BlazeDS Custom Authentication

Here are the steps to roll your own BlazeDS Custom Authentication:

You’ll need to write a Java Class that implements the following class(es):

flex.messaging.security.LoginCommand;
flex.messaging.security.LoginCommandExt;

For example:

package com.dl.login;

import flex.messaging.security.LoginCommand;
import flex.messaging.security.LoginCommandExt;

import com.dl.login.UserVO;

public class LoginProxy implements LoginCommand,LoginCommandExt
{
public Principal doAuthentication(String username, Object attributes)
{

String password = (String)attributes;
//At this point you’d typically check against a datastore / LDAP / etc

if(username.equals(“riafan”) && password.equals(“mysecret”))
{
UserVO vo = new UserVO(username);
return vo;
}
return null;
}

public boolean doAuthorization(Principal user, List roles)
{

UserVO u = (UserVO)user;

if(u == null)
return false;

for(int i=0;i<roles.size();i++)
{
String role = (String)roles.get(i);
if(u.hasRole(role))
return true;
}
return false;
}

public boolean logout(Principal arg0) {
// TODO Auto-generated method stub
return false;
}

public void start(ServletConfig arg0) {
// TODO Auto-generated method stub

}

public void stop() {
// TODO Auto-generated method stub

}

public String getPrincipalNameFromCredentials(String arg0, Object arg1) {
// TODO Auto-generated method stub
return null;
}
}

In this example UserVO must implement java.security.Principal

package com.dl.login;

import java.security.Principal;

public class UserVO implements Principal
{

public String [] groups;
public String username;

public UserVO(String username)
{
this.username = username;
// Make sure we apply the array groups (roles) this user belongs to at some point 🙂
}

public String getName() {

return this.username;
}

public boolean hasRole(String role)
{
for(int i=0;i<groups.length;i++)
{
if(groups[i].equals(role))
return true;
}
return false;
}

}

Okay, now we just need to point the services-config.xml to our class
<security>

<login-command class=”com.dl.login.LoginProxy” server=”all”>
<!– a.k.a. true = per ‘tab’ authentication –>
<!– when set to true a browser refresh will also reset auth –>
<per-client-authentication>false</per-client-authentication>
</login-command>

<security-constraint id=”trusted”>
<auth-method>Basic</auth-method>
<roles>
<role>guests</role>
<role>accountants</role>
<role>employees</role>
<role>managers</role>
</roles>
</security-constraint>

</security>

That’s it.

To actually secure a destination, use the remoting-config.xml

<destination id=”AlertProxy” >
<properties>
<source>com.dl.alerts.AlertDAO</source>
<scope>application</scope>
</properties>

<security>
<security-constraint ref=”trusted”/>
</security>

</destination>

jQuery, Objective C

I’ve been diving into both as I’m looking to land some more iPhone projects. I’m really excited with the breath of fresh air the platform provides.

The big question this year….

WWDC 2010 or MAX 2010

MAX has been great, I’ve met some really great members of the community. For those of us who are Flex veterans, the conference seems a bit light, at least that’s the impression I’ve had the past two years.

Looking over the 2009 sessions of WWDC, I’m impressed, looks like a lot of great sessions.

Cheers
Josh

Debugging Apache

Problem: Apache quit working

Solution: Debug via gdb httpd2

Apache quit working after some network changes. The error log contained numerous

child pid 20038 exit signal Segmentation fault (11) lines.

Running gdb httpd2 along with a backtrace (bt) revealed the function / line of code throwing the error. The problem was quickly tracked down to the LDAP config (ldap.conf).

BlazeDS Context.xml

While deploying a BlazeDS project, I ran into a small problem that the META-INF/context.xml was not being loaded by tomcat.

The context.xml has a simple JNDI datasource defined

Reading up on the tomcat docs it became obvious that tomcat was loading the Adobe BlazeDZ tomcat/conf/context.xml.