From robterrell at gmail.com Thu Jan 3 06:18:12 2008 From: robterrell at gmail.com (Rob Terrell) Date: Thu, 3 Jan 2008 09:18:12 -0500 Subject: [SabreAMF] AMF_Client connecting to FMS? Message-ID: I would like a PHP script to connect to a Flash Media Server, make a call (ala NetConnection.call() in flash) and receive the results. I was hoping it would be so, since FMS implements an HTTP server on port 80, but I can't figure out how to call it. Is this possible? Or would I need to extend SabreAMF to implement some basic RTMP first? Thanks! From evert at rooftopsolutions.nl Thu Jan 3 07:04:44 2008 From: evert at rooftopsolutions.nl (Evert | Rooftop) Date: Thu, 03 Jan 2008 10:04:44 -0500 Subject: [SabreAMF] AMF_Client connecting to FMS? In-Reply-To: References: Message-ID: <477CF98C.3000101@rooftopsolutions.nl> Hi Rob, FMS uses RTMPT over port 80, so sadly.. this won't work. Evert Rob Terrell wrote: > I would like a PHP script to connect to a Flash Media Server, make a > call (ala NetConnection.call() in flash) and receive the results. I > was hoping it would be so, since FMS implements an HTTP server on port > 80, but I can't figure out how to call it. Is this possible? Or would > I need to extend SabreAMF to implement some basic RTMP first? > > Thanks! > > > _______________________________________________ > sabreamf mailing list > sabreamf at osflash.org > http://osflash.org/mailman/listinfo/sabreamf_osflash.org > > From krad at crammerz-inc.net Thu Jan 3 09:41:27 2008 From: krad at crammerz-inc.net (Wilhansen Li) Date: Fri, 4 Jan 2008 01:41:27 +0800 Subject: [SabreAMF] Fwd: Authentication problems/observations/question Message-ID: I have been experimenting with the authentication functions of Flex/SabreAMF using the onAuthenticate callback, here are my observations on accessing a Flex-compiled swf file directly within a browser (havnen't tested it with AIR, cookies, and with Javascript intervention): onAuthenticate calling: - Will only be called once even if you called setCredentials repeatedly with the same credentials (not so sure if you used another set of credentials for each repetition) - Will be called again if you did a RemoteObject.logout and called setCredentials again. Throwing an execption from onAuthenticate: - The client will report a "ping failure" no matter what exception you throw if you called setCredentials before anything else. - The client won't report anything if you threw an exception from onAuthenticate and ONLY called setCredentials - Will report the exception thrown by onAuthenticate if setCredentials is immediately followed by a RPC. PHP sessions: - Gets preserved through the client's lifetime - Won't get reset if RemoteObject.logout is called (i.e. the reset will have to be manually set from the server side. Having these said how would one go about implementing sessions using the AMF format? Or to be a bit more fundamental, what's the purpose of the onAuthenticate callback? (yes I know it's for authenticating.. but what kind of authentication? and what was it meant for?) As I see it, one would probably be better off using his own login/logout protocols/messages/RPCs instead of the built-in onAuthenticate callback. As an additional note, I also checked the examples in the PyAMF implementation and the use is also pretty vague (I haven't actually tried it yet as the setup of python is a bit of a hassle compare of php where you can just do ad hoc testing without touching and htaccess file) -- (<_<)(>_>)(>_<)(<.<)(>.>)(>.<) Life is too short for dial-up. From evert at rooftopsolutions.nl Thu Jan 3 09:56:42 2008 From: evert at rooftopsolutions.nl (Evert | Rooftop) Date: Thu, 03 Jan 2008 12:56:42 -0500 Subject: [SabreAMF] Fwd: Authentication problems/observations/question In-Reply-To: References: Message-ID: <477D21DA.8000107@rooftopsolutions.nl> My personal approach has always been to always use custom methods, because it becomes much easier to supply additional feedback about why authentication didn't work.. Are cookies preserved across all browsers? I don't know exactly which OS + browser combination, but I'm fairly sure there used to always be one of them that never preserved cookies.. I think it's either IE or Windows + FF. This might have changed since FP9, but if it hasn't, Authentication in AS3 is pretty much useless. AMF0 would always submit the user + password with every single request.. The logout thing is actually a feature gap, I think it makes sense to implement an onLogout.. If there's any way you could send me a 'saved charles session', that would be very helpful, and I can probably implement it pretty quickly.. Evert Wilhansen Li wrote: > I have been experimenting with the authentication functions of > Flex/SabreAMF using the onAuthenticate callback, here are my > observations on accessing a Flex-compiled swf file directly within a > browser (havnen't tested it with AIR, cookies, and with Javascript > intervention): > > onAuthenticate calling: > - Will only be called once even if you called setCredentials > repeatedly with the same credentials (not so sure if you used another > set of credentials for each repetition) > - Will be called again if you did a RemoteObject.logout and called > setCredentials again. > > Throwing an execption from onAuthenticate: > - The client will report a "ping failure" no matter what exception you > throw if you called setCredentials before anything else. > - The client won't report anything if you threw an exception from > onAuthenticate and ONLY called setCredentials > - Will report the exception thrown by onAuthenticate if setCredentials > is immediately followed by a RPC. > > PHP sessions: > - Gets preserved through the client's lifetime > - Won't get reset if RemoteObject.logout is called (i.e. the reset > will have to be manually set from the server side. > > Having these said how would one go about implementing sessions using > the AMF format? Or to be a bit more fundamental, what's the purpose of > the onAuthenticate callback? (yes I know it's for authenticating.. but > what kind of authentication? and what was it meant for?) As I see it, > one would probably be better off using his own login/logout > protocols/messages/RPCs > instead of the built-in onAuthenticate callback. > > As an additional note, I also checked the examples in the PyAMF > implementation and the use is also pretty vague (I haven't actually > tried it yet as the setup of python is a bit of a hassle compare of > php where you can just do ad hoc testing without touching and htaccess > file) > -- > (<_<)(>_>)(>_<)(<.<)(>.>)(>.<) > Life is too short for dial-up. > > _______________________________________________ > sabreamf mailing list > sabreamf at osflash.org > http://osflash.org/mailman/listinfo/sabreamf_osflash.org > > From krad at crammerz-inc.net Thu Jan 3 10:33:44 2008 From: krad at crammerz-inc.net (Wilhansen Li) Date: Fri, 4 Jan 2008 02:33:44 +0800 Subject: [SabreAMF] Fwd: Authentication problems/observations/question In-Reply-To: <477D21DA.8000107@rooftopsolutions.nl> References: <477D21DA.8000107@rooftopsolutions.nl> Message-ID: So in other words, the AMF specification is pretty much useless on the authentication protocol as it only explains how data is formatted and not the actual authentication process (which is pretty much true for the AMF3 specs that Adobe released as I see it)? I anycase, we'll probably have to wait for adobe to *actually* relase the BlazeDS source code to be able to implement the finer details of the remoting aspects. On 1/4/08, Evert | Rooftop wrote: > My personal approach has always been to always use custom methods, > because it becomes much easier to supply additional feedback about why > authentication didn't work.. > > Are cookies preserved across all browsers? I don't know exactly which OS > + browser combination, but I'm fairly sure there used to always be one > of them that never preserved cookies.. I think it's either IE or Windows > + FF. This might have changed since FP9, but if it hasn't, > Authentication in AS3 is pretty much useless. AMF0 would always submit > the user + password with every single request.. > > The logout thing is actually a feature gap, I think it makes sense to > implement an onLogout.. If there's any way you could send me a 'saved > charles session', that would be very helpful, and I can probably > implement it pretty quickly.. > > Evert > -- (<_<)(>_>)(>_<)(<.<)(>.>)(>.<) Life is too short for dial-up. From evert at rooftopsolutions.nl Thu Jan 3 10:52:48 2008 From: evert at rooftopsolutions.nl (Evert | Rooftop) Date: Thu, 03 Jan 2008 13:52:48 -0500 Subject: [SabreAMF] Fwd: Authentication problems/observations/question In-Reply-To: References: <477D21DA.8000107@rooftopsolutions.nl> Message-ID: <477D2F00.40508@rooftopsolutions.nl> Actually, I think (but might be wrong) authentication using AMF3 is pretty much useless in general, unless used over RTMP.. Evert Wilhansen Li wrote: > So in other words, the AMF specification is pretty much useless on the > authentication protocol as it only explains how data is formatted and > not the actual authentication process (which is pretty much true for > the AMF3 specs that Adobe released as I see it)? > > I anycase, we'll probably have to wait for adobe to *actually* relase > the BlazeDS source code to be able to implement the finer details of > the remoting aspects. > > On 1/4/08, Evert | Rooftop wrote: > >> My personal approach has always been to always use custom methods, >> because it becomes much easier to supply additional feedback about why >> authentication didn't work.. >> >> Are cookies preserved across all browsers? I don't know exactly which OS >> + browser combination, but I'm fairly sure there used to always be one >> of them that never preserved cookies.. I think it's either IE or Windows >> + FF. This might have changed since FP9, but if it hasn't, >> Authentication in AS3 is pretty much useless. AMF0 would always submit >> the user + password with every single request.. >> >> The logout thing is actually a feature gap, I think it makes sense to >> implement an onLogout.. If there's any way you could send me a 'saved >> charles session', that would be very helpful, and I can probably >> implement it pretty quickly.. >> >> Evert >> >> > > >