Flex 2 Developer's Guide > Data Access and Interconnectivity > Configuring Data Services > Securing destinations

Securing destinations

When a destination is not public, you can restrict access to a privileged group of users by applying a security constraint in a destination definition in the Flex services configuration file. A security constraint ensures that a user is authenticated, by using custom or basic authentication, before accessing the destination. By default, Flex Data Services security constraints use custom authentication. A security constraint can also require that a user is authorized against a user store before accessing a destination. A user store is a repository that contains security attributes of users.

Authentication is the process by which a user proves his or her identity to a system. Authorization is the process of determining what types of activities a user is permitted to perform in a system. After users are authenticated, they can be authorized to access specific resources.

You can declare a security constraint for a destination inline in a destination definition when the security constraint is used with only one destination. The following example shows a security constraint that is declared in a destination definition:

<service>
...
    <destination id="roDest">
...
        <security>
            <security-constraint>
                <auth-method>Custom</auth-method>
                <roles>
                    <role>roDestUser</role>
                </roles>
            </security-constraint>
        </security>
    </destination>
...
</service>

You can also declare a security constraint globally. When several destinations use the same security settings, you should define one security constraint in the security section of the Flex services configuration file and refer to it in each destination. The following example shows a security constraint that is referenced in two destination definitions:

<service>
    <destination id="SecurePojo1">
...
        <security>
            <security-constraint ref="trusted"/>
        </security>
    </destination>
    <destination id="SecurePojo2">
...
        <security-constraint ref="trusted"/>
    </destination>
...
</service>
...
<security>
    <security-constraint id="trusted">
        <auth-method>Custom</auth-method>
        <roles>
            <role>trustedUsers</role>
        </roles>
    </security-constraint>
...
</security>

Subtopics

Passing credentials from client-side components
Basic authentication
Custom authentication

Flex 2.01

Take a survey