Access 'UserDetails' on flex

**BrianBLong** · Feb 23rd, 2011, 11:49 AM

@jaggernat
So for instance, somehow through the examples, I ended up with a bean declaration in security-config.xml like this:

Code:

<http auto-config="true">
	<intercept-url pattern="/index.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
	<intercept-url pattern="/ldaplogin.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
	<intercept-url pattern="/app-flex/**" access="ROLE_USER" />
	<form-login login-page='/index.jsp' default-target-url='/app-flex/Main.html'
		always-use-default-target='true' />
</http>
<beans:bean id="entryPoint" class="org.springframework.flex.security3.FlexAuthenticationEntryPoint"/>

Though I've yet to figure out accessing/leveraging the entryPoint bean in MXML. Do you have any samples or links you can share?

Thanks,
Brian

**jaggernat** · Feb 23rd, 2011, 12:01 PM

ofcourse, just download the spring-flex-test drive and look at the code (for mxml and java), its all in there

**amiladomingo** · Feb 23rd, 2011, 12:24 PM

How are you getting the map without doing a remote call?

AuthenticationResultUtils also access the security context to get the map

**jaggernat** · Feb 23rd, 2011, 12:52 PM

yeah thats right , a remote call has to be made. The mistake i was making was i created a User class on the action script side and was trying to map the User.as to User.java which is totally unnecessary.

thanks for your help.

**BrianBLong** · Feb 24th, 2011, 02:18 PM

@jaggernat and @amiladomingo
I'm not sure I follow, could you point out an example of populating the roles via your CustomUserDetailService class? Are you setting properties on Spring managed beans that are supplied out of the box for this?

Similarly to you, I am not using a Flex authentication screen ( http://forum.springsource.org/showth...181#post347181 )

I have a JSP page that calls an NTLM service and returns to me a user object with privileges. Is there a way I can set some properties on a spring managed UserDetails object from JSP that I can then reference once my swf is loaded ?

Any help would be so appreciated, I've been struggling quite a bit with this. I'm using

Code:

http://www.springframework.org/schema/security/spring-security-3.0.xsd

in my config files , though I'm not sure which version of the jars it relates to

Code:

spring-security-core-3.0.2.RELEASE.jar

I believe, but might accidently be referencing

Code:

spring-security-core-3.1.0.RC1.jar

Thank you in advance,
Brian

**amiladomingo** · Feb 24th, 2011, 02:40 PM

in my config files , though I'm not sure which version of the jars it relates to

Use spring security 3.0.5, which is the latest production release http://s3.amazonaws.com/dist.springf....5.RELEASE.zip

Is there a way I can set some properties on a spring managed UserDetails object from JSP that I can then reference once my swf is loaded ?

Only approach i can see for now is to load the swf once you log-in from jsp, then do a remote from flex to java and get the authentication details from either AuthenticationResultUtils or Spring security context.

By the way, i think it's worth to look if you can use flashvars to pass the authentication details to swf from jsp (after you log-in) when loading the swf

**BrianBLong** · Feb 24th, 2011, 02:54 PM

Ok, thanks Amila. Is that release only documented in the enclosed HTML rather than hosted here: http://static.springsource.org/sprin...ity/site/docs/ ?

I will be sure to use that version. Could you give me one more bit of suggestion, I'm thinking I should either implement a UserDetail service as this person is discussing on the forum : New to Spring - Custom Authentication with UserDetails

My thought is since my infrastructure already gets a unique "user ID" I could then set a property on spring managed bean, load the swf normally and then simply get the user's credentials and manipulate the flex view per the principal's role ? Does that sound right?

**BrianBLong** · Feb 24th, 2011, 03:04 PM

Just to be sure, are the spring-security-3.0.5.RELEASE jars compatible with the Flex / BlazeDS components namely spring-flex-core-1.5.0.M2.jar ?

**amiladomingo** · Feb 24th, 2011, 03:11 PM

Is that release only documented in the enclosed HTML rather than hosted here: http://static.springsource.org/sprin...ity/site/docs/ ?

Reference doc http://static.springsource.org/sprin...gsecurity.html

I'm thinking I should either implement a UserDetail service

Why do you want to implement a custom user detail service? How do you authenticate users? is it against a database? If so can't you use the DaoAuthenticationProvider?

My thought is since my infrastructure already gets a unique "user ID" I could then set a property on spring managed bean, load the swf normally and then simply get the user's credentials and manipulate the flex view per the principal's role

You won't be needing an unique id to retrieve the authentication details, since the spring security context is available, get the authentication details from middle-tier

Code:

SecurityContextHolder.getContext().getAuthentication()

Or

Code:

AuthenticationResultUtils.getAuthenticationResult()

**amiladomingo** · Feb 24th, 2011, 03:13 PM

are the spring-security-3.0.5.RELEASE jars compatible with the Flex / BlazeDS components namely spring-flex-core-1.5.0.M2.jar ?

Yes, it should be. But i use 1.0.3 since it is the latest production release.

Thread: Access 'UserDetails' on flex

Thread Tools

Display

Code Sample?

Please help with security

spring-security-3.0.5.RELEASE with BlazeDS and Flex?

Posting Permissions