Geek Answers Handbook

How do you authenticate in your Flex application?

Do you create your login, account creation, password recovery, etc. in your Flex application, or do you save all this on web pages and only redirect to .swf on successful login?

+4
source share
5 answers

We do all this in Flex in a rather complicated application, there is no reason to redirect to HTML. Since Flex says HTTP (back-end) to the backend, if you use AMF, you still need session support in Flex.

+1
source

How do we do it

1) A flash interface connecting a remote object with a Java facade on a web server.

Java:

public class AdminServer { //injected into contr.. private final LdapService ldapService; public UserDisplay authenticate(String username, String password) { return ldapService.authenticate(username,password); } }

2) LDAP authentication and exception handling

Then java calls the ldap server call through the delegate method (is excluded), the UserDisplay object is populated and always returns with a state representing success / failure / exception and the user authentication level. You can do it your own way.

3) Then we find AdminServer as the flex destination in spring / config as:


It is important that destination = "adminServer" (below) matches the bean identifier in the spring configuration (see above).

4) In the flex code: ..

5) Use AMFSecureChannel To prevent sending a password in a box from flex-> java, you also need to use the AMFSecure channel in your flex configuration file, setting it as the default value.

6) Use an Ldap certificate and key store to protect java-> ldap messages

In the java material, the ldap certificate must be used to encrypt it, which in our case means setting up the keystore file (see java keytool) on the server (Tomcat) with the following import into ORDER:

  • Top Level Root Trust Certificate
  • certificate signed by our key pair
  • Our generated key pair, which we sent for signing according to (2).

If you do not follow this order, you will not import your public / private key

7) Location of the keystore file

This file was placed in ~ / .keystore to automatically get the selected tomcat. Your server may be different.

8) use the secure web server port Finally, we had to uncomment https tomcat in the server.xml configuration to provide a secure channel for working on port 8443.

Then we could enter: https://www.oursite.com:8443/ourcontext/login.html

and provide a secure connection.

+2
source

I'm close to ending on a mid-sized, flexible application that has a Drupal back end. I used RemotObjects, talking through AMFPHP with drupal for all registration and verification procedures. The only thing I redirect to HTML for is the actual registration of a new user. However, knowing in advance that Drupal, Flex and AMFPHP played very well together, they definitely made the decision easier!

+1
source

We make our HTML / JavaScript login page and use AJAX services. We never touch our Flex.swf code until the user receives a successful authentication. On this page, we also check for the presence of a Flash player, and if it has a sufficient version to run our Flex code.

On the server side, we use Tomcat, BlazeDS, and Spring-Framework. We have Spring controllers that redirect any unauthorized access attempts - remote BlazeDS calls, etc. - to the login page. We use Spring to manage authorization and user rights (this was formerly called Acegi security, but it was integrated under the umbrella of Spring).

We used an attempt to make the Flex login page, but refused due to some strange focus errors. We could not concentrate to always be reliable in the credential editing field. The forums have encountered a problem with focus detection with the first access of the Flex form.

To enter the user's system, we absolutely wanted to make sure that the focus behaves well. First impressions are lasting impressions.

+1
source

It is very easy to communicate with the server via http (regular web server) in flash memory. If you are not doing heavy communication with the server, AMF may be excessive, and JSON, XML, or your own format will be quite large.

http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/net/URLLoader.html

http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/net/URLRequest.html

EDIT: I want to say flash, not flexibility.

0
source

More articles:


All Articles