security - Flex Blaze DS not passing OpenSSO authentication cookie? -

-

I have a set of custom web services These services have been protected by the OpenSSO on a Glassfish server when I open a browser I try to call up the Restime services directly, the OpenSSO prevents the request, then after requesting the user's credentials, the request for the reest service requests. The OpenSSO uses a session cookie on next requests (unless the session is invalid) I'm sure the piece is working properly.

We want to call these services from a Flex client to enable PUT and DELETE operations, we set up the blaze to proxy the lush requests for the REST service from the Flex client. When the security of rental services is disabled, this piece works great.

We are now trying to secure the entire application. We have kept Flex SWF in war and deployed glassfish. We have kept security around this resource and when a user tries to download SWF (via an HTML link in the war), then OpenSSO prevents the request, after which the application on successful authorization (such as the restime web For services).

The problem is - the cool calls made through the Flex application (via BlazeDS) are unsuccessful. The OpenSSO seems to hide these requests in the middle and then asking users for credentials. It does not seem that authentication cookies are being passed by Blazads Proxy (or perhaps).

How can I use the returned cookies from the original SSO authorization request and Blazads make them a restful web service?

Use firebug or any HTTP proxy to check for the following things -

< Ol>
  • Are there flames server and webserver on the same domain? If not, then the browser will not send cookies to the server to fire.
  • Is there two servers on the same server but different ports? Different browsers are considered to violate the same basic policy by some browsers, and the cookie will not be sent to the server.
  • What is the path set in the SSO cookie? If this is set to a specific path, then the browser will not send cookies to flames.

    • If the browser is sending a SSO cookie, then the SSO server can help you with additional details about yourself.


    Comments

    Post a Comment

    Popular posts from this blog

    windows - Heroku throws SQLITE3 Read only exception -

    -
    After I deploy the app to Heroku, I have to run migration scripts and get this error message ... ITES \ padrino \ prophetmargin & gt; Heroku Rack AR: Rack mutated! SQLite3 :: ReadOnlyException: only one try to write database to read: CREATE TABLE "schema_migrations" ( "version" varchar (255) NOT NULL) /disk1/home/slugs/215264_925fd2c_65a3/mnt/.bundle/gems/gems/ padrino-core- is 0.9.11 / lib / padrino-core / cli / rake.rb: 9: in `init ' how can this be? I also tried to run Heroku dbpush SQLite: //db/my-db.db and that did not work Horoku sqlite3 but using postgres does not do. I'm not sure why you are receiving this error, however, as I have used sqlite3 in development and when pushing it into its travel, they do some magic which migrates to postgrads. I'm absolutely sure how Heroku does 'backwash' this database but it seems that this is happening to you because it's the SQLite db file which is obviously due to Heroku's...
    Read more

    lex - Building a lexical Analyzer in Java -

    -
    I am currently learning lexical analysis in compiler design. To know how a lexical analyzer actually works, I am trying to build myself. I am planning to make it in Java The input to the lexical analyzer is a .tex file that is of the following format. \ section {script} {intro} \ section {Scope} arbitrary text \ section {relevance} uncontrolled text \ subdivision (profit) arbitrary text \ subsubsection {in real life} \ subdivision {Ingredient} \ end {document} The output of the lecture may be a table of contents with a page number in another file. 1 Introduction 1 1.1 Scope 1 1.2 Relevance 2 1.2.1 Benefits 2 1.2.1.1 Real life 2 1.2.2 loss 3 I hope that This problem is within the scope of Language Analysis Read the .exe file and check '\' and continue to check whether it is actually on search In the sectioning command is set to indicate whether or not a flag variable is the type of sectioning. I hope the above approach will work for the construction of Lexa...
    Read more

    python - rename keys in a dictionary -

    -
    I want to change the names of keys in a dictionary which are ints, and I need them so that the inputs with key zero They can sort correctly. For example, my keys are like this: '1', '101', '11' and I may need them: '001', '101', '011' What is doing, but I know that there is a better way tmpDict = {} in the ADC for the old: t MpDict ['% 04d'% int (olden)] = addict [oldkey] New controlled = tmpDict You are going wrong about this if you want to draw entries on a line in a specific way, then you have to sort on the extraction. for sorted (D, key = int): print '% s:% R'% (k, d [k])
    Read more