更新时间:2023-12-02 21:03:40
如果您使用春天BlazeDS集成一>,您可以使用org.springframework.flex.security.AuthenticationResultUtils实现getUserDetails方法。
公开地图<弦乐,对象> getUserDetails(){
返回AuthenticationResultUtils.getAuthenticationResult();
}
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.
I know that I can call channelSet.login()
and channelSet.logout()
to hook into Spring Security for authentication. channelSet.authenticated
apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login()
.
What I want to do:
UPDATE
I just thought I'd add details of the solution I used from brd6644's answer below, so that this might be easier for someone else who looks this up. I used this *** answer to make the SecurityContext
injectable. I won't be rewriting the code from that answer in this one, so go look at it for the SecurityContextFacade
.
securityServiceImpl.java
public class SecurityServiceImpl implements SecurityService {
private SecurityContextFacade securityContextFacade;
@Secured({"ROLE_PEON"})
public Map<String, Object> getUserDetails() {
Map<String,Object> userSessionDetails = new HashMap<String, Object>();
SecurityContext context = securityContextFacade.getContext();
Authentication auth = context.getAuthentication();
UserDetails userDetails = (UserDetails) auth.getPrincipal();
ArrayList roles = new ArrayList();
GrantedAuthority[] grantedRoles = userDetails.getAuthorities();
for (int i = 0; i < grantedRoles.length; i++) {
roles.add(grantedRoles[i].getAuthority());
}
userSessionDetails.put("username", userDetails.getUsername());
userSessionDetails.put("roles", roles);
return userSessionDetails;
}
}
securityContext.xml
<security:http auto-config="true">
<!-- Don't authenticate Flex app -->
<security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Don't authenticate remote calls -->
<security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<security:global-method-security secured-annotations="enabled" />
<bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl">
<property name="securityContextFacade" ref="securityContextFacade" />
</bean>
<bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" />
flexContext.xml
<flex:message-broker>
<flex:secured />
</flex:message-broker>
<flex:remoting-destination ref="securityService" />
<security:http auto-config="true" session-fixation-protection="none"/>
FlexSecurityTest.mxml
<mx:Application ... creationComplete="init()">
<mx:Script><![CDATA[
[Bindable]
private var userDetails:UserDetails; // custom VO to hold user details
private function init():void {
security.getUserDetails();
}
private function showFault(e:FaultEvent):void {
if (e.fault.faultCode == "Client.Authorization") {
Alert.show("You need to log in.");
// show the login form
} else {
// submit a ticket
}
}
private function showResult(e:ResultEvent):void {
userDetails = new UserDetails();
userDetails.username = e.result.username;
userDetails.roles = e.result.roles;
// show user the application
}
]]></mx:Script>
<mx:RemoteObject id="security" destination="securityService">
<mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" />
</mx:RemoteObject>
...
</mx:Application>
If you use Spring Blazeds integration , you can implement getUserDetails method using org.springframework.flex.security.AuthenticationResultUtils.
public Map<String, Object> getUserDetails() {
return AuthenticationResultUtils.getAuthenticationResult();
}