/flex/201/html/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Book_Parts&file=ent_services_config_097_15.html, > but this provides no clues as to how it would work with Spring > security (acegi). > > Collin > > > -- > Flexcoders Mailing List > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com > Yahoo! Groups Links > > > >
