Application Development Tips and Tricks > Application design and development > Implementing dynamic access control
Application Development Tips and Tricks > Application design and development > Implementing dynamic access control |
|
Implementing dynamic access control
Server-side ActionScript provides a mechanism to implement dynamic access control list (ACL) functionality for shared objects and streams. By default, all connections have full access to all streams and shared objects. You can control who has access to create, read, or update shared objects or streams. Every connection to a server-side application instance is represented by a Client object on the server-side, and each Client object has two properties: readAccess and writeAccess. Using these two properties, you can control access on a per-connection basis.
Because shared object and stream names are strings, and both follow the same rules of URI-encoded data, you can define access based on them. The client.readAccess and client.writeAccess commands take string values. These values can contain multiple string tokens, or unique identifiers for the object names you want to control, separated by semicolons (;). Here are two example strings:
client.readAccess = "appStream;/appSO/" client.writeAccess = "appStreams/public/;appSO/public/"
Using these calls and the string token convention, you can create shared objects and streams that follow well-defined patterns. For example, suppose all shared objects created by the application start with the prefix appSO; shared objects available for all users begin with the prefix appSO/public; and shared objects you want to protect have the prefix appSO/private.
If you set the read access as follows:
client.readAccess = "appSO/"
the server will allow all connected clients to subscribe to shared objects whose name begins with appSO.
Similarly, you can make the call:
client.writeAccess= "appSO/public/"
and the client can create only shared objects with names beginning with appSO/public, such as appSO/public/foo, but would be denied access to appSO/private, and so on.
By using the above feature, and designing a naming scheme for streams and shared objects, you can implement ACL. For more information, see the Client.readAccess and Client.writeAccess entries in the Server-Side Communication ActionScript Dictionary.
|