3 Replies Latest reply on Nov 29, 2011 1:22 PM by Rohit . Kumar

    Authentication works but not Authorization with Custom Tomcat Login

    RupakKhurana Level 1

      Hello,

      I am following the steps mentioned in LCDS guide on setting up Tomcat (6.0.33) login. The configuration file details are mentioned below... Based on that, my observation is that the user "tomcat" and "rupak" can login successfully. However the remotingService called AdminControlService has security constraint of trustedAdmin and the user rupak or tomcat dont have the roles of twsadmin but the login is successful on amfChannel for these users while I expect it to fail because of the security constraint of trustedAdmin associated with it.. The security constraint trustedAdmin only defines roles for twsadmin so ideally any user that does not have this role should fail login. What am I missing?

       

      thanks

      Rupak

       

       

       

      tomcat-users.xml

       

      <tomcat-users>
        <role rolename="tomcat"/>
        <role rolename="role1"/>
        <role rolename="twsadmin"/>
        <role rolename="twsuser"/>


        <user username="tomcat" password="tomcat" roles="tomcat"/>
        <user username="both" password="tomcat" roles="tomcat,role1"/>
        <user username="role1" password="tomcat" roles="role1"/>
        <user username="rupak" password="pwd123" roles="twsuser"/>

      </tomcat-users>

       

       

      services-config.xml

       

      <services-config>
          <security>
             <login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>       
             
              <security-constraint id="trustedAdmin">
                  <auth-method>Custom</auth-method>
                  <roles>
                      <role>twsadmin</role>
                  </roles>
              </security-constraint>       

       

              <security-constraint id="trustedUser">
                  <auth-method>Custom</auth-method>
                  <roles>
                      <role>twsuser</role>
                  </roles>
              </security-constraint>       
             
          </security>

          <services>
              <service id="AdvancedMessagingSupport" class="flex.messaging.services.AdvancedMessagingSupport">
                  <default-security-constraint ref="trustedUser"/>
              </service>

              <service-include file-path="remoting-config.xml" />
              <service-include file-path="proxy-config.xml" />
              <service-include file-path="messaging-config.xml" />
              <service-include file-path="data-management-config.xml" />
              <service class="fiber.data.services.ModelDeploymentService" id="model-deploy-service">
                  <!--default-security-constraint ref="trustedUser"/-->
              </service>
              
              <default-channels>
                 <channel ref="my-rtmp"/>
              </default-channels>

          </services>

      ...

      ...

      </services-config>

       

       

      remoting-config.xml

       

      <service id="remoting-service"
          class="flex.messaging.services.RemotingService">

          <adapters>
              <adapter-definition id="java-object" class="flex.messaging.services.remoting.adapters.JavaAdapter" default="true"/>
          </adapters>

       

          <default-channels>
              <channel ref="my-amf"/>
          </default-channels>

       

          <destination id="AdminControlService">
              <properties>
                  <source>com.foo.myClassName</source>
                  <scope>application</scope>
              </properties>
              <security>
                  <security-constraint ref="trustedAdmin"/>
              </security>
          </destination>

      </service>

       

       

      mxml & ActionScript

       

      <fx:Declarations>

        <s:RemoteObject id="adminService"

            destination="AdminControlService"

            requestTimeout="0"

            fault="adminFaultHandler(event)"

           result="adminResultHandler(event)">

        </s:RemoteObject>

       

      </fx:Declarations>

       

      .....

      ......

       

      RTMPURL=http://<ip>:<RTMPport>

      AMFURL = http://<ip>:<HTTPport>/MyServer/messagebroker/amf

      rtmpChannel.addChannel(new RTMPChannel"CustomRTMP", RTMPURL));

      amfChannel.addChannel(new  AMFChannel("myCustomAMF",AMFURL))

      adminService.channelSet = amfChannel;

       

      ...

      ...

      private function login(username:String, password:String):void
      {
          //login to RTMP channel
          if(rtmpChannel.authenticated == false){
           token = rtmpChannel.login(username, password);    
           token.addResponder(new AsyncResponder(RTMPLoginResultEvent, RTMPLoginFaultEvent));
         }

       

        if (amfChannel.authenticated == false)

        {

          tokenAMF = amfChannel.login(username, password);

          tokenAMF.addResponder(new AsyncResponder(AMFLoginResultEvent, AMFLoginFaultEvent));

        }

      }