Does Flash not support username/password in a URL? What are my alternatives?
I've been trying to load some JSON from a URL with a username/password at the beginning.
So the URL resembles: http://username:password@www.myaddress.org.uk/api/profiles/
I've been using the DataLoader class from greensock and it returns a Error #2032: Stream Error if the authentication is up but loads fine when it is disabled.
I'm trying to add a 'Authorization' URLRequestHeader to get round this issue? Is this the best way forward?
If it is relevant, I'm developing using FlashDevelop 4.0 / Flex SDK 4.5.1 on Windows 7 Enterprise.
Thanks in advance!
Edit:
I'm trying to use headers in a similar way to this post: Flex 3 - how to support HTTP Authentication URLRequest? but I'm not having much success. The base64 encoder I'm using is from here: http://jpauclair.net/2010/01/09/base64-optimized-as3-lib/
开发者_开发知识库2nd Edit: latest code
_loader = new DataLoader(ENDPOINT, { onComplete:handleComplete, onError:handleError, onFail:handleFail } );
_loader.request.method = URLRequestMethod.POST;
_loader.request.data = new URLVariables("required=RandomData");
var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(USER+':'+PASS);
var headerString:String = Base64.encode(bytes);
var header:URLRequestHeader = new URLRequestHeader('Authorization', 'Basic ' + headerString );
_loader.request.requestHeaders.push(header);
_loader.load();
crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="Authorization" />
</cross-domain-policy>
Edit 3 I've also tried using a URLLoader:
var urlRequest:URLRequest = new URLRequest(ENDPOINT);
urlRequest.method = URLRequestMethod.POST;
urlRequest.data = new URLVariables("required=RandomData");
var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(USER+':'+PASS);
var headerString:String = Base64.encode(bytes);
var header:URLRequestHeader = new URLRequestHeader('Authorization', 'Basic ' + headerString );
urlRequest.requestHeaders.push(header);
_urlLoader = new URLLoader(urlRequest);
_urlLoader.addEventListener(Event.COMPLETE, temp_handleComplete);
_urlLoader.addEventListener(IOErrorEvent.IO_ERROR, temp_handleError);
Basic Authentication is pretty restricted in Flash, especially if you're looking to consume an API. I would suggest wrapping the request at your own server where you could implement a session-based or key-based authentication.
Eg. http://api.your-domain.co.uk/api/profiles/?key=0123456789abdef would invoke a server-side script that 1) checks for the validity of the API key and 2) fetches data from http://username:password@www.myaddress.org.uk/api/profiles/ and returns it.
If you're using more than the "/api/profiles/" out of the API, I suggest writing a rewrite that would accept any path and fetch the corresponding remote path. The script can be anything that is supported on your server, from a php script to a bash script.
Or if your server application supports it you may even use something like mod_proxy for setting up a Reverse Proxy. Actually, now that I think about it, a reverse proxy using Apache or Lighttpd might be the easiest of the solutions! (See: http://httpd.apache.org/docs/2.0/mod/mod_proxy.html)
精彩评论