-
1. Re: Flex + JBoss
Actually step 3 in previous message was stripped, they advise adding a Valve tag in conf/server.xml:
Valve className="flashgateway.security.TomcatValve"
And step 4 doesn't matter, I'm using Jboss 4 with Tomcat 5 -
2. Re: Flex + JBoss
Problem fixed.
In FLEX_HOME/resources/security/TomcatLogin you will find two jars to add capabilities to JBoss' embedded Tomcat server:
- Put flex-tomcat-common.jar in JBOSS_HOME/server/default/lib
- Put flex-tomcat-server.jar in JBOSS_HOME/server/default/deploy/jbossweb-tomcat50.sar
- Add a valve in JBOSS_HOME/server/default/deploy/jbossweb-tomcat50.sar/server.xml:<Valve className="flashgateway.security.TomcatValve"/>
Now configure Flex so that we can use RemoteObject in association with J2EE roles while still using our own custom auth window. Add the following to flexapps/WEB-INF/flex/flex-config.xml:<object name="EmployeeAccess"> <source>examples.EmployeeAccess</source> <use-custom-authentication>true</use-custom-authentication> <roles> <role>sampleusers</role> </roles> </object> <object name="ManagerAccess"> <source>examples.ManagerAccess</source> <use-custom-authentication>true</use-custom-authentication> <roles> <role>samplemanagers</role> </roles> </object>
Now configure JAAS security:
- Add jboss-web.xml in flexapps/WEB-INF with a JAAS security-domain:<jboss-web> <security-domain>java:/jaas/flexapps</security-domain> </jboss-web>
- Add security roles to flexapps/WEB-INF/web.xml:<login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>sampleusers</role-name> </security-role> <security-role> <role-name>samplemanagers</role-name> </security-role>
- Define java:/jaas/flexapps in JBOSS_HOME/server/default/conf/login-config.xml:<application-policy name="flexapps"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">flexapps-users.properties</module-option> <module-option name="rolesProperties">flexapps-roles.properties</module-option> </login-module> </authentication> </application-policy>
- Add flexapps-users.properties and flexapps-roles.properties files to flexapps/WEB-INF/classes with "sampleuser" and "samplemanager" users plus "sampleusers" and "samplemanagers" roles.
That's it, custom authentication works really nice, you can use your own Flex logon popup and use JAAS behind the scenes. Also you could use base64+MD5 hashing on your passwords or use a LDAP or database instead of plain text files. I will post a quick HOWTO on my blog very soon on how to use MySQL and encrypted passwords to do custom auth.
Cheers,
Fanch
http://www.mfworx.com -
3. Re: Flex + JBoss
I'm attempting to do this exact same thing, but am new to JBoss. I'm attempting to use the LdapLoginModule via a custom login form but am really struggling with how to interact with the LdapLoginModule...I have all the descriptor entries that you have above, but again am struggling with the code to get the password validation, roles, etc...can you provide some pointers please??? :)
-
4. Re: Flex + JBoss
Well I guess using the LDAP can be done as explainedhttp://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html#d0e19198.
I finished writing my tutorial to do MySQL auth http://www.mfworx.com/index.php?blogid=1&archive=2005-04[/url] -
5. Re: Flex + JBoss
Thanks on the doc links...I've read those many, many times...what I am not getting where do i pass the username/password to the Login Modules...or is it as simple as using flex's setUsernamePassword() method...and let the container handle it? Thanks for the blog url too.
-
6. Re: Flex + JBoss
In Brian Deitte's tutorial there's a logon popup window in Flex, are you using the same samples or is it something else you're doing?
-
7. Re: Flex + JBoss
Something else...I have reviewed Brian's tutorial but I am missing something in the translation ( at this point, I feel like I am issing more than just that too...like a frontal lobe :))..anyway, what I see is that he sets the dataService.setUsernamePassword()...after that, regardless of the LoginModule defined (Database, Ldap, Simple, etc.), I just then need to have a class that uses the flash gateway's HttpRequest object to obtain principal and then to check to see if user is in role with isUserInRole() method...
-
8. Re: Flex + JBoss
did you check EmployeeAccess.java in his classes? Does that look like what you're looking for?
package examples; import flashgateway.Gateway; import javax.servlet.http.HttpServletRequest; import java.security.Principal; /** * Object that only users in role "sample-employee" can access. * * @author Brian Deitte */ public class EmployeeAccess { public TransferObject getTransferObject() { TransferObject transfer = new TransferObject(); // use the new 1.5 way of getting request info for RemoteObject HttpServletRequest request = Gateway.getHttpRequest(); Principal prin = request.getUserPrincipal(); // the prinicpal should never be null if security is set up right but // we'll test here anyways if (prin == null) { throw new RuntimeException("Principal is null- is security set up correctly?"); } // transfer the user name for display on the client transfer.userName = prin.getName(); // it would be nice if we could transfer the role name, but instead with the servlet API we // can only check whether the current user is in a role. transfer.isManager = request.isUserInRole(ManagerAccess.MANAGER_ROLE); // we use the role information to decide whether to include salary info. This works because we know the // user has to log in to access EmployeeAccess. If they only had to log in to access ManagerAccess, then // we'd have to reget salary information from ManagerAccess. Doing it here instead means we can // make one less call to the server and transfer all Employee data in one logical group boolean includeSalary = transfer.isManager; // transfer the list of Employee objects transfer.employees = EmployeeStore.getList(includeSalary); return transfer; } } -
9. Re: Flex + JBoss
Yes, what I was missing, until you provided me some clues, was the exchange between the client and the container. I got all hung up with the LoginModule instead of just letting the container handle how that was defined within the login-config.xml for JBoss. Thanks for your pointers and patience!!! I was going down the path of using flex's internal session servlet but this should work. Thanks again!
-
10. Re: Flex + JBoss
Well, I went back to square one because I ran into some interesting behavior, so, I re-installed Brian's sample app and am now in a state whereby I am either:
1) when using a "named" RO (per original code), I get a compile error stating "Invalid value for 'named' - does not match any object name from the configuration file", or;
2) if I change the RO from 'named' to source="examples.EmployeeAccess" I then get a Client.NotAllowed error stating "The source examples.EmployeeAccess can not be
accessed directly".
Can I confirm that you are using JBoss 4.0sp1?
Here is the snippet from the flex-config showing the whitelist for the remote objects...again, thanks for any assist you can provide.<named> <object name="EmployeeAccess"> <source>examples.EmployeeAccess</source> <use-custom-authentication>true</use-custom-authentication> <roles> <role>sampleusers</role> </roles> </object> <object name="ManagerAccess"> <source>examples.ManagerAccess</source> <use-custom-authentication>true</use-custom-authentication> <roles> <role>samplemanagers</role> </roles> </object> </named>
-
11. Re: Flex + JBoss
I confirm that I'm using 4.0sp1.
1) when using a "named" RO (per original code), I get a compile error stating "Invalid value for 'named' - does not match any object name from the configuration file", or;
Weird... might sound like a stupid clue but did you check you pasted the named objects markup in the right whitelist? I did that mistake myself once, pasting them in the http-service-proxy section... If not I'm not sure I can help any better, sorry... -
12. Re: Flex + JBoss
ok, thanks. Yeah, I checked the whitelist location...I'm reviewing my other descriptors (login-config, jboss-web, etc.) to see if I did something stupid in there too...
-
13. Re: Flex + JBoss
I wonder if I missed something re: JBoss setup in general with regards to Flex. In my war, I have all of the flex supporting jars. Regarding JBoss, the only flex jars I copied to the installation were the 2 tomcat specific jars, along with the tomcat Valve entry...is this inline with your setup? Again, I really thank you for taking the time to reply.
-