Today, every application must take security into account. While security covers a wide range of areas, this article focuses on application security and more specifically, user authentication and authorization. Authentication verifies that the user is who he says he is, while authorization verifies that the current user has permission to do what he wants to do.

To illustrate these concepts, this article uses a sample Flex application that manages and displays lists of books. This Flex client uses BlazeDS to talk to a server that runs another application built using the Spring framework. The sample is a complete application that demonstrates the many facets of securing an application that uses Flex on the client side.

One of the modules the Spring framework provides is Spring Security (formerly known as Acegi). The Spring Security module takes care of the authentication as well as the authorization of remote services. I am not going to focus on the Spring integration since that has already been covered by Sébastien Arbogast in a series of articles on Adobe Developer Connection titled "The Flex, Spring, and BlazeDS full stack".

Requirements

Flex Builder 3

• Try
• Buy

BlazeDS

• Download

Spring

• Download

Maven

• Download

JDK 6

• Download

Sample files:

• flex_security.zip (ZIP, 75K)

Prerequisites

A basic understanding of the Flex event model, Java web applications, and the Spring framework is required.

Attributions

The Flex, Spring, and BlazeDS full stack:

• Creating a Flex module
• Writing the to-do list server
• Putting the application together

• Securing your Flex application with Spring Security and Active Directory
• BlazeDS, Spring, and Acegi Security – Part 3

This work is licensed under a Creative Commons Attribution-Noncommercial 3.0 Unported License.

Page 1 of 5

Next Page

About the author