Finding all the active flex client sessions

[amiladomingo]

Hi,

I have a requirement to change the visibility of Flex UI controls (using chimp role based security) runtime while the users are logged into the system if some admin user goes and change the logged in users role / privileges.

first i needed the active user sessions. done with following code,

Code:

FlexClientManager flexClientManager = messageBroker.getFlexClientManager();

String[] clientIDs = flexClientManager.getClientIds();

for (String ID : clientIDs) {
	FlexClient flexClient = flexClientManager.getFlexClient(ID);
}

then, i changed the user privileges with following code,

Code:

for (HttpFlexSession flexSession: flexClient.getFlexSessions()){
         flexSession.setUserPrincipal(changedPrincipal);

this works fine, but i want to know if this is the best way to do this.

following link is related this problem http://forum.springframework.org/sho...d.php?t=100224

appreciate your help

[amiladomingo]

following are the frameworks i use for this application,

UI - flex, chimp role based security framework

Back end - spring-flex (spring blaze ds integration), spring security

[jeremyg484]

This seems reasonable, though if you're using Spring Security, you'd probably also need to use its APIs directly to update the current Authentication object.

Then I assume you also need some way of notifying the client of the new Authentication. You could conceivable using the Messaging service for this to push a notification and respond accordingly.

[amiladomingo]

I do following to notify the UI

Code:

messageBroker.routeMessageToService(msg, null);

I use spring security but security context for a particular user is not available since this runs by a scheduled task in middle-tier, this doesn't come as a request from the client.

Since it doesn't come as a request from the client, i'm currently facing a problem with loading the new user authorities for method level security

Think i might need a new approach for this.

[sankadil]

hi,
you have mention that you use
UI - flex, chimp role based security framework
please tell me how can you mention the roles and corresponding permisions?
did you declare it on flex metadata tags? or retrive from DB?
I am stuck with chimps this senario please help me.I need to load those previleges from DB.But I am unable to set those values to metadata tag.Is there a way to convert string to flex metadta or sometihing like that?

[amiladomingo]

did you declare it on flex metadata tags?

Yes.

I first add metadata to flex components,

Code:

[Protected(permissions="ROLE_ADMIN",notInPermissionAction="removeChild",componentId="this")]

Then loads the granted authorities for user when he logs in,

Code:

Chimp.load(authorities);

Is there a way to convert string to flex metadta or sometihing like that?

You mean loading the UI component to permissions mapping from DB?

[sankadil]

Answer is Yes.
I think you are correct and thnx for the quick reply Mr.Amila.
I need somthing like this link,but that article is not compleate.
http://s2o-bcn.blogspot.com/2010/12/...ion-based.html
I have done it in the following way,like you ask
[Protected(permissions="admin",inPermissionAction=" visible",componentId="btnAdd")]

But this is a some kind of hardcording.I think you will agree.when we want to change the previlages we have to change the source code.That is not good for the changing world.So I dont want to do that.I need to store those previleges (not only ROLEs other inpermisionaction,notInpermisionActions,componentI ds,screeIDs...etc) in DB and source code should have independent from changes.
And my requirement is,
I want to store those permissions,actions,components fields in DB and then I want to retrive those from DB and process the UI according to permissions of ROLE.