2 Replies Latest reply on Jan 10, 2008 9:05 AM by m_hartnett

    Flex Field Level Security

      We are experienced J2EE developers working to build our first Flex/J2EE application (but very new to Flex). We are familiar with the server side J2EE security model. However, how have you guys tackled client-side field level security. For example, how would I implement disabling/hiding a text input field if a user is not in a certain J2EE role. Can the MXML executing on the client side query J2EE roles just like a server-side standard JSP?
        • 1. Re: Flex Field Level Security
          paulfeuer Level 1
          flex is running on the client side just like javascript. so, as in javascript, you'll have to issue a call to your server to get any server-side information about the user. you can stuff like HTTPService or URLLoader and register a listener on the appropriate event to evaluate the server response when its ready.

          • 2. Flex Field Level Security
            m_hartnett Level 3
            As paulfeuer says you will need to make a call to your server that returns a remote object or xml. Obviously your remote object or xml is built based on the security of the user.

            For your security issue you should have a Model object that holds all your security data (and a lot of other data). The model object should be Bindable. This is a singleton object.

            All your objects that need to be disabled and enabled can have their enable property manipulated by binding their value to values in your Model.

            We are a J2EE shop as well and this is how we maintain our security,

            If you want a better understanding of Model design pattern you should also take a look at Cairngorm micro-architecture for Flex. It is written by some Adobe guys and implements MVC design pattern.

            Here is a great article on Cairngorm. It explains the ModelLocator pattern very well.
            ( http://www.adobe.com/devnet/flex/articles/cairngorm_pt1.html)

            In my opinion, data binding is one of the most important concepts to understand in Flex. By binding all your enable properties to a single location (your model) your entire application can be configured from a single source. No if statements at all.

            For dynamically creating XML we use JDOM.

            Good Luck