Hi Dave, This is definitely a great start for supporting Flex! I'm glad to see you're able to help!
In anything you submit, the best way to do it is as a patch to the project if possible and submit that patch to Jira. Out of curiosity, does it use FlexMojos to build? I do have a couple of quick questions though: Your first JavaDoc comment states "Authentication and Authorization need to let AMF Ping, Login, Logout messages pass through without processing." What does that mean exactly? Also, in the past, I typically have created a SubjectService that can be called from Flex that really just mimics the Subject API, and that's how the Flex client interacted w/ Shiro if ever necessary. Do you guys use a similar set-up? Does this have any relation to the classes you listed below? Best, Les On Thu, Mar 25, 2010 at 6:04 AM, David Berry <[email protected]> wrote: > > All, > > I have created the following classes that I used to integrate Shiro with Flex > AMF. I would like to contribute them to the shiro. Please let me know if > there is interest and the > procedure for doing so. I have included the class names with a brief > description of what they do. > > Best Regards, > > Dave > > /* Authentication and Authorization need to let AMF Ping, Login, Logout > messages pass through > without processing. They call FlexMessageHelper to introspect the binary > message to see if it is allowed to pass. > If not, normal Authentication, and Authorization takes place. > */ > public class FlexAuthenticationFilter extends AuthenticationFilter; > public class FlexPermissionsAuthorizationFilter extends > PermissionsAuthorizationFilter; > public class FlexRolesAuthorizationFilter extends RolesAuthorizationFilter; > > /*Helper methods for introspecting the contents of the amf message. It is > conceivable that a security handler > might need to introspect the contents of a request. It would be nice if Shiro > wrapped the request automatically so that anyone can read the contents without > causing an end of stream error for a filter down the line. > Message helper deserializes the AMF message and checks to see if it is a > PING, LOGON, or LOGOUT request. > */ > public class FlexHttpServletRequestWrapper extends HttpServletRequestWrapper; > public class FlexMessageHelper; > > /* Custom Flex Login command that calls Subject.login returns a Principal > back to Flex. > */ > public class FlexLoginCommand implements LoginCommand; > public class FlexPrincipal implements Principal; > > >
