been searching without finding a lot of clarity on the matter
I'm building a flex application that communicates through flash remoting with CF9 cfc methods
I want to make sure my some cfc methods are accessible only by authenticated users
how do I prevent from someone bypassing the flex interface and calling them directly?
I'm looking for the simplest way to implement it
is then an easy built-in mechanism / tutorial to implement?
it sounds like it make sense to authenticate a user and have cf return an accsess token that would be kept on the server
so does it mean that each flex call to cf should include this token?
what about the cfc's? do I need to construct a central cfc to rout all calls and check the access token before routing & processing any DB query?
I would REALLY appeciate a clean minimal solution
thanks a million
observing the network communication between the flex client and the server
I realized each AMF packet actually has a header that contains a JSESSIONID variable by default
first of all - how can I access this token on the AMF packet header from a cfc method?
and second - do I need to add this token once a user had been authenticated on the cf9 side to some session dictionary containing all authenticated users?
what is the simplest way to validate each cfc method agaist this session dictionary?
do I need to implement it manually on each cfc method I've created?
I realize I'm guessing my way around here
and sure this is quite a generic question
not wanting to re-invent the wheel, yet trying to avoid over complexity
would really appreciate some clarity
this is truely surprising
such a generic situation, an application with user authentication
yes, true, it is a flex client and a coldfusion server
so? how do you implement it in this scenario?
not a clear answer in sight
as if it was such an isoteric question...
I hope it's the weekend...
come on people!!!
give us a hand! wil ya?
Europe, Middle East and Africa