This content has been marked as final. Show 3 replies
Typically you should be using J2EE within LiveCycle DS for this. Here are the livedocs,
In general, I would think part of that is because anything running on Flex is insecure by its nature (debuggable). Ie. hiding some controls on a form is trivial, but someone could figure out a way to make them show, or the api calls or whatever. RBAC would need to occur on the server. It might be possible to put you priveledged user functionality in a Module that was only accessible by authenticated users.
You need to secure your web service, and also do the user authentication with the web service. ie. when a user logs in, they need to be autheticated with a secure web service that checks your database. Flex is just a presentation layer. You can have some business logic in the presentation layer, but most should be in it's own layer. You should have 3 layers:
1. Presentation Layer - Flex
2. Biz logic layer - Secure Web Services
3. Data Layer - Database (MySql, Sql Server, whatever)
The logic for authenticating a user should reside in the biz logic layer - which would be comprised of secure web services that interact with the data layer.