Flex Messaging Security

2019-04-15 17:05发布

I'm trying to create a module for a flex application, and I want to send notifications to clients. I've been looking at the BlazeDS messaging service to push out the notifications to clients, but I want to be able to send certain updates to certain clients. The Flex notification framework doesn't seem to allow this - if we have a field in the message with a value of the user's user id for example, any client could theoretically subscribe to all messages for any given user id, and there's no verification on the server side to make sure that the client that has subscribed is logged in as that user id.

Is there something I've missed here, or is the best way to handle this writing my own polling mechanism on the client side?

2条回答
够拽才男人
2楼-- · 2019-04-15 17:28

You can use subtopics for this as long as you disable wildcard subscriptions.

查看更多
趁早两清
3楼-- · 2019-04-15 17:42

There is indeed a solution for this in the APIs. The first step is to write a class which extends the FlexClientOutboundQueueProcessor class. You need to override one method:

public void add(List outboundQueue, Message message);

Basically all you need to do is write some logic to determine whether you should make the following call:

outboundQueue.add(message)

Simply put, if you don't add the message to the queue, then the message won't be pushed to the client. The other important method in this class is:

FlexClient getFlexClient()

Which you can use to get the associated FlexSession and ultimately the authentication information that presumably exists in your app.

Once this is done, you just need to register the processor with the appropriate channels. Simply add this element within the "properties" element of the "channel-definition" element:

<flex-client-outbound-queue-processor class="com.foo.YourProcessor"/>

I believe you can also specify a nested "properties" element for the queue processor but I don't believe it's required.

查看更多
登录 后发表回答