| Using Flash Remoting MX |
|
|
Using Flash Remoting MX with ColdFusion MX |
|
| Using Flash Remoting MX |
|
|
Using Flash Remoting MX with ColdFusion MX |
|
You can control access to ColdFusion files from Flash using the ColdFusion security mechanism in the same way that you control access to any ColdFusion page. This allows you to grant Flash application access to only selected ColdFusion code.
ColdFusion security is based on a username and password. Flash Remoting applications can pass the username and password information using the setCredentials function in ActionScript. From within your ColdFusion Application.cfm page, you can use the cflogin tag to access this information.
The following example passes a username and password to ColdFusion:
if (inited == null)
{
inited = true;
NetServices.setDefaultGatewayUrl("http://localhost/flashservices/gateway");
gatewayConnection = NetServices.createGatewayConnection();
gatewayConnection.setCredentials("bob","password");
myService = gatewayConnection.getService("securityTest.thecfc", this);
}
Note: Typically, you do not hard-code a username and password within a Flash application because .swf files can be easily decompiled.
You use the cflogin tag to retrieve the username and password information, as the following example Application.cfm file shows:
<cfsilent>
<cflogin>
<cfif isDefined("cflogin")
<!--- Verify user name from cflogin.name and password from cflogin.password
using your authentication mechanism. For example, you might store this information in an LDAP database. --->
>
<cfif cflogin.name eq "bob">
<!--- In this example, bob is in the role of administrator. Typically, you store user roles with authentication information. --->
<cfloginuser name="#cflogin.name#" password="#cflogin.password#"
roles="Admin">
</cfif>
</cflogin>
</cfsilent>
This example does not show how to perform user verification. For more information on verification, see Developing ColdFusion MX Applications with CFML.
ColdFusion components offer roles-based security. The following example creates a component method that deletes files:
<cfcomponent>
<cffunction name="deleteFile" access="remote" roles="admin,manager">
<cfargument name="filepath" required="yes">
<cffile action="DELETE" file=#arguments.filepath#>
</cffunction>
</cfcomponent>
In the example, the cffunction tag includes the roles attribute to specify the user roles allowed to access it. In this example, only users in the admin and manager role can access the function. Multiple roles are delimited with a comma.
In the Application.cfm file, you use the cfloginuser tag to log in the user and assign the user to a role. The user must be assigned to the correct role to access the component function. For more information on roles, see Developing ColdFusion MX Applications with CFML.
|
|
Send me an e-mail when comments are added to this page | Comment Report
Current page: http://livedocs.adobe.com/flashremoting/mx/Using_Flash_Remoting_MX/usingFRCF6.htm