Return-Path: 
 <users-return-5022-apmail-flex-users-archive=flex.apache.org@flex.apache.org>
X-Original-To: apmail-flex-users-archive@www.apache.org
Delivered-To: apmail-flex-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1347F1046A
	for <apmail-flex-users-archive@www.apache.org>;
 Fri, 31 Jan 2014 12:24:20 +0000 (UTC)
Received: (qmail 67819 invoked by uid 500); 31 Jan 2014 12:24:19 -0000
Delivered-To: apmail-flex-users-archive@flex.apache.org
Received: (qmail 66899 invoked by uid 500); 31 Jan 2014 12:24:16 -0000
Mailing-List: contact users-help@flex.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@flex.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@flex.apache.org>
List-Post: <mailto:users@flex.apache.org>
List-Id: <users.flex.apache.org>
Reply-To: users@flex.apache.org
Delivered-To: mailing list users@flex.apache.org
Received: (qmail 66465 invoked by uid 99); 31 Jan 2014 12:24:12 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jan 2014 12:24:12 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of christofer.dutz@c-ware.de
 designates 213.199.154.77 as permitted sender)
Received: from [213.199.154.77] (HELO
 emea01-db3-obe.outbound.protection.outlook.com) (213.199.154.77)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jan 2014 12:24:07 +0000
Received: from DBXPR05MB237.eurprd05.prod.outlook.com (10.242.143.147) by
 DBXPR05MB238.eurprd05.prod.outlook.com (10.242.143.152) with Microsoft SMTP
 Server (TLS) id 15.0.868.8; Fri, 31 Jan 2014 12:23:43 +0000
Received: from DBXPR05MB237.eurprd05.prod.outlook.com ([169.254.7.102]) by
 DBXPR05MB237.eurprd05.prod.outlook.com ([169.254.7.102]) with mapi id
 15.00.0868.013; Fri, 31 Jan 2014 12:23:43 +0000
From: Christofer Dutz <christofer.dutz@c-ware.de>
To: "users@flex.apache.org" <users@flex.apache.org>
Subject: AW: How to securing Apache Flex / GraniteDS Apps with Spring
 security
Thread-Topic: How to securing Apache Flex / GraniteDS Apps with Spring
 security
Thread-Index: AQHPHnTGk/HBNw+BcEKalAQQuNR4GpqewHSn
Date: Fri, 31 Jan 2014 12:23:42 +0000
Message-ID: 
 <8b02a2c35b324806ab15610016957171@DBXPR05MB237.eurprd05.prod.outlook.com>
References: 
 <CAJFLjkN_7Tn+9W-RMZK6Qm2d2k4vtD5H0H-+_Br_RvY1dFR8oQ@mail.gmail.com>
	<d61670edaeb55ab70479930fced76849.squirrel@webmail.mobytech.it>
	<5bfb4df0f3c0496d9e4fa1d1660d3a7b@DBXPR05MB237.eurprd05.prod.outlook.com>,<CAGw=_txsak9+8DLDx7BvWkvHeF+WSO1_qHYfsVyzu7UebKkcxA@mail.gmail.com>
In-Reply-To: 
 <CAGw=_txsak9+8DLDx7BvWkvHeF+WSO1_qHYfsVyzu7UebKkcxA@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [193.99.42.56]
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: 
 SFV:NSPM;SFS:(10009001)(6009001)(51704005)(53754006)(377454003)(24454002)(43544003)(189002)(199002)(63696002)(51856001)(53806001)(54356001)(87936001)(74366001)(46102001)(2656002)(66066001)(65816001)(75402002)(92566001)(59766001)(77982001)(74316001)(85306002)(76576001)(54316002)(56776001)(74482001)(47446002)(74662001)(31966008)(19580395003)(74706001)(76786001)(19580405001)(83322001)(76796001)(74876001)(33646001)(79102001)(80976001)(15202345003)(77096001)(94946001)(15975445006)(83072002)(94316002)(69226001)(49866001)(50986001)(47976001)(47736001)(56816005)(93516002)(90146001)(85852003)(87266001)(4396001)(81816001)(81686001)(81342001)(86362001)(81542001)(93136001)(24736002);DIR:OUT;SFP:1101;SCL:1;SRVR:DBXPR05MB238;H:DBXPR05MB237.eurprd05.prod.outlook.com;CLIP:193.99.42.56;FPR:EC87F1A4.AAE3C0E0.BBF11174.6ECFB7F.20407;InfoNoRecordsMX:1;A:1;LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: c-ware.de
X-Virus-Checked: Checked by ClamAV on apache.org

Hmmm ... well I can't really confirm this. It's a one-time Setup cost you h=
ave to pay, =0A=
but then you can reuse that Setup as often as you want. I develop my applic=
ation in pure Java=0A=
and have my maven build generate the ActionScript model from that. Now all =
I have to do =0A=
is simply use the classes that were generated by my build. =0A=
=0A=
But as Long as you are developing web applications you will allways have mo=
re than pure-Java =0A=
(Ok ... If you were creating Java Applets this wouln't be the case). I real=
ly like to be able to run/debug/Profile =0A=
the real Thing and not have shiploads of Tools having to hide the Details o=
f serious Framework hackery from me.=0A=
For me GWT is by far the most insane approach.=0A=
=0A=
Chris=0A=
=0A=
________________________________________=0A=
Von: Alain Ekambi <jazzmatadazz@gmail.com>=0A=
Gesendet: Freitag, 31. Januar 2014 12:07=0A=
An: users@flex.apache.org=0A=
Betreff: Re: How to securing Apache Flex / GraniteDS Apps with Spring secur=
ity=0A=
=0A=
Thats another reason why we went away from actionscript based flex=0A=
Development and leverage Java in the entire Stack. With actionscript there=
=0A=
are just too Many moving pieces=0A=
=0A=
Am Freitag, 31. Januar 2014 schrieb Christofer Dutz :=0A=
=0A=
> Hi Giuseppe,=0A=
>=0A=
> I think this explains how to secure the Connection, but not how to=0A=
> integrate the security mechanism of graniteds with that of spring-securit=
y.=0A=
> When integrating GraniteDs with Sprin-Security I would expect=0A=
> Login-attemts to GraniteDS to utilize the Authentication components of=0A=
> SpringSecurity and whenever a Service is called from Flex, that=0A=
> SpringSecurity will handle the permissions to execute that Service while=
=0A=
> GraniteDS will take care of securing the Connection itself.=0A=
>=0A=
> Chris=0A=
>=0A=
> ________________________________________=0A=
> Von: Giuseppe Romano <giuseppe.romano@mobytech.it <javascript:;>>=0A=
> Gesendet: Freitag, 31. Januar 2014 11:28=0A=
> An: users@flex.apache.org <javascript:;>=0A=
> Betreff: Re: How to securing Apache Flex / GraniteDS Apps with Spring=0A=
>  security=0A=
>=0A=
> Hi Massimo,=0A=
>=0A=
> look at=0A=
> http://www.granitedataservices.com/public/docs/3.0.1/docs/reference/flex/=
graniteds-refguide-flex.html#remoting.security=0A=
>=0A=
> In that chapter is explained step-by-step how to setup the security=0A=
> environment.=0A=
>=0A=
> --=0A=
> Giuseppe Romano=0A=
> Skype name: giuseppe.romano.80=0A=
> Mobile: +39 3404900103=0A=
>=0A=
> On Fri, January 31, 2014 11:11 am, Massimo Perani wrote:=0A=
> Hi all,=0A=
> I built a Flex app (mobile & desktop) that calls a backend built in Sprin=
g=0A=
> and use GraniteDS to expose services.=0A=
>=0A=
> Now I'm trying to secure my services with Spring Security but I can't fin=
d=0A=
> a good example about it.=0A=
>=0A=
>=0A=
> I already exposed my services to other external application with SpringMV=
C=0A=
> (rest/json)=0A=
> there I used spring security with custom filter to check for a token in=
=0A=
> http header, but I can't use the same filter with GraniteDS servlet becau=
se=0A=
> from client side (Flex app) I can't set parameters into http header with=
=0A=
> GraniteDS...=0A=
>=0A=
> Can you give some advice about with type of authentication (basic, digest=
,=0A=
> custom...) to use and give me some good tutorial=0A=
> about securing Apache Flex application with GraniteDS?=0A=
>=0A=
> Thanks so much.=0A=
> Massimo=0A=
>=0A=
>=0A=
>=0A=
>=0A=