You can check for "crossdomain" file or FlexContext class under BlazeDs. These can help you to authenticate user.
On Mon, Sep 28, 2015 at 5:49 AM, Justin Magnan [via Apache Flex Users] < ml-node+s2333346n11238...@n4.nabble.com> wrote: > I am looking for ways to provide authentication and authorization for a > BlazeDS endpoint running on Tomcat 8.0.26, BlazeDS 4.7.1, JAVA 1.8 > > Everything is already configured to use a SecureAMFChannel with SSL. I am > not using Spring Security. > > I have a database storing the salted hash of my users passwords. > > To clarify when I say authentication and authorization I mean the > following: > > authentication: I know who you are. > authorization: I know who you are and what you are able to access. > > I my case, if you are authenticated, you can access the system, it's > fairly > simple. > > Today I handle everything myself. User logs in from the main Flex page, I > check the credentials and if they match I return success to the client and > load the main application. > > Once logged into the application, every time a call is made to the server > I > check the database to see if the supplied hash matches and proceed. > > I know mx.messaging.ChannelSet has login and logout methods that tie to > the > login commands defined in services-config.xml. I have struggled to make > sense of that approach, most of the examples online are either dead links > pretty dated at this point. Does anyone use this approach in production? > > Another approach I have been thinking of taking is moving the login page > to > html, and then using a custom filter to do authentication in front of the > MessageBrokerSerlvet defined in web.xml So if someone tries to access the > BlazeDS endpoint and they are not authenticated access will be denied. > > Does anyone know of a more secure way to do it or have a link to a good > example? > > Thanks, > Justin > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://apache-flex-users.2333346.n4.nabble.com/Securing-BlazeDS-endpoint-tp11238.html > To unsubscribe from Apache Flex Users, click here > <http://apache-flex-users.2333346.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1&code=cHJhc2hha3VtYXJAZ21haWwuY29tfDF8LTU0MTcyMzE2NA==> > . > NAML > <http://apache-flex-users.2333346.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- *Regards,* Prashant Kumar* | *Mob.: +91 8408811225 -- View this message in context: http://apache-flex-users.2333346.n4.nabble.com/Securing-BlazeDS-endpoint-tp11238p11239.html Sent from the Apache Flex Users mailing list archive at Nabble.com.
