service-config.xml
<security>
<security-constraint id="basic-read-access" >
<auth-method>Custom</auth-method>
<roles>
<role>ROLE_USER</role>
<role>ROLE_ADMIN</role>
</roles>
</security-constraint>
<login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
</security>
flex-servlet.xml
<flex:message-broker >
<flex:remoting-service default-channels="my-amf" />
<flex:secured per-client-authentication="true" >
<flex:secured-channel access="ROLE_USER" channel="my-amf"/>
</flex:secured>
</flex:message-broker>
srping-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http entry-point-ref="entryPoint">
<anonymous enabled="false"/>
</http>
<beans:bean id="entryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
flex登录
var myChannelSet:ChannelSet = ServerConfig.getChannelSet(messageServiceRO.destination);
var token:AsyncToken = myChannelSet.login(userName,password);
token.addResponder(
new AsyncResponder(
function(event:ResultEvent, token:Object = null):void {
if (event.result.authorities.indexOf("ROLE_ADMIN") >= 0) {
Alert.show("Admin登录成功!");
} else {
Alert.show("User登录成功!");
}
PopUpManager.removePopUp(_this);
},
function(event:FaultEvent, token:Object = null):void {
Alert.show("Login Failed: "+event.fault.faultString);
}
)
);