5.4. Leveraging Spring Security

Spring has a very flexible and robust set of framework components that help implement sophisticated security profiles and constraints, including the most commonly used authentication and authorization patterns. In standard BlazeDS, security is typically delegated to the underlying container in which BlazeDS is deployed.

Spring BlazeDS provides an alternative mechanism for implementing security other than that provided by standard BlazeDS. If Spring is your primary server-side framework, leveraging Spring security with your Flex and Spring application is a good idea.

In the simplest case, you can define a role-based login using in-memory definitions. A configuration for such a simple in-memory definition is:

<authentication-provider>
    <user-service>
        <user name="admin" password="secret" authorities="ROLE_ADMIN,ROLE_USER" />
        <user name="aUser" password="somePassword" authorities="ROLE_USER" />
        <user name="anotherUser" password="someOtherPassword" disabled="true"
        authorities="ROLE_USER" />
    </user-service>
</authentication-provider>

This configuration could be better organized by externalizing the user-service content to a file, say users.properties, that could be located in the WEB-INF/config folder. The configuration would then be as follows:

<authentication-provider>
    <user-service properties="/WEB-INF/config/users.properties" />
</authentication-provider>

Alternatively and more likely in most enterprise applications, the security will be more complicated ...

Get Professional BlazeDS: Creating Rich Internet Applications with Flex® and Java® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.