Community
Select to view content in your preferred language

@Robert's 2009 post token security

1482
13
08-18-2011 06:16 AM
SaugatJoshi
by
Deactivated User
‎08-18-2011 06:16 AM
Hi Robert,

Is there a way I can change this to flex viewer 2.3.1. I am looking for something like you mentioned in your post http://forums.esri.com/Thread.asp?c=158&f=2421&t=280353

What I have done ..
1.Removed token tag from config.xml completely.
2. Received token from the Arcgis server in init() function of Mapmanager.mxml using httpservice.
3. Used it in the case "dynamic": of mapmanager.mxml as dynlayer.token=received token.
4.On these steps I cannot see the mapservice in the first place. When I refresh, I see the service working (through Fiddler), also in TOC, but cannot see the map. Again does not work for any other browser than IE.

I saw your post in 2009 relating similar issue.Below is your suggestion.How can I translate this to flex viewer 2.3.1

//In the Config.xml for each secured map service add
token="x"

//In the ConfigManager.as look for the
    //================================================ 
    //map
//section and add
     var msToken:String = mapserviceList.@token;
//right above 'var msLabel:String = mapserviceList.@label;'
//then replace
     var mapservice:Object = 
     {
      label: msLabel,
      type: msType,
      visible: msVisible,
      alpha: msAlpha,
      url: msURL
     }
//with
     var mapservice:Object = 
     {
      label: msLabel,
      type: msType,
      visible: msVisible,
      alpha: msAlpha,
      url: msURL,
      token: msToken
     }

//Now in MapManger look for 'for (i = 0; i < configData.configMap.length; i++)'
//and add
           var token:String = configData.configMap.token;
//to the list of vars

//Then look for case "tiled": and add 

       if(token)
        tiledlayer.token = token;
//before 'map.addLayer(tiledlayer);'

//Then look for case "dynamic": and add 

       if(token)
        dynlayer.token = token;
//before 'map.addLayer(dynlayer);'
//That should do it.


Really appreciate your feedback.

Thank you.
Tags (2)
0 Kudos
13 Replies
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎08-18-2011 06:36 AM
Saugat,

   That post was for back in the days when you could not have the token in the config.xml as it is now. I don't think it has any application to what you are doing. Have you checked to see what the token you are receiving looks like using a trace or alert?
0 Kudos
SaugatJoshi
by
Deactivated User
‎08-18-2011 07:41 AM
Yes Robert,

I make a httpservice call to a jsp page, which returns me with a xml as follows: 

<Project>
  <tittle>DRAFT map</tittle> 
  <type>EALP</type> 
  <id>103371,101400</id> 
   <ip>192.168.*.*</ip> 
  <token>V1duPcHY9JIdfdfdfwqiakdtef,lfAqqw4OGhuWi774rySvM</token> 
  </Project>


I take the token and recive it successsfully in mapmanager.xml as 

public function resultHandler1(event:ResultEvent):void {
    
    title=(event.result.Project.tittle.toString());            
    type=new String();
    type=(event.result.Project.type.toString());               
    id=new String();
    id=(event.result.Project.id.toString());         //id associated with  project
  
    
    Alert.show(id + type);
    idArr=ttidProj.split(",");
    idArrLen=ttidArr.length;
    
    secToken = new String();
    secToken=(event.result.Project.token.toString());
    Alert.show(secToken);

Then in case dynamic I call dynlayer as

case "dynamic":
                    {   
      
   var dynLayer:ArcGISDynamicMapServiceLayer = new ArcGISDynamicMapServiceLayer(url,null,secToken);
                      dynLayer.id = label;
                        dynLayer.name = label;
//I tried uncommenting the line blow and removed token parameter from from function above, all i get is similar result

                        //dynLayer.token = secToken;


                        dynLayer.visible = visible;
                        dynLayer.useMapTime = useMapTime;
      dynLayer.imageFormat="png24";
      defQuery = new Array();

When I use the token direcly in the config file it works fine. I am not able to figure out where I am going wrong.
0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎08-18-2011 07:46 AM
Saugat,

   I would bet that when you get to this code that the secToken is null still.

case "dynamic":
                    {   
                        
   var dynLayer:ArcGISDynamicMapServiceLayer = new ArcGISDynamicMapServiceLayer(url,null,secToken);
                      dynLayer.id = label;
                        dynLayer.name = label;
//I tried uncommenting the line blow and removed token parameter from from function above, all i get is similar result

                        //dynLayer.token = secToken;


                        dynLayer.visible = visible;
                        dynLayer.useMapTime = useMapTime;
                        dynLayer.imageFormat="png24";
                        defQuery = new Array();


Try to put an alert in there and see.
0 Kudos
SaugatJoshi
by
Deactivated User
‎08-18-2011 08:31 AM
Robert,
You are absolutely correct. For some reason the secToken is not available in the case:dynamic part of the code. It is null. What must be going wrong in here? When I refresh the browser I see the token though, also TOC is updated in refresh of browser but I still do not see the map.Thanks.
0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎08-18-2011 08:46 AM
Saugat,

   You have to some how ensure that your httpservice gets called and returns the async result before the layer is added to the map. This is probably not going to be easy... I would assume you are going to have to rework the MapManager a bit to check and see if the layer needs a token and if so run your little routine and after the token is gotten then add the layer to the map with the token. You have a bit of work ahead of you!
0 Kudos
SaugatJoshi
by
Deactivated User
‎08-18-2011 08:57 AM
Thanks Robert,

This explains a lot of unusual behavior I was seeing in the flex viewer. I also had some extent values that would only work after refresh.I think, I will start looking into that direction. One question, what if I replicate this process of tokens and other initialization values directly in ConfigManager.as...can this be a work around?

Thanks a lot.
0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎08-18-2011 09:03 AM
Saugat,

   That is a good thought. It might work. I am just unsure that you can guarantee the async result will be back in time in every circumstance (i.e. heavy network traffic load).
0 Kudos
SaugatJoshi
by
Deactivated User
‎08-18-2011 09:11 AM
Thanks Robert,

Let me get started with this. Thank you again.
0 Kudos
SaugatJoshi
by
Deactivated User
‎08-22-2011 09:56 AM
Hi Robert,

I believe I have the async results, however I am having still some difficulty in initialize the app. Let me describe what I have done so far.

1. I have replicated similar process above in configManager.as.
2. I have the class as below for handling async result
package com.esri.viewer.managers {
 
 import mx.rpc.http.HTTPService;
 import mx.rpc.events.ResultEvent;
 
 
 
 public class RemoteService {
  private var remoteService : HTTPService = new HTTPService();
  
  function RemoteService() : void {
   remoteService = new HTTPService();
   remoteService.url = "http://localhost:8080/docs/ttid.xml";
   //remoteService.addEventListener(ResultEvent.RESULT, handleNextResult);
  }
  
  public function callServ(callback : Function) : void {
   // the listener on the result event will call the callback with the return value
   var listener : Function = function(event : ResultEvent) : void {
    remoteService.removeEventListener(ResultEvent.RESULT, listener);
    callback(remoteService.lastResult);
   }
   
   remoteService.addEventListener(ResultEvent.RESULT, listener);
   
   // do the actual call
   remoteService.send();
  }
 }
}


3. In init() of configManager I have
   
            private var remoteServiceProxy : RemoteService = new RemoteService();


            //loadConfig();
remoteServiceProxy.callServ(function(result : Object): void {
   secToken=result.Project.token;
   flag="1";      
   
  });


4. I tried to use function loadConfig() if flag == 1, However everything loads twice.
       
    remoteServiceProxy.callServ(function(result : Object): void {
   secToken=result.Project.token;
   flag="1";
   
   if (flag=="1")
   {
    loadConfig();
   }
   
  });


5. I tried in init function to put loadconfig() inside in init() function. The problem is callback function that makes everything appear twice in flex viewer.
    
remoteServiceProxy.callServ(function(result : Object): void {
   secToken=result.Project.token;
   loadConfig();     
   
  });


6.When I use 
Alert.show(secToken);
in loadConfig(), I can see the token twice.

I am kind of stuck here. It would be great if you could hint me on something. How should I proceed after I have async results back from server?
0 Kudos