开发者

Getting JSESSIONID cookie into standalone BlazeDS app messages

开发者 https://www.devze.com 2023-02-20 20:36 出处:网络
I have a flex app using BlazeDS to talk with a web app using Spring Security.During normal use the user has already logged into the web app before running the flex app, so the browser takes care of pa

I have a flex app using BlazeDS to talk with a web app using Spring Security. During normal use the user has already logged into the web app before running the flex app, so the browser takes care of passing the JSESSIONID session cookie on the outgoing messages so the web app knows who they're coming from.

However, I'd like to be able to run the flex app from my IDE (IntelliJ IDEA) for debugging, which means there's been no previous login and thus no existing session. I put some code in -- just for the purpose of debugging -- to first send a login message. That works, and the JSESSIONID cookie comes with the response, but I don't know how to attach it to the subsequent BlazeDS remoting calls that the app makes.

Is there some sort of channel configuration that does this, or some other method? And if you're going to point me to the BlazeDS/SpringSecurity preauthentication example, I appreciate the thought, but we already have a fairly involved configuration of Spring Security and I don't want to mess with that.

As an aside, I was a bit disconcerted when I tried to follow a suggestion to call login() on the RemoteObject's ChannelSet, only to find that the ChannelSet was null. I don't see how that can be, since the remoting calls work, using -- I can only assume -- the AMF channel defined in the services-config.xml. Anyway, I don't know whether login() works by sending j_username and j_password to /j_spring_security_check anyway, so it might not have been appropriate; and of course I'd still be left with the subject of this que开发者_开发知识库ry, which is how to use the session once it's been created.

I don't think it'll help to explain anything, but I'll include some code and config snippets...

The login:

<mx:HTTPService id="loginRequest" url="http://fiddler:8080/app/j_spring_security_check" useProxy="false"
            method="POST" result="handleLoginResult(event)">
<mx:request xmlns="">
    <j_username>username</j_username>
    <j_password>password</j_password>
</mx:request>
</mx:HTTPService>

The RemoteObject:

<mx:RemoteObject id="remoteObject" destination="blazebackend">
    <mx:method name="getConfigData" result="handleConfigDataResult(event)" fault="handleFault(event)"/>
    <mx:method name="addSession" result="handleAddSessionResult(event)" fault="handleFault(event)"/>
</mx:RemoteObject>

A channel:

<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
    <endpoint url="/{context.root}/app/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>

TIA.


I'd like to be able to run the flex app from my IDE (IntelliJ IDEA) for debugging

Using Eclipse you can debug inside Eclipse IDE when deployed on a localhost or remote server by configuring the "Url or path to use" when starting debugging.

JESSIONID means that you're using Java EE authentication, the login method of the ChannelSet can be used for a custom and or Basic authentication (that can be or not a Java EE authentication), I think the best for you is to deploy on a localhost, or eventually remove security when debugging.

0

精彩评论

暂无评论...
验证码 换一张
取 消