I'm guessing that we don't implement security the correct way (or the best way) right now. Currently, I have a login State that takes the username and password and makes an HTTPService call to the JSP page that does user authentication. If that comes back successfully, then I change State to the main application.
That seems to take care of all of the HTTP requests, but the RTMP requests obviously fail (or else I wouldn't be here ;-)). I read the docs about using LoginCommand, but I didn't see how that ties into Acegi. I'm wondering if you can authenticate the Flex client, and not just the session. If so, wouldn't the sessions (HTTP and RTMP) also be authenticated since they fall under the FlexClient object? Just a thought. Geoff --- In flexcoders@yahoogroups.com, "jahhaj12345" <[EMAIL PROTECTED]> wrote: > > I'm having the same problems you are. I've been through several > options but haven't found one that's acceptable from a security point > of view if you are trying to use the rememberme functionality. > > To get it working without rememberme, provide a login form from your > flex application and once authenticated using form login, use that > username/password combination for the RTMP's ChannelSet login. And > depending on how you handle authentication on your end, you may need > to provide your own LoginCommand and UserDetailsService. I've done > both of these and it works. > > Does anyone out there have a way to get rememberme working for RTMP? > I know the problem is cause by the RTMPFlexSession being outside the > HTTPSession. Is there anyway to sync these up? Or is there anyway to > do a single sign-on with RTMP? > > Jason > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote: > > > > I've looked around the net and haven't found anything helpful. Any > suggestions would be > > great. > > > > Thanks, > > Geoff > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote: > > > > > > I'm wondering if anyone out there has implemented LiveCycle Data > > > Services using Spring Security as their security layer? > > > > > > I'm having issues with RTMP communications between server/client, > > > meaning I'm not getting any. I've modified our existing Java delegate > > > to ast as the Assembler for a managed collection. When the > > > Assembler's fill() method gets called, it tries to retrieve the > > > desired information from our Service class. I get an > > > AuthenticationCredentialsNotFoundException as seen below: > > > > > > <error snippet> > > > org.acegisecurity.AuthenticationCredentialsNotFoundException: An > > > Authentication object was not found in the SecurityContext > > > at > > > > > > org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecuri > > tyInterceptor.java:339) > > > at > > > > > > org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityIn > > terceptor.java:254) > > > at > > > > > > org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodS > > ecurityInterceptor.java:63) > > > at > > > > > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho > > dInvocation.java:161) > > > at > > > > > > org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercep > > t(Cglib2AopProxy.java:630) > > > ... > > > </error snippet> > > > > > > I think it's because the HTTPFlexSession is authenticated, but the > > > RTMPFlexSession operates outside the context. I don't know how to > > > make it authenticated, or to authenticate the client so that all > > > sessions have valid credentials. > > > > > > Any suggestions would be appreciated. > > > > > > ~Geoff > > > > > >
