You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@royale.apache.org by Christofer Dutz <ch...@c-ware.de> on 2020/08/19 07:37:30 UTC
Royale <--> BLazeDS <--> SpringSecutiry
Hi folks.
So I’m currently porting my old Flex-Based framework to Royale and making some progress.
While at it I’m also updating my Spring-based backend to the latest changes in Spring, SpringBoot and SpringSecutiry.
A lot of things have become a lot simpler and most of the obstacles I had to jump 8 years ago seem to have been solved :-)
One thing I’m currently having a little trouble with is:
I create a ChannelSet in my Royale application and connect to BlazeDS without any trouble.
As soon as I login on the channel set, I managed to link BlazeDS and SpringSecutiry to I correctly login in SpringSecurity.
Problem is, as soon as you log in to SpringSecutiry, this creates a new http-session and invalidates the old one.
Now as soon as I try to do something after logging in, I get a “DuplicateSession” error as the FlexClient is now tied to two sessions.
Have you had the same problem and what was your solution to it? I don’t want to tell SpringSecurity not to create a new session as this actually makes a lot of sense from a security perspective.
Chris
Re: Royale <--> BLazeDS <--> SpringSecutiry
Posted by Carlos Rovira <ca...@apache.org>.
Hi Chris (and others),
reaching late to this thread. Just to confirm: Our first Royale App
migrated from Flex was using Spring + Spring Security + Spring Flex
Integration. We were able to migrate and the good news was we were able to
do without changing a single line in Java or Spring configuration, so the
backend was untouched just to add the new Royale app side by side with the
Flex one and be authorized by Spring Security :)
El mié., 19 ago. 2020 a las 10:18, Christofer Dutz (<
christofer.dutz@c-ware.de>) escribió:
> Hi folks,
>
> I think I made some progress ... I did debug the server side and the
> problem wasn't the SpringSecutiry or the Royale configuration.
> I was using a Chrome with all security disabled to allow communicating
> from a "file://" url to a "http://" url to simplify debugging.
> If you do this no Cookies are used (which totally makes sense) and
> therefore for every request a new session is generated.
>
> If I run the application in a normal chrome from "http://localhost:8080"
> it seems everything works nicely.
>
> Now I have to find out how I can simplify my development workflow :-/
>
> Chris
>
>
> Am 19.08.20, 09:37 schrieb "Christofer Dutz" <ch...@c-ware.de>:
>
> Hi folks.
>
> So I’m currently porting my old Flex-Based framework to Royale and
> making some progress.
> While at it I’m also updating my Spring-based backend to the latest
> changes in Spring, SpringBoot and SpringSecutiry.
> A lot of things have become a lot simpler and most of the obstacles I
> had to jump 8 years ago seem to have been solved :-)
>
> One thing I’m currently having a little trouble with is:
> I create a ChannelSet in my Royale application and connect to BlazeDS
> without any trouble.
> As soon as I login on the channel set, I managed to link BlazeDS and
> SpringSecutiry to I correctly login in SpringSecurity.
> Problem is, as soon as you log in to SpringSecutiry, this creates a
> new http-session and invalidates the old one.
> Now as soon as I try to do something after logging in, I get a
> “DuplicateSession” error as the FlexClient is now tied to two sessions.
>
> Have you had the same problem and what was your solution to it? I
> don’t want to tell SpringSecurity not to create a new session as this
> actually makes a lot of sense from a security perspective.
>
> Chris
>
>
>
--
Carlos Rovira
http://about.me/carlosrovira
Re: Royale <--> BLazeDS <--> SpringSecutiry
Posted by Christofer Dutz <ch...@c-ware.de>.
Hi folks,
I think I made some progress ... I did debug the server side and the problem wasn't the SpringSecutiry or the Royale configuration.
I was using a Chrome with all security disabled to allow communicating from a "file://" url to a "http://" url to simplify debugging.
If you do this no Cookies are used (which totally makes sense) and therefore for every request a new session is generated.
If I run the application in a normal chrome from "http://localhost:8080" it seems everything works nicely.
Now I have to find out how I can simplify my development workflow :-/
Chris
Am 19.08.20, 09:37 schrieb "Christofer Dutz" <ch...@c-ware.de>:
Hi folks.
So I’m currently porting my old Flex-Based framework to Royale and making some progress.
While at it I’m also updating my Spring-based backend to the latest changes in Spring, SpringBoot and SpringSecutiry.
A lot of things have become a lot simpler and most of the obstacles I had to jump 8 years ago seem to have been solved :-)
One thing I’m currently having a little trouble with is:
I create a ChannelSet in my Royale application and connect to BlazeDS without any trouble.
As soon as I login on the channel set, I managed to link BlazeDS and SpringSecutiry to I correctly login in SpringSecurity.
Problem is, as soon as you log in to SpringSecutiry, this creates a new http-session and invalidates the old one.
Now as soon as I try to do something after logging in, I get a “DuplicateSession” error as the FlexClient is now tied to two sessions.
Have you had the same problem and what was your solution to it? I don’t want to tell SpringSecurity not to create a new session as this actually makes a lot of sense from a security perspective.
Chris