Flex 2 Developer's Guide > Data Access and Interconnectivity > Configuring Data Services > Securing destinations > Passing credentials from client-side components

Passing credentials from client-side components

To send user credentials to a destination that uses a security constraint, you specify user name and password values as the parameters of the setCredentials() method of the RemoteObject, HTTPService, WebService, DataService, Publisher, or Consumer component that you are using in your application. You can remove credentials by calling the component's logout() method.

NOTE

 

Calling the setCredentials() or setRemoteCredentials() method has no effect when a service component's useProxy property is set to false.

The following example shows ActionScript code for sending user name and password values from an HTTPService component to a destination:

import mx.rpc.http.HTTPService;

var employeeHTTP:HTTPService = new HTTPService();
employeeHTTP.destination = "SecureDest";
employeeHTTP.setCredentials("myUserName", "myPassword");
empoyeeHTTP.send({param1: 'foo'});

You can use the setRemoteCredentials() method to pass credentials to a remote HTTP service or web service that requires them. For example, when using an HTTPService component, you can pass credentials to a secured JSP page. The credentials are sent to the destination in message headers.

You can also call the setRemoteCredentials() method for Remoting Service destinations that are managed by an external service that requires user name and password authentication, such as a ColdFusion Component (CFC).

Passing remote credentials is distinct from passing user name and password credentials to satisfy a security constraint defined in the Flex services configuration file. However, the two types of credentials can be used in combination.

The following example shows ActionScript code for sending remote user name and remote password values to a destination. The destination configuration passes these credentials to the actual JSP page that requires them.

var employeeHTTP:mx.rpc.http.HTTPService = new HTTPService();
employeeHTTP.destination = "secureJSP";
employeeHTTP.setRemoteCredentials("myRemoteUserName", "myRemotePassword");
employeeHTTP.send({param1: 'foo'});

As an alternative to setting remote credentials on a client at run time, you can set remote credentials in remote-username and remote-password elements in the <properties> section of a server-side destination definition. The following example shows a destination that specifies these properties:

    <destination id="samplesProxy">
        <channels>
            <channel ref="samples-amf"/>
        </channels>

        <properties>
            <url>
                http://someserver/SecureService.jsp
            </url>
            <remote-username>johndoe</remote-username>
            <remote-password>opensaysme</remote-password>
        </properties>
    </destination>
...

Flex 2.01

Take a survey