Robert, Well that certain made it spring to life! Thank you. It now throws an exception back to the front end with a Client.Authentication faultCode and faultString = "Login required before authorization can proceed". The developers doc imply that the browser should pop a login dialog box, but that isn't happening. I ultimately want to capture the exception and login in my Flex app anyway.
server="JBoss" must have worked at one point because I have seen several references on the web that use it... --- In flexcoders@yahoogroups.com, "Robert Cadena" <[EMAIL PROTECTED]> wrote: > > try setting "server" to "Tomcat" instead of "JBoss" in your > services-config.xml > security > login command node? > > /r > > On Thu, May 1, 2008 at 12:50 PM, Jim Boone <[EMAIL PROTECTED]> wrote: > > > Mete, > > > > Thank you for the response. Unfortunately, I am still having troubles. > > > > I have: > > * confirmed that the Tomcat Valve is being loaded correctly. > > * defined the TomcatLoginCommand in services-config.xml (see below). > > * secured the destination (see remoting-config.xml below). > > * configured JBoss to use a UsersRolesLoginModule and added the user > > and basic_access role (same concept as adding Tomcat users and > > roles). > > * not set any credentials in the Actionscript code. > > * DID NOT secure the endpoint in the web.xml since your guidance > > didn't included it and therefore implies you don't need to. > > > > The results? I was not prompted with the web browser Basic login > > prompt and the destination was not secured. I could contact the > > destination even though I was not authenticated. It didn't work! > > Ahhhhhhhhhhhh. Any other thoughts? > > > > Jim > > > > === services-config.xml === > > <?xml version="1.0" encoding="UTF-8"?> > > <services-config> > > > > <services> > > <service-include file-path="remoting-config.xml" /> > > <service-include file-path="messaging-config.xml" /> > > </services> > > > > <factories> > > <factory id="ejb" class="com.adobe.ac.ejb.EJB3Factory" /> > > </factories> > > > > <security> > > <login-command > > class="flex.messaging.security.TomcatLoginCommand" server="JBoss"/> > > > > <security-constraint id="basic-access"> > > <auth-method>Basic</auth-method> > > <roles> > > <role>basic_access</role> > > </roles> > > </security-constraint> > > </security> > > > > === remoting-config.xml === > > <?xml version="1.0" encoding="UTF-8"?> > > <service id="remoting-service" > > class="flex.messaging.services.RemotingService"> > > > > <adapters> > > <adapter-definition id="java-object" > > > > class="flex.messaging.services.remoting.adapters.JavaAdapter" > > default="true" /> > > </adapters> > > > > <default-channels> > > <channel ref="polling-channel" /> > > </default-channels> > > > > <destination id="DataGenerator"> > > <properties> > > <factory>ejb</factory> > > <source>dashboard/DataGeneratorBean</source> > > </properties> > > <security> > > <security-constraint id="basic-access"/> > > </security> > > </destination> > > > > </service> > > > > --- In flexcoders@yahoogroups.com, "meteatamel" <meteatamel@> wrote: > > > > > > Hi Jim, > > > > > > The short answer is that TomcatLoginCommand uses Tomcat valve to do > > > its authentication/authorization but here's a writeup I have on > > > BlazeDS security that should clarify things. > > > > > > -Mete > > > > > > ------------------------------------ > > > > -- > > Flexcoders Mailing List > > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > > Search Archives: > > http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! Groups > > Links > > > > > > > > >
