Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Separating Flex apps from JSP pages

Avatar

Level 3

I'm using the Correspondence Management SA and I'd like to have my  own SSO for the ManageTemplates application to completely remove it from  the surrounding jsp wrapper.  However, I noticed that when the Manage  Templates application starts, it uses the SSO created by the Finance  Corp page and loads the user once the FlexConfiguration is successfully  loaded, without needing to suppy any credentials within the Flex app  itself.  I've created a ViewStack that now contains a LoginView as well  as the AssetManagerView, to enable the enterting of credentials.  But if  I log in with 'grios' in the jsp, then login with 'clopez' in my Flex  login view, send the 'clopez' username and password to LC, and receive a  com.adobe.icc.services.user.UserEvent.AUTHENTICATION_SUCCESS event, the  login works, but the userManager.currentUser is still 'grios' and not  'clopez' as is expected.  I've tried using a logout on the Flex init,  but to no avail.

I've also tried adding the Flex app URL directly in the  URLRegistryBootstrapper.java file, as well as commenting out the  securityFilter filter mapping in web.xml to prevent the redirect and  enable the flex application to run without the jsp login.  The flex app  then runs immediately, however the loading of the FlexConfiguration  fails, which means that the application cannot run. So it seems that the  flex app is tightly woven to the calling jsp, but I can't see any  references to this link.

Does anyone know the best way to remove the Flex application from  it's jsp wrapper, and have a stand alone Manage Templates Flex app?

Thanks,

Kristian

5 Replies

Avatar

Former Community Member

Hi Kristian,

In addition to removing the filter from web.xml, you will also have to make changes to the security-config.xml.

If you take a look at that file, the first set of lines in that XML will be having URL interceptors for the application. Something like...

<sec:http ...

   <sec:intercept-url pattern

    ....

    ....

    ....

</sec:http>

Depending upon which URLs you want to continue to keep secure, you will have to remove entries from this section of the XML. It is then that you will get rid of the JSP.

Also, having the view stack as you mentioned, before/above the actual Manage Templates application should produce a login screen, wherein you can get the user credentials and establish a login session. BTW, you could also use our ISSOManager, which you can retrieve using ServiceProvider.getUserService(), to perform the login operation given a username/password.

   

Avatar

Level 3

Hi Saket,

I've made the change to the security-config.xml file as suggested, and the Flex application loads without needing an external login.  However, I'm still having the problem of the application needing some kind of credentials before it can fully initialise.

Basically, I've made a new creationComplete function in index.mxml to load my LoginView and allow entering of user credentials via the userManager.  Nothing else is loaded, not the AssetManagerView, or anything else that was originally in the init() function.  I use userManager.login(username, password) to send the credentials to the LC server, and once I've received a UserEvent.AUTHENTICATION_SUCCESS, I call the original init() function to start the application in full, with my user logged in.  However, when I call userManager.login(username, password), I get the following error:

TypeError: Error #1009: Cannot access a property or method of a null object reference.
    at com.adobe.icc.services.user.providers::SSOManager/sendRequest()
    at com.adobe.icc.services.user.providers::SSOManager/login()
    at com.adobe.icc.services.user.providers::UserManager/login()
    at au.com.kristian.views::LoginView/loginHandler()
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at mx.core::UIComponent/dispatchEvent()
    at au.com.kristian.components::Login/login()
    at au.com.kristian.components::Login/validateLogin()
    at au.com.kristian.components::Login/loginButtonClickHandler()
    at au.com.kristian.components::Login/__loginButton_click()
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at mx.core::UIComponent/dispatchEvent()
    at au.com.kristian.components::Login/keyPressHandler()

Digging into the SSOManager code, I'm suspecting that it's the reference to SSOManager.loginURL that is null, which is causing the issue.  I can't be certain, since I'm unable to set this property to test this theory.

I thought that perhaps loading the FlexConfiguration before logging in would set this property (due to the fact that once the config is loaded, that's when the user object is loaded without inputting any username/password in the default Flex app), but when I try to load the config, it fails with the following trace line:

failed to load flex config: [RPC Fault faultString="Send failed" faultCode="Client.Error.MessageSend" faultDetail="Channel.Security.Error error Error #2048: Security sandbox violation: http://localhost:8080/myapplication/assetmanager/index.swf cannot load data from https://localhost:8080/myapplication/messagebroker/amfsecure. url: 'https://localhost:8080/myapplication/messagebroker/amfsecure'"]

Since the FlexConfig cannot load, the application cannot continue.  I understand the concepts of sandbox violations, but I think this error is not 100% representative of the true problem, since when using the JSP wrapper and the original initialization flow, there is never any sandbox violation.

So it seems there is still a piece of the puzzle missing here...

K.

Avatar

Level 1

Can you provide a little more instruction on this front?

We have developed an implementation using ISSOManager. The following code is executed during application initialisation:

userManager = ServiceProvider.getUserService(  );

var configService: IConfigService = ServiceProvider.getConfigService(  );

configService.loadFlexConfig().addHandlers

     (

          function(event:ResultEvent):void

          {

               flexConfig = event.result as FlexConfiguration;

               userManager.flexConfig = flexConfig;

          },

          function ( event: FaultEvent ): void

          {

          }

     );

After the user has entered their credentials, the following calls are made:

userManager.addEventListener( UserEvent.AUTHENTICATION_SUCCESS,

          function ( event: UserEvent )

          {

          }

     );

userManager.login( username, password );

However, calling login() fails. If the system configuration loginMode (adobe-acm-webmodules-9.5.0.0.20101001.1.170840.jar/META-INF/spring/module.properties) is set to 'sso' then the UserEvent.AUTHENTICATION_SUCCESS gets fired, but subsequent RemoteObject calls fail due to a lack of authentication. If loginMode is set to 'basic', then the following error is raised:

{icc} info    [com.adobe.icc.services.user.providers::SSOManager/sendRequest]@15:21:44 > [SSOmanager] Contacting [http://localhost:8080/cmsa/j_spring_security_check]
{icc} info    [com.adobe.icc.services.user.providers::UserManager/authFaultHandler]@15:21:44 > authFaultHandler:[Event type="authenticationFault" bubbles=true cancelable=false eventPhase=2]

Avatar

Level 3

Hi Tim,

Have you had any luck with this? I'm still yet to successfully separate the two...  If you come across anything, please let me know!!

Thanks,

K.

Avatar

Level 3

Hello,

I've made some progress on the separation, but I'm running into some new issues.

If I load the Manage Templates app in a clean browser window (all cookies, active logins etc cleared), the app loads and starts without a problem, and the flex config loads successfully.  After entering my login details in my own custom login view, these get sent to the server, authenticated, and I get a UserEvent.AUTHENTICATION_SUCCESS event.  On capturing this event, I call userManager.loadUser().  From there I get the following fault event:

[FaultEvent fault=[RPC Fault faultString="There was an unhandled failure on the server. The FlexSession is invalid." faultCode="Server.Processing" faultDetail="null"] messageId="8C8F187B-1C0E-5D5C-3E28-94EAB5FE5605" type="userLoadError" bubbles=true cancelable=true eventPhase=2]

and a popup saying 'Server.Processing'.  But a few milliseconds after this, I get a UserEvent.LOAD_USER_COMPLETE event, and the user is successfully loaded.  After clicking the alert box away, everything seems to be functioning normally.

So I guess my first question is why would I get both a 'userLoadError' and a UserEvent.LOAD_USER_COMPLETE event when loading the user?  I could simpy not capture the userLoadError, but then I won't know if something really does go wrong.

If I then logout and log back in (with the same username/password), I don't ever get the userLoadError event again, but I now get 2 UserEvent.LOAD_USER_COMPLETE events thrown.  No matter how many times I log in and out now with the same user, 2 events are always thrown.  This is not really a big issue as far as I can tell - just putting it out there.

What IS a problem, is that when I logout and try to log in with a different username and password, I see that the new username and password is sent for authentication, I receive a UserEvent.AUTHENTICATION_SUCCESS event as expected, and try and load the user, but the first user I logged in with is always returned (twice) with the UserEvent.LOAD_USER_COMPLETE events.


No matter what credentials I put in now, only the first user is returned.  So it seems that the userManager.logout() functionality is not completely logging out the user from the session, even though I get a UserEvent.LOGOUT_COMPLETE before showing the login view and trying with the new user details.  This was also happening to me before I managed to completely separate the flex app from the jsp, so I don't think it's specifically related to the separation.

And the last bit of strange behaviour I'm coming across is when I close the browser tab and restart the application without clearing the cookies from the past session.  If there are session cookies in the browser, the flex config never loads (and therefore that application cannot run), returning the following error after hitting some kind of time out:


failed to load flex config:
[RPC Fault faultString="Send failed" faultCode="Client.Error.MessageSend" faultDetail="Channel.Security.Error error Error #2048: Security sandbox violation: http://localhost:8080/myproject/assetmanager/index.swf cannot load data from https://localhost:8080/myproject/messagebroker/amfsecure. url: 'https://localhost:8080/myproject/messagebroker/amfsecure'"]

This only happens if there's a previous session cookie in the browser, never on a clean run.  But as mentioned in my previous post, I don't believe that there actually is a sandbox violation, as then it would happen every time.  The only way to get around this is to clear my cookies, reload the application, and then I'm back to the start of this thread!!


Can anyone shed any light on the behaviour happening here??

Cheers,
K.