I seem to have got it working. Thanks for your help jahhaj12345!
What I ended up doing was to create a custom LoginCommand class. I
used the one from here:
http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds. I made
two changes shown below:
//The name of our Acegi configuration file.
private static String[] CONFIG_LOCATIONS =
{"classpath:security-context.xml"};
//"ldapAuthenticationProvider" is from our Acegi config file, and it
the name of the bean that is used for authentication via LDAP.
authenticationProvider =
(AuthenticationProvider)applicationContext.getBean("ldapAuthenticationProvider");
I then updated services-config.xml and added:
<security>
<login-command class="com.gdais.security.AcegiLoginCommand"
server="Tomcat"/>
<security-constraint id="basic-read-access">
<auth-method>Basic</auth-method>
<roles>
<role>ROLE_MANAGERS</role>
<role>ROLE_USERS</role>
</roles>
</security-constraint>
</security>
//The roles came from the Acegi config file.
After that, I had to add the [managed] metadata tag to one of my
ValueObjects and it all seemed to work.
I'll be honest, I don't really understand why this works, it just
does. What I mean by 'works' is that the managed collection on the
client gets filled with data successfully. I haven't yet tested
pushing new entries to that managed collection after the initial fill.
I hope this post helps someone else.
~Geoff
--- In flexcoders@yahoogroups.com, "jahhaj12345" <[EMAIL PROTECTED]> wrote:
>
> I don't know of a way to just authenticate the client. From everything
> I've read, you have to authenticate the HTTP and RTMP sessions
> individually. For my application, I had to create my own LoginCommand
> to handle the flex RTMP authentication.
>
> Here's my understanding of how it's working for me:
>
> 1. On my client, I get the channelset to use and then call
> channelSet.login(username, password). You could also call the
> setCredentials on the actual DataService the same way, but my services
> are all created at runtime on the server instead of being statically
> defined in services-config.xml.
>
> 2. That channelSet (or dataservice) from above authenticates through the
> login-command configured in services-config.xml. This is where the
> custom LoginCommand I created is configured. The doAuthentication
> function of LoginCommand is as follows:
>
> public Principal doAuthentication(String username, Object
> credentials) {
> Authentication auth = authenticationProvider.authenticate(new
> UsernamePasswordAuthenticationToken(username, credentials)); //
> authenticationProvider is a spring security DaoAuthenticationProvider
>
> SecurityContextHolder.getContext().setAuthentication(auth);
> return auth;
> }
>
> This should authenticate the RTMP session. I don't know if this is the
> best way, but it seems to work.
>
>
> --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote:
> >
> > I'm guessing that we don't implement security the correct way (or the
> > best way) right now. Currently, I have a login State that takes the
> > username and password and makes an HTTPService call to the JSP page
> > that does user authentication. If that comes back successfully, then
> > I change State to the main application.
> >
> > That seems to take care of all of the HTTP requests, but the RTMP
> > requests obviously fail (or else I wouldn't be here ;-)).
> >
> > I read the docs about using LoginCommand, but I didn't see how that
> > ties into Acegi.
> >
> > I'm wondering if you can authenticate the Flex client, and not just
> > the session. If so, wouldn't the sessions (HTTP and RTMP) also be
> > authenticated since they fall under the FlexClient object? Just a
> > thought.
> >
> > Geoff
> >
> > --- In flexcoders@yahoogroups.com, "jahhaj12345" halvorsonj@ wrote:
> > >
> > > I'm having the same problems you are. I've been through several
> > > options but haven't found one that's acceptable from a security
> point
> > > of view if you are trying to use the rememberme functionality.
> > >
> > > To get it working without rememberme, provide a login form from your
> > > flex application and once authenticated using form login, use that
> > > username/password combination for the RTMP's ChannelSet login. And
> > > depending on how you handle authentication on your end, you may need
> > > to provide your own LoginCommand and UserDetailsService. I've done
> > > both of these and it works.
> > >
> > > Does anyone out there have a way to get rememberme working for RTMP?
> > > I know the problem is cause by the RTMPFlexSession being outside the
> > > HTTPSession. Is there anyway to sync these up? Or is there anyway
> to
> > > do a single sign-on with RTMP?
> > >
> > > Jason
> > >
> > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote:
> > > >
> > > > I've looked around the net and haven't found anything helpful.
> Any
> > > suggestions would be
> > > > great.
> > > >
> > > > Thanks,
> > > > Geoff
> > > > --- In flexcoders@yahoogroups.com, "Geoffrey" <gtb104@> wrote:
> > > > >
> > > > > I'm wondering if anyone out there has implemented LiveCycle Data
> > > > > Services using Spring Security as their security layer?
> > > > >
> > > > > I'm having issues with RTMP communications between
> server/client,
> > > > > meaning I'm not getting any. I've modified our existing Java
> > delegate
> > > > > to ast as the Assembler for a managed collection. When the
> > > > > Assembler's fill() method gets called, it tries to retrieve the
> > > > > desired information from our Service class. I get an
> > > > > AuthenticationCredentialsNotFoundException as seen below:
> > > > >
> > > > > <error snippet>
> > > > > org.acegisecurity.AuthenticationCredentialsNotFoundException: An
> > > > > Authentication object was not found in the SecurityContext
> > > > > at
> > > > >
> > > >
> > >
> >
>
org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFo\
> und(AbstractSecuri
> > > > tyInterceptor.java:339)
> > > > > at
> > > > >
> > > >
> > >
> >
>
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation\
> (AbstractSecurityIn
> > > > terceptor.java:254)
> > > > > at
> > > > >
> > > >
> > >
> >
>
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor\
> .invoke(MethodS
> > > > ecurityInterceptor.java:63)
> > > > > at
> > > > >
> > > >
> > >
> >
>
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Ref\
> lectiveMetho
> > > > dInvocation.java:161)
> > > > > at
> > > > >
> > > >
> > >
> >
>
org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedIntercept\
> or.intercep
> > > > t(Cglib2AopProxy.java:630)
> > > > > ...
> > > > > </error snippet>
> > > > >
> > > > > I think it's because the HTTPFlexSession is authenticated, but
> the
> > > > > RTMPFlexSession operates outside the context. I don't know how
> to
> > > > > make it authenticated, or to authenticate the client so that all
> > > > > sessions have valid credentials.
> > > > >
> > > > > Any suggestions would be appreciated.
> > > > >
> > > > > ~Geoff
> > > > >
> > > >
> > >
> >
>
