[flexcoders] Re: Authentication with Macromedia Flex
Any news on the article? Inquiring (desperate) minds want to know --- In flexcoders@yahoogroups.com, Carson Hager [EMAIL PROTECTED] wrote: Are you talking about our article? It will be for Flex 2.0 but will be 100% compatible with Flex 1.5. There is no date yet but I see it coming out pretty soon. I know we have at least 2 UI best practices articles coming out first but this particular article was very well received so I'm sure it will be coming out soon. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com http://www.cynergysystems.com/ Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Oriol Gual Sent: Sunday, March 12, 2006 4:57 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex Any news on the article, it will be for 1.5 or 2.0 ? Thanks -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development http://groups.yahoo.com/gads?t=msk=Web+site+design+developmentw1=Web+ site+design+developmentw2=Computer+software+developmentw3=Software+des ign+and+developmentw4=Macromedia+flexw5=Software+development+best+prac ticec=5s=166.sig=L-4QTvxB_quFDtMyhrQaHQ Computer software development http://groups.yahoo.com/gads?t=msk=Computer+software+developmentw1=We b+site+design+developmentw2=Computer+software+developmentw3=Software+d esign+and+developmentw4=Macromedia+flexw5=Software+development+best+pr acticec=5s=166.sig=lvQjSRfQDfWudJSe1lLjHw Software design and development http://groups.yahoo.com/gads?t=msk=Software+design+and+developmentw1= Web+site+design+developmentw2=Computer+software+developmentw3=Software +design+and+developmentw4=Macromedia+flexw5=Software+development+best+ practicec=5s=166.sig=1pMBCdo3DsJbuU9AEmO1oQ Macromedia flex http://groups.yahoo.com/gads?t=msk=Macromedia+flexw1=Web+site+design+ developmentw2=Computer+software+developmentw3=Software+design+and+deve lopmentw4=Macromedia+flexw5=Software+development+best+practicec=5s=1 66.sig=OO6nPIrz7_EpZI36cYzBjw Software development best practice http://groups.yahoo.com/gads?t=msk=Software+development+best+practice w1=Web+site+design+developmentw2=Computer+software+developmentw3=Softw are+design+and+developmentw4=Macromedia+flexw5=Software+development+be st+practicec=5s=166.sig=f89quyyulIDsnABLD6IXIw YAHOO! GROUPS LINKS * Visit your group flexcoders http://groups.yahoo.com/group/flexcoders on the web. * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service http://docs.yahoo.com/info/terms/ . -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com YAHOO! GROUPS LINKS Visit your group "flexcoders" on the web. To unsubscribe from this group, send an email to:[EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
RE: [flexcoders] Re: Authentication with Macromedia Flex
That article should work for 1.5. Well need to update the exact details for 2.0 but the ideas behind it are the same. From: flexcoders@yahoogroups.com [mailto:flexcoders@yahoogroups.com] On Behalf Of Oriol Gual Sent: Sunday, March 12, 2006 4:57 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex Any news on the article, it will be for 1.5 or 2.0 ? Thanks -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS Visit your group "flexcoders" on the web. To unsubscribe from this group, send an email to:[EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
RE: [flexcoders] Re: Authentication with Macromedia Flex
Are you talking about our article? It will be for Flex 2.0 but will be 100% compatible with Flex 1.5.There is no date yet but I see it coming out pretty soon. I know we have at least 2 UI best practices articles coming out first but this particular article was very well received so I'm sure it willbe coming out soon. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Oriol GualSent: Sunday, March 12, 2006 4:57 PMTo: flexcoders@yahoogroups.comSubject: Re: [flexcoders] Re: Authentication with Macromedia Flex Any news on the article, it will be for 1.5 or 2.0 ? Thanks -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS Visit your group "flexcoders" on the web. To unsubscribe from this group, send an email to:[EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
RE: [flexcoders] Re: Authentication with Macromedia Flex
That will be great. I understand that the different containers are, well different, but an example for Tomcat 5 (and maybe JRUN) will catch nearly all the Flex/J2EE newbies. Absolutely to the Flex form integration! Tracy -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wolf Sent: Saturday, March 04, 2006 1:47 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex Tracy, Yep this is definately coming out from us as Carson said. I'll post here when its been published. I've been thinking a lot about it recently. I think its really important to show it from a Flex login form also. Its such an awesome example of how well Flex just seamlessly integrates into J2EE, as well as how J2EE benefits from the real RIA experience of Flex. -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Carson Hager [EMAIL PROTECTED] wrote: We actually have an article coming out on this for DevNet in a couple months. The problem is that all J2EE containers have their own way of configuring these things. Yes, from a J2EE deployment standpoint, a web.xml is the same across all app servers but post deployment, per the J2EE spec, the server is not required to depend upon web.xml any more. That being said, the best we could do is to provide a sample web app that you could then deploy using your J2EE containers deployment method but at that point, tweeking the confguration would be server specific. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com http://www.cynergysystems.com/ Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Spratt Sent: Friday, March 03, 2006 5:48 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: Authentication with Macromedia Flex Hey, guys, would it be possible to come up with a simple, but full example? A step by step, keystroke by keystroke tutorial, that assumes no understanding of J2EE containers? It would have no options, no decisions, just do-this-and-it-will-work. A hello, world of J2EE authentication? Using a Flex IU would be ideal, if that does not complicate matters too much. Flex has forced a lot of folks into the J2EE world, and we need J2EE for dummies in a bad way! Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Carson Hager Sent: Thursday, March 02, 2006 11:11 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex It can be html or even a flex form that simply posts to j_security_check. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY ext. 89 Mobile: 1.703.489.6466 -Original Message- From: flexcoders@yahoogroups.com flexcoders@yahoogroups.com To: flexcoders@yahoogroups.com flexcoders@yahoogroups.com Sent: Thu Mar 02 23:11:04 2006 Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex But Dave described using a cusom screen instead of the grey security/login popup thingy. In the web.xml settings you can set the URL of a custom form for login. This form can be in HTML or whatever, eh? DK On 3/2/06, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns
[flexcoders] Re: Authentication with Macromedia Flex
Tracy, Yep this is definately coming out from us as Carson said. I'll post here when its been published. I've been thinking a lot about it recently. I think its really important to show it from a Flex login form also. Its such an awesome example of how well Flex just seamlessly integrates into J2EE, as well as how J2EE benefits from the real RIA experience of Flex. -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Carson Hager [EMAIL PROTECTED] wrote: We actually have an article coming out on this for DevNet in a couple months. The problem is that all J2EE containers have their own way of configuring these things. Yes, from a J2EE deployment standpoint, a web.xml is the same across all app servers but post deployment, per the J2EE spec, the server is not required to depend upon web.xml any more. That being said, the best we could do is to provide a sample web app that you could then deploy using your J2EE containers deployment method but at that point, tweeking the confguration would be server specific. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com http://www.cynergysystems.com/ Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Spratt Sent: Friday, March 03, 2006 5:48 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: Authentication with Macromedia Flex Hey, guys, would it be possible to come up with a simple, but full example? A step by step, keystroke by keystroke tutorial, that assumes no understanding of J2EE containers? It would have no options, no decisions, just do-this-and-it-will-work. A hello, world of J2EE authentication? Using a Flex IU would be ideal, if that does not complicate matters too much. Flex has forced a lot of folks into the J2EE world, and we need J2EE for dummies in a bad way! Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Carson Hager Sent: Thursday, March 02, 2006 11:11 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex It can be html or even a flex form that simply posts to j_security_check. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY ext. 89 Mobile: 1.703.489.6466 -Original Message- From: flexcoders@yahoogroups.com flexcoders@yahoogroups.com To: flexcoders@yahoogroups.com flexcoders@yahoogroups.com Sent: Thu Mar 02 23:11:04 2006 Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex But Dave described using a cusom screen instead of the grey security/login popup thingy. In the web.xml settings you can set the URL of a custom form for login. This form can be in HTML or whatever, eh? DK On 3/2/06, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns via settings in the web applications deployment descriptor (web.xml). I have in the past, and would now be more then happy to show how to configure these. 2) Upon trying to load a secured URL pattern, the container will challenge you by presenting a login screen. We have developed these screens in Flex. Effectively you create a simple form with two input fields name j_username and j_password. You post those values to the url /j_security_check
Re: [flexcoders] Re: Authentication with Macromedia Flex
random thoughts...in no way construed to be a instigation. Is using FORM or BASIC really an integration of Flex and J2EE though? Seems to be no different then HTML, does one claim that HTML and J2EE integrate well? Hmm...just some thoughts. Now, if you use the setusernamepassword() in Flex, isn't that integration with J2EE? On another note, I don't see why a CF developer couldn't setup J2EE security and use the FORM or BASIC method with Flex, eh? Might need a little code to setup a session based on a jsessionid. DK On 3/4/06, Dave Wolf [EMAIL PROTECTED] wrote: Tracy, Yep this is definately coming out from us as Carson said. I'll post here when its been published. I've been thinking a lot about it recently. I think its really important to show it from a Flex login form also. Its such an awesome example of how well Flex just seamlessly integrates into J2EE, as well as how J2EE benefits from the real RIA experience of Flex. -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Carson Hager [EMAIL PROTECTED] wrote: We actually have an article coming out on this for DevNet in a couple months. The problem is that all J2EE containers have their own way of configuring these things. Yes, from a J2EE deployment standpoint, a web.xml is the same across all app servers but post deployment, per the J2EE spec, the server is not required to depend upon web.xml any more. That being said, the best we could do is to provide a sample web app that you could then deploy using your J2EE containers deployment method but at that point, tweeking the confguration would be server specific. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com http://www.cynergysystems.com/ Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Spratt Sent: Friday, March 03, 2006 5:48 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: Authentication with Macromedia Flex Hey, guys, would it be possible to come up with a simple, but full example? A step by step, keystroke by keystroke tutorial, that assumes no understanding of J2EE containers? It would have no options, no decisions, just do-this-and-it-will-work. A hello, world of J2EE authentication? Using a Flex IU would be ideal, if that does not complicate matters too much. Flex has forced a lot of folks into the J2EE world, and we need J2EE for dummies in a bad way! Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Carson Hager Sent: Thursday, March 02, 2006 11:11 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex It can be html or even a flex form that simply posts to j_security_check. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY ext. 89 Mobile: 1.703.489.6466 -Original Message- From: flexcoders@yahoogroups.com flexcoders@yahoogroups.com To: flexcoders@yahoogroups.com flexcoders@yahoogroups.com Sent: Thu Mar 02 23:11:04 2006 Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex But Dave described using a cusom screen instead of the grey security/login popup thingy. In the web.xml settings you can set the URL of a custom form for login. This form can be in HTML or whatever, eh? DK On 3/2/06, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement
[flexcoders] Re: Authentication with Macromedia Flex
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Spratt Sent: Friday, March 03, 2006 5:48 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: Authentication with Macromedia Flex Hey, guys, would it be possible to come up with a simple, but full example? A step by step, keystroke by keystroke tutorial, that assumes no understanding of J2EE containers? It would have no options, no decisions, just do-this-and-it-will-work. A hello, world of J2EE authentication? Using a Flex IU would be ideal, if that does not complicate matters too much. Flex has forced a lot of folks into the J2EE world, and we need J2EE for dummies in a bad way! Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Carson Hager Sent: Thursday, March 02, 2006 11:11 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex It can be html or even a flex form that simply posts to j_security_check. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: carson.hager@ Office: 866-CYNERGY ext. 89 Mobile: 1.703.489.6466 -Original Message- From: flexcoders@yahoogroups.com flexcoders@yahoogroups.com To: flexcoders@yahoogroups.com flexcoders@yahoogroups.com Sent: Thu Mar 02 23:11:04 2006 Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex But Dave described using a cusom screen instead of the grey security/login popup thingy. In the web.xml settings you can set the URL of a custom form for login. This form can be in HTML or whatever, eh? DK On 3/2/06, Dimitrios Gianninas dimitrios.gianninas@ wrote: Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns via settings in the web applications deployment descriptor (web.xml). I have in the past, and would now be more then happy to show how to configure these. 2) Upon trying to load a secured URL pattern, the container will challenge you by presenting a login screen. We have developed these screens in Flex. Effectively you create a simple form with two input fields name j_username and j_password. You post those values to the url /j_security_check. Now the container handles all your authentication. Once completed the container will provide you access to the secured resource and will populate all the in-memory structures to completely support runtime interrogation of securerity context. Flex integrates so well and so transparantly with J2EE and its security model it is foolish not to take advantage of that. I dunno I'm an odd duck. I like writing less code :) -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: dave.wolf@ Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Dimitrios Gianninas dimitrios.gianninas@ wrote: Hi Allister, Ok let me clear things up for you. We use WebLogic 8.1 around here, in Flex I present a login screen to the user where they enter their credentials. These credentials are passed to the server (using a RemoteObject - it is not secure, but only has one method doLogin() ) where using a WebLogic API I authenticate the user, so WebLogic knows who he is and a HTTP session is created. Then all the other RemoteObjects are locked down and when the session expires, I kick
[flexcoders] Re: Authentication with Macromedia Flex
Yup exactly. There are two flavors of challenge. The ulgy gray browser box is called BASIC. You can also use FORM and use anything you want. Either HTML or as Carson said, a flex form that posts to j_security_check. There are some minor differences between them both, but theyre effectively the same end situation. Try it out. You'll be happy you did :) -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Carson Hager [EMAIL PROTECTED] wrote: It can be html or even a flex form that simply posts to j_security_check. Carson Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY ext. 89 Mobile: 1.703.489.6466 -Original Message- From: flexcoders@yahoogroups.com flexcoders@yahoogroups.com To: flexcoders@yahoogroups.com flexcoders@yahoogroups.com Sent: Thu Mar 02 23:11:04 2006 Subject: Re: [flexcoders] Re: Authentication with Macromedia Flex But Dave described using a cusom screen instead of the grey security/login popup thingy. In the web.xml settings you can set the URL of a custom form for login. This form can be in HTML or whatever, eh? DK On 3/2/06, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns via settings in the web applications deployment descriptor (web.xml). I have in the past, and would now be more then happy to show how to configure these. 2) Upon trying to load a secured URL pattern, the container will challenge you by presenting a login screen. We have developed these screens in Flex. Effectively you create a simple form with two input fields name j_username and j_password. You post those values to the url /j_security_check. Now the container handles all your authentication. Once completed the container will provide you access to the secured resource and will populate all the in-memory structures to completely support runtime interrogation of securerity context. Flex integrates so well and so transparantly with J2EE and its security model it is foolish not to take advantage of that. I dunno I'm an odd duck. I like writing less code :) -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Dimitrios Gianninas dimitrios.gianninas@ wrote: Hi Allister, Ok let me clear things up for you. We use WebLogic 8.1 around here, in Flex I present a login screen to the user where they enter their credentials. These credentials are passed to the server (using a RemoteObject - it is not secure, but only has one method doLogin() ) where using a WebLogic API I authenticate the user, so WebLogic knows who he is and a HTTP session is created. Then all the other RemoteObjects are locked down and when the session expires, I kick them back out to the login screen (where I wrote below // do whatever you want here, its a free country), all still in Flex. Does this make more sense? Dimitrios Jimmy Gianninas Optimal Payments -Original Message- From: flexcoders@yahoogroups.com on behalf of allister_dickson Sent: Thu 3/2/2006 6:13 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Authentication with Macromedia Flex Hi Dimitrios, From reading through your earlier posts I get the impression that you are using a two methods to authenticate users. Initially, you authenticate the user using standard J2EE form based authentication
[flexcoders] Re: Authentication with Macromedia Flex
I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns via settings in the web applications deployment descriptor (web.xml). I have in the past, and would now be more then happy to show how to configure these. 2) Upon trying to load a secured URL pattern, the container will challenge you by presenting a login screen. We have developed these screens in Flex. Effectively you create a simple form with two input fields name j_username and j_password. You post those values to the url /j_security_check. Now the container handles all your authentication. Once completed the container will provide you access to the secured resource and will populate all the in-memory structures to completely support runtime interrogation of securerity context. Flex integrates so well and so transparantly with J2EE and its security model it is foolish not to take advantage of that. I dunno I'm an odd duck. I like writing less code :) -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Hi Allister, Ok let me clear things up for you. We use WebLogic 8.1 around here, in Flex I present a login screen to the user where they enter their credentials. These credentials are passed to the server (using a RemoteObject - it is not secure, but only has one method doLogin() ) where using a WebLogic API I authenticate the user, so WebLogic knows who he is and a HTTP session is created. Then all the other RemoteObjects are locked down and when the session expires, I kick them back out to the login screen (where I wrote below // do whatever you want here, its a free country), all still in Flex. Does this make more sense? Dimitrios Jimmy Gianninas Optimal Payments -Original Message- From: flexcoders@yahoogroups.com on behalf of allister_dickson Sent: Thu 3/2/2006 6:13 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Authentication with Macromedia Flex Hi Dimitrios, From reading through your earlier posts I get the impression that you are using a two methods to authenticate users. Initially, you authenticate the user using standard J2EE form based authentication. Then when using a service if you receive an authentication fault you use a flex popup window to re authenticate. Is this correct? Also, if you get a session time out do you resubmit the original service request after re-authentication? If so, what is the best way to generically resubmit the request? Regards, Allister - Original Message - From: Dimitrios Gianninas mailto:[EMAIL PROTECTED] To: flexcoders@yahoogroups.com Sent: Monday, October 10, 2005 12:59 AM Subject: RE: [flexcoders] Authentication with Macromedia Flex I put theh handling of the failed authentication directly in the Services.mxml... simple and works. mx:Script function handleRemoteFault( event ):Void { if( event.fault.faultcode == Client.Authentication || event.fault.faultcode == 401 ) { // do whatever you want here, its a free country } else { event.call.faultHandler( event ); } } /mx:Script Dimitrios Jimmy Gianninas RIA Developer Optimal Payments Inc. _ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Friday, October 07, 2005 9:53 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Authentication with Macromedia Flex so, I got auth working using the approach you mentioned CallbackHandler handler = new SimpleCallbackHandler( userName, password ); Subject subject = Authentication.login( handler ); ServletAuthentication.runAs( subject, httpRequest ); silightly different looking under JRun of course. Now, I'm horribly stuck on getting the roles of the user after logging in. I have set up Roles under teh JMC, JRuns instance manager. I tested it all with BASIC auth, so I know the autentication and authorisation are working. I've been working all week on getting the roles for the user after authenticating and can't find squat of an example. Any hints perhaps? On a similar note... Using service.setUserNamePassword() in Flex I know it will authenticate a user, does it also authorise the user by gathering up the roles defined in the containers JAAS config? and one more concerning cairingrom to use service.setUserNamePassword() effectively, it appears you
RE: [flexcoders] Re: Authentication with Macromedia Flex
Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns via settings in the web applications deployment descriptor (web.xml). I have in the past, and would now be more then happy to show how to configure these. 2) Upon trying to load a secured URL pattern, the container will challenge you by presenting a login screen. We have developed these screens in Flex. Effectively you create a simple form with two input fields name j_username and j_password. You post those values to the url /j_security_check. Now the container handles all your authentication. Once completed the container will provide you access to the secured resource and will populate all the in-memory structures to completely support runtime interrogation of securerity context. Flex integrates so well and so transparantly with J2EE and its security model it is foolish not to take advantage of that. I dunno I'm an odd duck. I like writing less code :) -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Hi Allister, Ok let me clear things up for you. We use WebLogic 8.1 around here, in Flex I present a login screen to the user where they enter their credentials. These credentials are passed to the server (using a RemoteObject - it is not secure, but only has one method doLogin() ) where using a WebLogic API I authenticate the user, so WebLogic knows who he is and a HTTP session is created. Then all the other RemoteObjects are locked down and when the session expires, I kick them back out to the login screen (where I wrote below // do whatever you want here, its a free country), all still in Flex. Does this make more sense? Dimitrios Jimmy Gianninas Optimal Payments -Original Message- From: flexcoders@yahoogroups.com on behalf of allister_dickson Sent: Thu 3/2/2006 6:13 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Authentication with Macromedia Flex Hi Dimitrios, From reading through your earlier posts I get the impression that you are using a two methods to authenticate users. Initially, you authenticate the user using standard J2EE form based authentication. Then when using a service if you receive an authentication fault you use a flex popup window to re authenticate. Is this correct? Also, if you get a session time out do you resubmit the original service request after re-authentication? If so, what is the best way to generically resubmit the request? Regards, Allister - Original Message - From: Dimitrios Gianninas mailto:[EMAIL PROTECTED] To: flexcoders@yahoogroups.com Sent: Monday, October 10, 2005 12:59 AM Subject: RE: [flexcoders] Authentication with Macromedia Flex I put theh handling of the failed authentication directly in the Services.mxml... simple and works. mx:Script function handleRemoteFault( event ):Void { if( event.fault.faultcode == Client.Authentication || event.fault.faultcode == 401 ) { // do whatever you want here, its a free country } else { event.call.faultHandler( event ); } } /mx:Script Dimitrios Jimmy Gianninas RIA Developer Optimal Payments Inc. _ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Friday, October 07, 2005 9:53 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Authentication with Macromedia Flex so, I got auth working using the approach you mentioned CallbackHandler handler = new SimpleCallbackHandler( userName, password ); Subject subject = Authentication.login( handler ); ServletAuthentication.runAs( subject, httpRequest ); silightly different
Re: [flexcoders] Re: Authentication with Macromedia Flex
But Dave described using a cusom screen instead of the grey security/login popup thingy. In the web.xml settings you can set the URL of a custom form for login. This form can be in HTML or whatever, eh? DK On 3/2/06, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Dave, I don't disagree with you, that will work and I have seen it work. But I don't like the little pop-up challenge window. For lack of a better term, I wanted a more presentable login screen for my end users, so with the wonderful component model that Flex provides, I created a LoginView component that all our UIs re-use... see I didn't write much code either :) Is my way more complex? Perhaps just a wee little bit, but not very much. Both ways work, just a matter of choice I guess. Jimmy -Original Message- From: flexcoders@yahoogroups.com on behalf of Dave Wolf Sent: Thu 3/2/2006 9:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Authentication with Macromedia Flex I am trying to understand why we all keep trying to make this so complex rather then taking advantage of the functionality that is already in Flex and your container (JRun, Tomcat etc). J2EE has a resonably simple model for handling authentication and access control that alleviates the requirement to write your own login logic, to write specific login remote objects, use custom authentication etc. Effectively you only need to do the following. 1) Secure specific URL patterns via settings in the web applications deployment descriptor (web.xml). I have in the past, and would now be more then happy to show how to configure these. 2) Upon trying to load a secured URL pattern, the container will challenge you by presenting a login screen. We have developed these screens in Flex. Effectively you create a simple form with two input fields name j_username and j_password. You post those values to the url /j_security_check. Now the container handles all your authentication. Once completed the container will provide you access to the secured resource and will populate all the in-memory structures to completely support runtime interrogation of securerity context. Flex integrates so well and so transparantly with J2EE and its security model it is foolish not to take advantage of that. I dunno I'm an odd duck. I like writing less code :) -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, Dimitrios Gianninas [EMAIL PROTECTED] wrote: Hi Allister, Ok let me clear things up for you. We use WebLogic 8.1 around here, in Flex I present a login screen to the user where they enter their credentials. These credentials are passed to the server (using a RemoteObject - it is not secure, but only has one method doLogin() ) where using a WebLogic API I authenticate the user, so WebLogic knows who he is and a HTTP session is created. Then all the other RemoteObjects are locked down and when the session expires, I kick them back out to the login screen (where I wrote below // do whatever you want here, its a free country), all still in Flex. Does this make more sense? Dimitrios Jimmy Gianninas Optimal Payments -Original Message- From: flexcoders@yahoogroups.com on behalf of allister_dickson Sent: Thu 3/2/2006 6:13 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Authentication with Macromedia Flex Hi Dimitrios, From reading through your earlier posts I get the impression that you are using a two methods to authenticate users. Initially, you authenticate the user using standard J2EE form based authentication. Then when using a service if you receive an authentication fault you use a flex popup window to re authenticate. Is this correct? Also, if you get a session time out do you resubmit the original service request after re-authentication? If so, what is the best way to generically resubmit the request? Regards, Allister - Original Message - From: Dimitrios Gianninas mailto:[EMAIL PROTECTED] To: flexcoders@yahoogroups.com Sent: Monday, October 10, 2005 12:59 AM Subject: RE: [flexcoders] Authentication with Macromedia Flex I put theh handling of the failed authentication directly in the Services.mxml... simple and works. mx:Script function handleRemoteFault( event ):Void { if( event.fault.faultcode == Client.Authentication || event.fault.faultcode == 401 ) { // do whatever you want here, its a free country } else { event.call.faultHandler( event ); } } /mx:Script Dimitrios Jimmy Gianninas RIA Developer Optimal Payments Inc. _ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Friday, October 07, 2005 9:53 AM To: flexcoders