Manualshelf

Specifications

ManualsBrandsApache ManualsGadgetsMP3-341
41424344454647484950
41ADOBE FLEX 3
Building and Deploying Adobe Flex 3 Applications
Loading local assets
In some cases, your SWF file might load assets that reside on the clients local file system. This typically happens
when the Flex application is embedded on the client device and loaded from a network. If the application is
allowed to access local assets, it cannot access network assets.
To ensure that a Flex application can access assets in the local sandbox, the application must be in the local-with-
filesystem or local-trusted sandbox. To ensure this, you set the
use-network compiler option to false when you
compile the application. The default value of this option is
true.
When you load another SWF file that is in the local file system into your application with a class such as
SWFLoader, and you want to call methods or access properties of that SWF file, you do not need to explicitly
enable cross-scripting.
If the SWF files are in different sandboxes (for example, you loaded the main SWF file into the local-with-network
sandbox, but loaded the asset SWF file from the network), you cannot cross-script because they are in different
sandboxes. Remote SWF files cannot load local SWF files, and vice versa.
Using J2EE authentication
Flex applications integrates well with any server environment, including J2EE. To effectively implement secure
web applications in a J2EE environment, you should understand the following concepts:
Authentication The process of gathering user credentials (user name and password) and validating them in the
system. This requires checking the credentials against a user repository such as a database, flat file, or LDAP
implementation, and authenticating that the user is who they say they are.
Authorization The process of making sure that the authenticated user is allowed to view or access a given
resource. If a user is not authorized to view a resource, the container does not allow access.
Using container-based authentication
J2EE uses the Java Authentication and Authorization Service (JAAS), Java security manager, and policy files to
enforce access controls on users and ties this enforcement to web server roles. The authenticating mechanism is
role based. That is, all users who access a web application are assigned to one or more roles. Example roles are
manager, developer, and customer.
Application developers can assign usage roles to a web application, or to individual resources that make up the
application. Before a user is granted access to a web application resource, the container ensures that the user is
identified (logged in) and that the user is assigned to a role that has access to the resource. Any unauthorized
access of a web application results in an HTTP 401 (Unauthorized) status code.