Blazeds 和 Spring security,remember-me 可以用在这个组合中吗?
我正在使用最新版本的 Spring Blzeds 集成,它具有一些功能,可以更轻松地保护目标对象上的调用。 然而,我使用的基本设置(使用 ChannelSet 登录方法形成 Flex 端)会在每次页面刷新时丢失身份验证信息(会话)。 这是我正在使用的配置:
<http entry-point-ref="preAuthenticatedEntryPoint" >
</http>
<beans:bean id="preAuthenticatedEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
<beans:bean id="userAccountManager" class="com.comp.service.managers.jpa.UserAccountJpaManager" />
<beans:bean id="userService" class="com.comp.auth.JpaUserDetailsService" />
<beans:bean id="defaultPasswordEncoder" class="com.comp.auth.DefaultPasswordEncoder" />
<authentication-provider user-service-ref="userService">
<password-encoder ref="defaultPasswordEncoder"/>
</authentication-provider>
<flex:message-broker>
<flex:secured />
</flex:message-broker>
<bean id="testService" class="com.comp.service.TestService">
<flex:remoting-destination channels="comp-amf" />
<security:intercept-methods>
<security:protect method="say*" access="ROLE_USER" />
</security:intercept-methods>
</bean>
是否有另一种方法来配置/实现它,以便我可以获得持久会话(记住我)。 是否可以通过标准 HTTP POST(如表单)从 Flex 进行登录,并且仍然获得相同级别的粒度来保护远程对象调用?
I'm using the latest release of Spring Blzeds integration which has some features making it easier to secure invocations on destination objects. However the basic setup I use which uses the ChannelSet login approach form the flex side looses the authentication information (sessions) on each page refresh. Here's the configuration I'm using:
<http entry-point-ref="preAuthenticatedEntryPoint" >
</http>
<beans:bean id="preAuthenticatedEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
<beans:bean id="userAccountManager" class="com.comp.service.managers.jpa.UserAccountJpaManager" />
<beans:bean id="userService" class="com.comp.auth.JpaUserDetailsService" />
<beans:bean id="defaultPasswordEncoder" class="com.comp.auth.DefaultPasswordEncoder" />
<authentication-provider user-service-ref="userService">
<password-encoder ref="defaultPasswordEncoder"/>
</authentication-provider>
<flex:message-broker>
<flex:secured />
</flex:message-broker>
<bean id="testService" class="com.comp.service.TestService">
<flex:remoting-destination channels="comp-amf" />
<security:intercept-methods>
<security:protect method="say*" access="ROLE_USER" />
</security:intercept-methods>
</bean>
Is there another way to configure/implement this so I could get persistent sessions (remember me). Is it possible to do the logins from flex over standard HTTP POST (like forms) and still get the same level of granularity for protecting remote object calls?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试将其添加到您的配置中:
Try adding this to your config: