Case study: security integration 101

Security integration 101

This is only a security demo. It adds a security mechanism to spring blazeds integration 101, the first demo in this series.

 

I. Run the demo:

1. RunProgram: Http: // localhost: 8400/spring-Flex-testdrive/spring-blazeds-security-101/index.html

2. If you have not logged on, click "Get Data" to display a "Access Denied" exception dialog box.

3. Log On With userid: John/password: John and click "Get Data" again to obtain data from the server.

4. Click the "logout" button and click "Get Data" again. The "Access Denied" exception dialog box is displayed again.

5. If you have logged on and passed the authentication, you do not need to use channelset to log on. For example. JSP (http: // localhost: 8400/spring-Flex-testdrive/login. in JSP), John/John is logged on. In the flex program, the user logs on to obtain data directly.

Ii. UnderstandingCode:

1. Main. mxml:

Set the channelset of RO during program Initialization

VaR channel: amfchannel = new amfchannel ("My-AMF", "http: // localhost: 8400/spring-Flex-testdrive/messagebroker/AMF ");
VaR channelset: channelset = new channelset ();
Channelset. addchannel (Channel );
Ro. channelset = channelset;

<S: remoteobject id = "Ro" Destination = "securedproductservice" fault = "faulthandler (event)"/>

2. log on and log out through Ro's channelset. Ro. channelset. login (user name, password) and Ro. channelset. logout ().

3. flex-servlet.xml

<Flex: remoting-destination ref = "securedproductservice"/>

4. securedproductservice defined in the app-config.xml is critical:

<Bean id = "securedproductservice" class = "org. springframework. Flex. samples. Product. productdao">
<Constructor-Arg ref = "datasource"/>
<Security: intercept-methods>
<Security: Protect method = "find *" Access = "role_user"/>
</Security: intercept-methods>
</Bean>

Authentication configuration is in the security-config.xml by using <Security/> in <bean/> to protect the method.

5. security-config.xml

<Authentication-Manager>
<Authentication-provider>
<User-service>
<User name = "John" Password = "John" authorities = "role_user"/>
<User name = "admin" Password = "admin" authorities = "role_user, role_admin"/>
<User name = "guest" Password = "guest" authorities = "role_guest"/>
</User-service>
</Authentication-provider>
</Authentication-Manager>

6. A part of the demo is JSP login code.

 

Iii. Summary:

This security mechanism is more about spring, which requires another topic. This is the end of this series of cases ..