Jul 08 2008

LiveCycle Data Services and Java EE container managed security

Published by Marc Meewis at 4:14 pm under Adobe Flex,Dr Flex Question,LiveCycle Data Services ES

Disease

You want to authenticate via a Flex application and still leverage Java EE container managed security.

Prescription

With LiveCycle ES Data Services you can authenticate users using the Flex application and you can pass these credentials on to the back-end where they will be verified by the container. The server-side Flex Session give you access to the Principal object. Through the use of roles you can authorize users to invoke LiveCycle ES Data Services endpoints or avoid users invoking specific LiveCycle ES Data Services assembler methods.

Following steps explain how to set this up on Tomcat 5.5.

  • Download the source of this sample from Adobe share and import the Flex project
  • Configure container managed security in Tomcat.
  • Follow the steps in $LCDSHOME/resources/security/tomcat/readme.txt (download LiveCycle ES Data Services)
  • Create a LiveCycle ES Data Services project in Eclipse (Dr. FLex & Dr. LiveCycle)
  • In your project, create a context.xml under META-INF/
 

<Context>
      <Realm className="org.apache.catalina.realm.MemoryRealm" />
      <Valve className="flex.messaging.security.TomcatValve"/>
</Context>

  
  • In your project, edit services-config.xml in WEB-INF/flex, the <security> tag should point to the following login command:
 

<security>
    <login-command class="flex.messaging.security.TomcatLoginCommand"
                               server="Tomcat">
      <per-client-authentication>false</per-client-authentication>
    </login-command>

</security>

  
  • To pass on the credentials captured in your Flex application to your back-end you can use (see main.mxml in the code sample):
 

personDS.setCredentials(username.text, password.text);

 

      personDS is a LiveCycle ES Data Services Data Management endpoint

  • The container will only allow you to access the LiveCycle ES Data Services endpoint when these credentials are valid.
  • To obtain the Principal in the LiveCycle ES Data Services assembler you execute (see PersonAssember in the code sample). For more info on assemblers, go to Dr Flex & Dr. LiveCycle or consult the LiveCycle Data Services Developer Guide.
  Principal principal = FlexContext.getUserPrincipal();  

 

Tips to stay healthy :

You can extend this further by leveraging the integration between LiveCycle ES Data Services and Java EE security by protecting resources via roles to allow only specific users to invoke Data Services endpoints.

Embedding the following in your LiveCycle ES Data Services data-management-config.xml file, you can avoid users not having the correct role to invoke this endpoint (see sample code):

 

<destination id="persons">

    <adapter ref="java-dao" />
    <security>
        <security-constraint>
            <auth-method>Custom</auth-method>
            <roles>
                <role>help</role>
            </roles>
        </security-constraint>
    </security>

    ….

One response so far

One Response to “LiveCycle Data Services and Java EE container managed security”

  1. # vlad2005on 29 Apr 2009 at 11:54 pm

    Where is sample code for PersonAssembler?

Trackback URI | Comments RSS

Leave a Reply