Hello,
I am following the steps mentioned in LCDS guide on setting up Tomcat (6.0.33) login. The configuration file details are mentioned below... Based on that, my observation is that the user "tomcat" and "rupak" can login successfully. However the remotingService called AdminControlService has security constraint of trustedAdmin and the user rupak or tomcat dont have the roles of twsadmin but the login is successful on amfChannel for these users while I expect it to fail because of the security constraint of trustedAdmin associated with it.. The security constraint trustedAdmin only defines roles for twsadmin so ideally any user that does not have this role should fail login. What am I missing?
thanks
Rupak
tomcat-users.xml
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="twsadmin"/>
<role rolename="twsuser"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="rupak" password="pwd123" roles="twsuser"/>
</tomcat-users>
services-config.xml
<services-config>
<security>
<login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
<security-constraint id="trustedAdmin">
<auth-method>Custom</auth-method>
<roles>
<role>twsadmin</role>
</roles>
</security-constraint>
<security-constraint id="trustedUser">
<auth-method>Custom</auth-method>
<roles>
<role>twsuser</role>
</roles>
</security-constraint>
</security>
<services>
<service id="AdvancedMessagingSupport" class="flex.messaging.services.AdvancedMessagingSupport">
<default-security-constraint ref="trustedUser"/>
</service>
<service-include file-path="remoting-config.xml" />
<service-include file-path="proxy-config.xml" />
<service-include file-path="messaging-config.xml" />
<service-include file-path="data-management-config.xml" />
<service class="fiber.data.services.ModelDeploymentService" id="model-deploy-service">
<!--default-security-constraint ref="trustedUser"/-->
</service>
<default-channels>
<channel ref="my-rtmp"/>
</default-channels>
</services>
...
...
</services-config>
remoting-config.xml
<service id="remoting-service"
class="flex.messaging.services.RemotingService">
<adapters>
<adapter-definition id="java-object" class="flex.messaging.services.remoting.adapters.JavaAdapter" default="true"/>
</adapters>
<default-channels>
<channel ref="my-amf"/>
</default-channels>
<destination id="AdminControlService">
<properties>
<source>com.foo.myClassName</source>
<scope>application</scope>
</properties>
<security>
<security-constraint ref="trustedAdmin"/>
</security>
</destination>
</service>
mxml & ActionScript
<fx:Declarations>
<s:RemoteObject id="adminService"
destination="AdminControlService"
requestTimeout="0"
fault="adminFaultHandler(event)"
result="adminResultHandler(event)">
</s:RemoteObject>
.....
......
RTMPURL=http://<ip>:<RTMPport>
AMFURL = http://<ip>:<HTTPport>/MyServer/messagebroker/amf
rtmpChannel.addChannel(new RTMPChannel"CustomRTMP", RTMPURL));
adminService.channelSet = amfChannel;
...
...
private function login(username:String, password:String):void
{
//login to RTMP channel
if(rtmpChannel.authenticated == false){
token = rtmpChannel.login(username, password);
token.addResponder(new AsyncResponder(RTMPLoginResultEvent, RTMPLoginFaultEvent));
}
if (amfChannel.authenticated == false)
{
}
}