8 Replies Latest reply on May 30, 2006 10:13 AM by poonamsheth

    problem with jsp login and flex

      hello all,

      i have come acroos an issue and i hope someone else has come across the same issue. i'm using a jsp login for auth before they get to my flex app. when they get there i keep getting the error...httpservice fault: a start tag has no corresponding end tag. normally when i see this i know that the xml file is messed up, but here is what i get when i look at the logs:

      04/21 18:19:52 INFO -- Begin GET response --
      04/21 18:19:52 INFO <?xml version="1.0" encoding="ISO-8859-1"?>

      <form method="POST" action='j_security_check' >
      <table width="100%" height="100%" valign="middle" align="center" border="0" cellspacing="5">
      <table width="100%" valign="middle" align="center" border="0" cellspacing="5">
      <td align="center"><h3>Login</h3></td>
      <td align="center" height="20">Username: <input type="text" name="j_username"></td>
      <td align="center" height="20">Password: <input type="password" name="j_password"></td>
      <td align="center" colspan="2"><input type="reset">   <input type="submit" value="Log In"></td>


      04/21 18:19:52 INFO -- End GET response --
      04/21 18:19:52 INFO -- GET status: 200, reason: OK, target:

      as you can see for some reason when flex makes the data service all in includes the login page which seems to stop the whole proccess somehow. it never brings in the data. any help would be greatly appreciated.


        • 1. Re: problem with jsp login and flex
          ntsiii Level 3
          Clearly, the server is sending out an HTML login form. This sounds like the behavior of "basic" authentication in J2EE. Perhaps you need to configure the server to use "custom" authentication?

          Or let the user log in with the html form, and then call the flex app?

          This is well outside my experience so I don't know what to suggest. Sorry.

          • 2. Re: problem with jsp login and flex
            maxkool Level 1
            Thanks for the reply. The wierd thing is when I set it to basic auth (thats when just the login window pops up) it works fine. But when I set it for form on the web.xml file it doesnt work. I have read that when you use remote object services you need to specify what auth to use but this app is using httpservice which from what I can tell you don't need to do that.


            ps thanks for you help on the data refresh problem i was having before!
            • 3. Re: problem with jsp login and flex
              ntsiii Level 3
              The powerhouses at Cynergy monitor this forum, perhaps they will be able to help you some more. In the meantime, try searching the archive here for "basic" and "custom" and "authentication".

              • 4. Re: problem with jsp login and flex
                Joekin Level 1
                In your code, this is not alid in XML - action='j_security_check' . It's supposed to be
                • 5. Re: problem with jsp login and flex
                  poonamsheth Level 1
                  something about autentication :

                  When a destination is not public, you can restrict access to a privileged group of users by applying a security constraint in a destination definition in the Flex services configuration file. A security constraint ensures that a user is authenticated, by using custom or basic authentication, before accessing the destination. By default, Flex Data Services security constraints use custom authentication.

                  Basic authentication
                  Basic authentication relies on standard J2EE basic authentication from the web application container. To use this form of authentication, you secure a resource, such as a URL, in the web application's web.xml file. When you use basic authentication to secure access to destinations, you usually secure the endpoints of the channels that the destinations use in the web.xml file.

                  The following example shows a configuration for a secured channel endpoint in a web.xml file:

                  <web-resource-name>Protected Channel</web-resource-name>




                  • 6. Re: problem with jsp login and flex
                    poonamsheth Level 1
                    Custom authentication
                    As an alternative to basic authentication, you can use custom authentication and create a custom login form in MXML to match the appearance of your application.

                    For custom authentication, Flex uses a custom login adapter, known as a login command, to check a user's credentials and log a principal into the application server. A login command must implement the flex.messaging.security.LoginCommand API. You can register multiple login commands in the security section of the Flex services configuration file. The server attribute of the login-command element is used to perform a partial match against the value returned by the servletConfig.getServletContext().getServerInfo() method. The server value must be a case-insensitive match of an initial substring of this value or the entire string.

                    You can use a login command without roles for custom authentication only, but if you also want to use custom authorization, you must link the specified role references to roles that are defined in your application server's user store.

                    Flex Data Services includes login command implementations for Adobe JRun and Apache Tomcat, Oracle Application Server, BEA WebLogic, and IBM WebSphere, as the following example shows:

                    <login-command class="flex.messaging.security.JRunLoginCommand"
                    <login-command class="flex.messaging.security.TomcatLoginCommand"
                    <login-command class="flex.messaging.security.OracleLoginCommand"

                    <login-command class="flex.messaging.security.WeblogicLoginCommand"
                    <login-command class="flex.messaging.security.WebSphereLoginCommand"

                    • 7. Re: problem with jsp login and flex
                      poonamsheth Level 1

                      its like HTMLWrapper in Flex and SSL

                      PRB: Security Warning Message Occurs When You Browse to a Page That Contains an IFRAME Through SSL

                      This occurs when the page contains an IFRAME that does not specify a SRC attribute.

                      • 8. Re: problem with jsp login and flex
                        poonamsheth Level 1
                        Anatomy of a Flex MXML Request

                        The initial HTTP request from a browser for an mxml page made to a Macromedia Flex application will generate a series of HTTP Request/Response pairs due to the multiple pieces that comprise a Flex presentation tier interface. Specifically, the HTTP response first returns an HTML wrapper containing the appropriate Embed and Object tags to contain the Flash SWF file. That wrapper also contains references to other HTML and JavaScript files that (partially) provide the History Management feature. As the browser makes additional calls back to Flex for the remaining pieces, the second HTTP Request that occurs is for a small piece of JavaScript code. The third piece of HTTP traffic is a request for the {filename}.mxml.swf file (note the double extension). This request is intercepted by the MXML Servlet which will perform the content cache routine and then return a SWF back to the browser in the response, which is the primary interface to the Flex application. The fourth request is to the flex-internal servlet for a smaller SWF file which contributes to the History Mangement functionality. Together, when a simple mxml application file loads in the browser, there are 4 HTTP Request and Response pairs.

                        The Flex History Management feature provides the ability to use the browser's BACK button while traversing through a multiple tabbed panels or windows in Flex SWF interface. Normally, when viewing some type of Flash movie or interface the browser's BACK button does not capture the traversal through the interface, but in Flex the History Management allows you to back up in the Flash presentation interface. When viewing the source of the HTML wrapper code in the initial request, there are several references to the HTML and JavaScript components that implement some of the Flex History Management, and a dynamically generated reference to the History Management SWF file. These references include:

                        * /{context_root}/flex-internal?action=js

                        * /{context_root}/flex-internal?action=swf

                        * /{context_root}/flex-internal/history/history.html

                        Note that these references pass through the flex-internal path, which is a servlet mapping provided by Flex. These three components that implement the History Management feature are built into Flex, and the developer need not worry about providing or modifying them.

                        A simple example is shown here. This mxml code provides a panel having three tabs, each with different content. The user can click through the tabs, and then use the back button to return to previous views of the tabbed panels. Also provided below is a summary of the HTTP traffic that occurs when navigating this rather trivial application. Note the 4 initial HTTP Request/Response pairs, followed by requests for history.html and action=swf, which continue to be trafficked when as the user navigates the application.

                        Also note that in ACTION 6 below, which represents the user clicking REFRESH or F5 in the browser, the primary SWF for the Flex application is not sent across the wire again, but rather the Flex server returns a 304 status code for Not Modified, which reduces load on the server. This behavior is occurs when Flex is configured for production mode=true. Production mode for Flex is similar to Trusted Cache in ColdFusion because Flex will not check to see if the mxml source has been modified, and rather just serve from the content cache. Dynamic behavior is maintained in the Flex application by HTTP Service, WebService, and Remote Object callbacks, as well as client-side ActionScript.

                        just check this link for the example:


                        i hope it would clear ur doubts.