Flex 2 Developer's Guide > Data Access and Interconnectivity > Configuring Data Services > Securing destinations > Basic authentication

Basic authentication

Basic authentication relies on standard J2EE basic authentication from the web application container. To use this form of authentication, you secure a resource, such as a URL, in the web application's web.xml file. When you use basic authentication to secure access to destinations, you usually secure the endpoints of the channels that the destinations use in the web.xml file. You then configure the destination to access the secured resource in order to be challenged for a user name (principal) and password (credentials). The web browser performs the challenge, which happens independently of Flex. The web application container authenticates the user's credentials.

The following example shows a configuration for a secured channel endpoint in a web.xml file:

...
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Channel</web-resource-name>
 
        <url-pattern>/messagebroker/amf</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
 
    <auth-constraint>
        <role-name>sampleusers</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
 
<security-role>
    <role-name>sampleusers</role-name>
</security-role>
...

When users successfully log in, they remain logged in until the browser is closed. When applying a basic authentication security constraint to a destination, Flex checks that there is a currently authenticated principal before routing any messages to the destination. Even when there is a currently authenticated principal, you should perform custom authorization for the principal. You enable custom authorization by specifying roles in the destination's security constraint definition. The roles referenced in the web.xml file and in the security constraints that are defined in Flex Data Services configuration files are all defined in the application server's user store.

NOTE

 

How you define users and roles is specific to your application server. For example, by default, you define Adobe JRun users and roles in the servers/server_name/SERVER-INF/jrun-users.xml file.

The following example shows a security constraint definition that specifies roles for authorization:

<security-constraint id="privileged-users">
    <auth-method>Basic</auth-method>
    <roles>
        <role>privilegedusers</role>
        <role>admins</role>
    </roles>
</security-constraint>

Flex 2.01

Take a survey