Example name: Using Flex Remoting client security API
Description: The example demonstrates the following:
  • Usage of the setCredentials( userid, password ) and logout() methods in the RemoteObject class
  • Error handling caused by the server-side security constraints
Client-side code: Browse  Download
Server-side code: Browse  Download
Product edition availability:
  • WebORB Standard Edition (localhost clients only)
  • WebORB Professional Edition
  • WebORB Enterprise Edition
Run example:
Key points:
  • The server-side class is exposed as "AccountBalanceDestination" destination through a registration in WEB-INF/flex/remoting-config.xml:

     
    <destination id="AccountBalanceDestination">
      <properties>
        <source>Weborb.Examples.AccountBalance</source>
      </properties>
      <security>
        <security-constraint>
          <auth-method>Custom</auth-method>
          <roles>
            <role>examplesuser</role>
          </roles>
        </security-constraint>
      </security>
    </destination>

  • Notice the security declaration in the destination. The role name in the <role> element above refers to the roles configured in weborb.config (located in the root of the web application):

     
    <acl>
      <user>
        <name>admin</name>
        <password>password</password>
        <role>examplesuser</role>
      </user>
    </acl>

  • When client application performs an invocation without userid and password, WebORB rejects access by throwing an exception.
  • Userid and password can be associated with a remote object using the setCredentials( userid, password ) API
  • Once logged in, the same invocation works and client gets a result back.
  • The logout() method in the RemoteObject class removes credentials associated with the remote object
  • The client application uses two Flex states to manage logged in and logged out views
Things to try:
  • Invoke "Check Account Balance" when in logged in and logged out states. See the difference in the invocation result