Apache flex 如何检查用户身份验证的Spring安全性并从Flex获取角色?
我使用Spring、Spring Security、BlazeDS、Flex和Spring Flex 我知道我可以调用Apache flex 如何检查用户身份验证的Spring安全性并从Flex获取角色?,apache-flex,spring,authentication,authorization,spring-security,Apache Flex,Spring,Authentication,Authorization,Spring Security,我使用Spring、Spring Security、BlazeDS、Flex和Spring Flex 我知道我可以调用channelSet.login()和channelSet.logout()来钩住Spring安全性进行身份验证channelSet.authenticated显然只知道当前Flex会话,因为它总是以false开头,直到调用channelSet.login() 我想做的是: 检查Flex以了解用户是否已经在会话中 如果是,我想要他们的用户名和角色 更新 我只是想在下面添加我从的答
channelSet.login()
和channelSet.logout()
来钩住Spring安全性进行身份验证channelSet.authenticated
显然只知道当前Flex会话,因为它总是以false开头,直到调用channelSet.login()
我想做的是:
我只是想在下面添加我从的答案中使用的解决方案的详细信息,以便其他人可以更轻松地查找。我使用StackOverflow answer使
SecurityContext
可注入。我不会根据这个答案重写代码,所以请查看SecurityContextFacade
securityServiceImpl.java
公共类SecurityServiceImpl实现SecurityService{
私有SecurityContextFacade SecurityContextFacade;
@安全({“角色”})
公共地图getUserDetails(){
Map userSessionDetails=newhashmap();
SecurityContext上下文=securityContextFacade.getContext();
Authentication auth=context.getAuthentication();
UserDetails UserDetails=(UserDetails)auth.getPrincipal();
ArrayList角色=新建ArrayList();
GrantedAuthority[]grantedRoles=userDetails.getAuthories();
for(int i=0;i
securityContext.xml
flexContext.xml
FlexSecurityTest.mxml
...
我将编写一个安全的Spring服务方法,返回当前用户的角色信息。让Flex应用程序在应用程序启动时调用它。如果由于安全错误而收到FaultEvent,则提示用户进行身份验证并使用ChannelSet.login()。查看本博客,在Spring拥有flex模块之前,我遵循了这一点,它很好地解决了这个问题。希望它能为你提供一些可能有用的宝石
如果使用,可以使用org.springframework.flex.security.authenticationResultils实现getUserDetails方法
public Map<String, Object> getUserDetails() {
return AuthenticationResultUtils.getAuthenticationResult();
}
publicmap getUserDetails(){
返回AuthenticationResultils.getAuthenticationResult();
}
在他的博客上发表评论的人似乎和我有着同样的问题;主要是,从Flex登录和注销很容易,但注意到现有会话却不容易。brd6644的解决方案在这方面非常有效。好主意,我会尝试一下。这比我所做的要好得多。它工作得非常好,并节省了大量代码。
<security:http auto-config="true">
<!-- Don't authenticate Flex app -->
<security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Don't authenticate remote calls -->
<security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<security:global-method-security secured-annotations="enabled" />
<bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl">
<property name="securityContextFacade" ref="securityContextFacade" />
</bean>
<bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" />
<flex:message-broker>
<flex:secured />
</flex:message-broker>
<flex:remoting-destination ref="securityService" />
<security:http auto-config="true" session-fixation-protection="none"/>
<mx:Application ... creationComplete="init()">
<mx:Script><![CDATA[
[Bindable]
private var userDetails:UserDetails; // custom VO to hold user details
private function init():void {
security.getUserDetails();
}
private function showFault(e:FaultEvent):void {
if (e.fault.faultCode == "Client.Authorization") {
Alert.show("You need to log in.");
// show the login form
} else {
// submit a ticket
}
}
private function showResult(e:ResultEvent):void {
userDetails = new UserDetails();
userDetails.username = e.result.username;
userDetails.roles = e.result.roles;
// show user the application
}
]]></mx:Script>
<mx:RemoteObject id="security" destination="securityService">
<mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" />
</mx:RemoteObject>
...
</mx:Application>
public Map<String, Object> getUserDetails() {
return AuthenticationResultUtils.getAuthenticationResult();
}