将 JSESSIONID cookie 获取到独立 BlazeDS 应用程序消息中
我有一个使用 BlazeDS 的 Flex 应用程序与使用 Spring Security 的 Web 应用程序进行对话。在正常使用期间,用户在运行 Flex 应用程序之前已经登录到 Web 应用程序,因此浏览器负责在传出消息上传递 JSESSIONID 会话 Cookie,以便 Web 应用程序知道它们来自谁。
但是,我希望能够从 IDE (IntelliJ IDEA) 运行 Flex 应用程序进行调试,这意味着之前没有登录,因此没有现有会话。我放入了一些代码——只是为了调试的目的——首先发送登录消息。这有效,并且 JSESSIONID cookie 随响应一起提供,但我不知道如何将其附加到应用程序进行的后续 BlazeDS 远程调用。
是否有某种通道配置可以做到这一点,或者其他方法?如果您要向我指出 BlazeDS/SpringSecurity 预身份验证示例,我很欣赏这个想法,但我们已经有了相当复杂的 Spring Security 配置,我不想搞乱它。
顺便说一句,当我尝试按照建议在 RemoteObject 的 ChannelSet 上调用 login() 时,却发现 ChannelSet 为空,我感到有点不安。我不明白这是怎么回事,因为远程调用使用——我只能假设——services-config.xml 中定义的 AMF 通道来工作。无论如何,我不知道 login() 是否可以通过将 j_username 和 j_password 发送到 /j_spring_security_check 来工作,所以它可能不合适;当然,我仍然会留下这个查询的主题,即会话创建后如何使用它。
我不认为这有助于解释任何事情,但我将包括一些代码和配置片段...
登录:
<mx:HTTPService id="loginRequest" url="http://fiddler:8080/app/j_spring_security_check" useProxy="false"
method="POST" result="handleLoginResult(event)">
<mx:request xmlns="">
<j_username>username</j_username>
<j_password>password</j_password>
</mx:request>
</mx:HTTPService>
RemoteObject:
<mx:RemoteObject id="remoteObject" destination="blazebackend">
<mx:method name="getConfigData" result="handleConfigDataResult(event)" fault="handleFault(event)"/>
<mx:method name="addSession" result="handleAddSessionResult(event)" fault="handleFault(event)"/>
</mx:RemoteObject>
通道:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="/{context.root}/app/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>
TIA。
I have a flex app using BlazeDS to talk with a web app using Spring Security. During normal use the user has already logged into the web app before running the flex app, so the browser takes care of passing the JSESSIONID session cookie on the outgoing messages so the web app knows who they're coming from.
However, I'd like to be able to run the flex app from my IDE (IntelliJ IDEA) for debugging, which means there's been no previous login and thus no existing session. I put some code in -- just for the purpose of debugging -- to first send a login message. That works, and the JSESSIONID cookie comes with the response, but I don't know how to attach it to the subsequent BlazeDS remoting calls that the app makes.
Is there some sort of channel configuration that does this, or some other method? And if you're going to point me to the BlazeDS/SpringSecurity preauthentication example, I appreciate the thought, but we already have a fairly involved configuration of Spring Security and I don't want to mess with that.
As an aside, I was a bit disconcerted when I tried to follow a suggestion to call login() on the RemoteObject's ChannelSet, only to find that the ChannelSet was null. I don't see how that can be, since the remoting calls work, using -- I can only assume -- the AMF channel defined in the services-config.xml. Anyway, I don't know whether login() works by sending j_username and j_password to /j_spring_security_check anyway, so it might not have been appropriate; and of course I'd still be left with the subject of this query, which is how to use the session once it's been created.
I don't think it'll help to explain anything, but I'll include some code and config snippets...
The login:
<mx:HTTPService id="loginRequest" url="http://fiddler:8080/app/j_spring_security_check" useProxy="false"
method="POST" result="handleLoginResult(event)">
<mx:request xmlns="">
<j_username>username</j_username>
<j_password>password</j_password>
</mx:request>
</mx:HTTPService>
The RemoteObject:
<mx:RemoteObject id="remoteObject" destination="blazebackend">
<mx:method name="getConfigData" result="handleConfigDataResult(event)" fault="handleFault(event)"/>
<mx:method name="addSession" result="handleAddSessionResult(event)" fault="handleFault(event)"/>
</mx:RemoteObject>
A channel:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="/{context.root}/app/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>
TIA.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 Eclipse,当部署在本地主机或远程服务器上时,您可以在 Eclipse IDE 内进行调试,方法是在开始调试时配置“要使用的 Url 或路径” 。
JESSIONID 意味着您正在使用 Java EE 身份验证,ChannelSet 的登录方法可用于自定义和/或基本身份验证(可以是或不是 Java EE 身份验证),我认为最适合您的是部署在localhost,或者最终在调试时删除安全性。
Using Eclipse you can debug inside Eclipse IDE when deployed on a localhost or remote server by configuring the "Url or path to use" when starting debugging.
JESSIONID means that you're using Java EE authentication, the login method of the ChannelSet can be used for a custom and or Basic authentication (that can be or not a Java EE authentication), I think the best for you is to deploy on a localhost, or eventually remove security when debugging.