View comments | RSS feed

Flash Media Server 
Developing Media Applications > Application Development Tips and Tricks > Implementing dynamic access control

Implementing dynamic access control

Server-side ActionScript provides a mechanism to implement dynamic access control list (ACL) functionality for shared objects and streams. By default, all connections have full access to all streams and shared objects. You can control who has access to create, read, or update shared objects or streams. Every connection to a server-side application instance is represented by a Client object on the server-side, and each Client object has two properties: readAccess and writeAccess. Using these two properties, you can control access on a per-connection basis.

Because shared object and stream names are strings, and both follow the same rules of URI-encoded data, you can define access based on them. The client.readAccess and client.writeAccess commands take string values. These values can contain multiple string tokens, or unique identifiers for the object names you want to control, separated by semicolons (;). Two example strings follow: 

client.readAccess = "appStream;/appSO/"
client.writeAccess = "appStreams/public/;appSO/public/"

Using these calls and the string token convention, you can create shared objects and streams that follow well-defined patterns. For example, suppose all shared objects that the application creates start with the prefix appSO, shared objects available for all users begin with the prefix appSO/public, and shared objects you want to protect have the prefix appSO/private.

If you set the read access as follows:

client.readAccess = "appSO/"

the server allows all connected clients to subscribe to shared objects with names that begin with appSO.

Similarly, you can make the call:

client.writeAccess= "appSO/public/"

and the client can create only shared objects with names that begin with appSO/public, such as appSO/public/foo, but is denied access to appSO/private, and so on.

By using the preceding feature, and designing a naming scheme for streams and shared objects, you can implement ACLs. For more information, see the Client.readAccess and Client.writeAccess entries in the Server-Side ActionScript Language Reference.

Comments


PsydAzaTrans said on Sep 19, 2006 at 1:13 PM :
I'm wondering if there are any links to additional use with the client class and ways of dynamically implementing it with other RIA features.

Also how it's being used with Actionscript 3 and Flex 2. That would be nice to know.
No screen name said on Aug 10, 2007 at 6:21 PM :
In my application, the property readAccess work fine. But the property writeAcess only allow the client to write in sharedObject if it (writeAcess property) is set to "/".
If I try another path, (different of "/"), this property don't work.

Somebody already had this problem?
No screen name said on Aug 21, 2008 at 1:22 AM :
Yes. I have too this problem. If writeaccess = "12" in this case
client ca write files like 12 or 1234343 with prefix 12

 

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/fms/2/docs/00000116.html