3

I've been trying to load some JSON from a URL with a username/password at the beginning.

So the URL resembles: http://username:password@www.myaddress.org.uk/api/profiles/

I've been using the DataLoader class from greensock and it returns a Error #2032: Stream Error if the authentication is up but loads fine when it is disabled.

I'm trying to add a 'Authorization' URLRequestHeader to get round this issue? Is this the best way forward?

If it is relevant, I'm developing using FlashDevelop 4.0 / Flex SDK 4.5.1 on Windows 7 Enterprise.

Thanks in advance!

Edit:

I'm trying to use headers in a similar way to this post: Flex 3 - how to support HTTP Authentication URLRequest? but I'm not having much success. The base64 encoder I'm using is from here: http://jpauclair.net/2010/01/09/base64-optimized-as3-lib/

2nd Edit: latest code

_loader = new DataLoader(ENDPOINT, { onComplete:handleComplete, onError:handleError, onFail:handleFail } );

_loader.request.method = URLRequestMethod.POST;
_loader.request.data = new URLVariables("required=RandomData");

var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(USER+':'+PASS);
var headerString:String = Base64.encode(bytes);
var header:URLRequestHeader = new URLRequestHeader('Authorization', 'Basic ' + headerString );
_loader.request.requestHeaders.push(header);

_loader.load();

crossdomain.xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy 
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*" />
   <allow-http-request-headers-from domain="*" headers="Authorization" />
</cross-domain-policy>

Edit 3 I've also tried using a URLLoader:

var urlRequest:URLRequest = new URLRequest(ENDPOINT);
urlRequest.method = URLRequestMethod.POST;
urlRequest.data = new URLVariables("required=RandomData");

var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(USER+':'+PASS);
var headerString:String = Base64.encode(bytes);
var header:URLRequestHeader = new URLRequestHeader('Authorization', 'Basic ' + headerString );
urlRequest.requestHeaders.push(header);

_urlLoader = new URLLoader(urlRequest);
_urlLoader.addEventListener(Event.COMPLETE, temp_handleComplete);
_urlLoader.addEventListener(IOErrorEvent.IO_ERROR, temp_handleError);
Community
  • 1
  • 1
Hawks
  • 534
  • 3
  • 14
  • 2
    In those HTTP Authentication example is commented that: "Interestingly, it also fails unless at least one URLVariables name-value pair gets packaged with the request, as indicated above. That's why many of the examples you see out there (including mine) attach "name=John+Doe" -- it's just a placeholder for some data that URLRequest seems to require when setting any custom HTTP headers. Without it, even a properly authenticated POST request will also fail." and "You'll almost surely have to modify your crossdomain.xml file to accommodate the header(s) you're going to be sending." – Ilya Denisov Oct 13 '11 at 11:26
  • Thanks for the comment, unfortunately I hoped that had been my mistake but I've set the crossdomain.xml as above etc and still no success. – Hawks Oct 13 '11 at 13:17
  • So I'm pretty certain that it's the API that I'm accessing that has the problem with the POST (instead of a GET). I'm not going to publish an answer as I'm just going to have to get this done a different way now but this technique probably stands as successful, just not for my case. – Hawks Oct 13 '11 at 14:02
  • Ummm...where is _urlLoader.load( urlRequest ) call? – Ilya Denisov Oct 13 '11 at 14:03
  • It doesn't need it. Its URLRequest is passed into the constructor and it happens automatically. The event listeners are called successfully in tests. – Hawks Oct 13 '11 at 14:04
  • Ok. The only think I can recommend is to subscribe for HTTPStatusEvent.HTTP_STATUS and look what statuses are received. – Ilya Denisov Oct 13 '11 at 14:13

1 Answers1

1

Basic Authentication is pretty restricted in Flash, especially if you're looking to consume an API. I would suggest wrapping the request at your own server where you could implement a session-based or key-based authentication.

Eg. http://api.your-domain.co.uk/api/profiles/?key=0123456789abdef would invoke a server-side script that 1) checks for the validity of the API key and 2) fetches data from http://username:password@www.myaddress.org.uk/api/profiles/ and returns it.

If you're using more than the "/api/profiles/" out of the API, I suggest writing a rewrite that would accept any path and fetch the corresponding remote path. The script can be anything that is supported on your server, from a php script to a bash script.

Or if your server application supports it you may even use something like mod_proxy for setting up a Reverse Proxy. Actually, now that I think about it, a reverse proxy using Apache or Lighttpd might be the easiest of the solutions! (See: http://httpd.apache.org/docs/2.0/mod/mod_proxy.html)

Mihai Alexandru Bîrsan
  • 677
  • 6
  • 12