This content has been marked as final. Show 2 replies
For deploying to AIR, take a look at http://labs.adobe.com/wiki/index.php/AIR:HTML_Security_FAQ.
FYI. For Flex applications deployed to Flash Player, in the generic use case you have to look no farther than the existing web application security.
Since Flex applications run in Flash Player in an HTML wrapper, Flex utilizes the same security model as all web-based applications. The web application has a deployment descriptor (web.xml) that restricts resources based upon URL patterns, names the security roles that are allowed to access these resources, and names the users, or groups of users, in each role. Next, you choose an authentication method, typically BASIC or FORM-based. For FORM-based, you develop a login interface (in HMTL or Flex) that POSTs to the action 'j_security_check' which is defined in the Servlet API spec and recognized by the application servers HTTP server. Once authenticated, Flash Player then inherits the security context of the browser container and you are on your way.
The following docs provide more detail:
I hope that helps.
Thanks for the reply. I have problem in showing the login page to the user. I used JAAS security in my web.xml and restricted the access to all pages. I mentioned login.html as the login page and login.swf is wrapped inside login.html.
But Flash Player is not loading login.swf with JAAS security. Without JAAS, its able to load the swf file. What is preventing flash player to do this.