Spring security with Flex using Container Preauth
I've got the Spring Security preauthentication sample configured and working with JBoss. The next step开发者_如何学编程 is to somehow get the user information into a flex client GUI.
What are some methods that will let me get the Authentication or UserDetails object that's created by spring-security on http access into the flex client? Since I'm logging in externally, I can't use channelset.login(), right? All the examples I've seen so far assume that the user logs in manually through the flex client, but the requirement is for container-based authentication.
Using flex3, spring 3.0.4, spring-security-3.0.3
If you use spring-flex together with blazeds for the flex to java http plumbing, then what you have to do is to :
enable the Spring Security filter chain in web.xml
secure your blazeds service with your expected security constraints
make your spring-security AuthenticationProvider use your authentication mechanism
There is an article on Adobe DevNet covering this topic: http://www.adobe.com/devnet/flex/articles/flex_security.html
Use PreAuthenticatedAuthenticationProvider as your authentication provider. Flex sessions will automatically map 1:1 with HTTP sessions, and you can access the authentication object using a session-scoped call to SecurityContextHolder.getContext().getAuthentication()
精彩评论