Example name:
Using Flex Remoting client security API
Description:
The example demonstrates the following:
Usage of the setCredentials( userid, password ) and logout()
methods in the RemoteObject class
Error handling caused by the server-side security constraints
Client-side code:
Browse
Download
Server-side code:
Browse
Download
Product edition
availability:
WebORB Standard Edition (localhost clients only)
WebORB Professional Edition
WebORB Enterprise Edition
Run example:
Key points:
The server-side class is exposed as "AccountBalanceDestination"
destination through a registration in WEB-INF/flex/remoting-config.xml:
<destination id="AccountBalanceDestination">
<properties>
<source>Weborb.Examples.AccountBalance</source>
</properties>
<security>
<security-constraint>
<auth-method>Custom</auth-method>
<roles>
<role>examplesuser</role>
</roles>
</security-constraint>
</security>
</destination>
Notice the security declaration in the destination. The role
name in the <role> element above refers to the roles configured in
weborb.config (located in the root of the web application):
<acl>
<user>
<name>admin</name>
<password>password</password>
<role>examplesuser</role>
</user>
</acl>
When client application performs an invocation without userid
and password, WebORB rejects access by throwing an exception.
Userid and password can be associated with a remote object using
the setCredentials( userid, password ) API
Once logged in, the same invocation works and client gets a
result back.
The logout() method in the RemoteObject class removes
credentials associated with the remote object
The client application uses two Flex states to manage logged in
and logged out views
Things to try:
Invoke "Check Account Balance" when in logged in and logged out
states. See the difference in the invocation result