我使用Spring,Spring Security,BlazeDS,Flex和spring-flex。如何檢查Spring Security進行用戶認證並從Flex獲取角色?
我知道我可以撥打channelSet.login()
和channelSet.logout()
掛鉤到Spring Security進行身份驗證。 channelSet.authenticated
顯然只知道當前的Flex會話,因爲它總是以false開頭,直到您致電channelSet.login()
。
我想做什麼:從Flex的
- 檢查知道,如果用戶已經在一個會話。
- 如果是這樣,我想要他們的用戶名和角色。
UPDATE
我只是想我要補充我從下面brd6644的回答中使用的解決方案的細節,所以,這可能是爲別人誰看起來這件事更容易。我用this StackOverflow答案使SecurityContext
注射。我不會重寫這個答案中的代碼,所以去看看它的SecurityContextFacade
。
securityServiceImpl.java
securityContext.xml
<security:http auto-config="true">
<!-- Don't authenticate Flex app -->
<security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Don't authenticate remote calls -->
<security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<security:global-method-security secured-annotations="enabled" />
<bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl">
<property name="securityContextFacade" ref="securityContextFacade" />
</bean>
<bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" />
flexContext.xml
<flex:message-broker>
<flex:secured />
</flex:message-broker>
<flex:remoting-destination ref="securityService" />
<security:http auto-config="true" session-fixation-protection="none"/>
FlexSecurityTest.mxml
<mx:Application ... creationComplete="init()">
<mx:Script><![CDATA[
[Bindable]
private var userDetails:UserDetails; // custom VO to hold user details
private function init():void {
security.getUserDetails();
}
private function showFault(e:FaultEvent):void {
if (e.fault.faultCode == "Client.Authorization") {
Alert.show("You need to log in.");
// show the login form
} else {
// submit a ticket
}
}
private function showResult(e:ResultEvent):void {
userDetails = new UserDetails();
userDetails.username = e.result.username;
userDetails.roles = e.result.roles;
// show user the application
}
]]></mx:Script>
<mx:RemoteObject id="security" destination="securityService">
<mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" />
</mx:RemoteObject>
...
</mx:Application>
這比我所做的要好得多。它工作得很好,並保存了很多代碼。 – 2010-07-14 21:05:49