About access control

When users access the server, by default, they have full access to all streams and shared objects. However, you can use Server-Side ActionScript to create a dynamic access control list (ACL) for shared objects and streams. You can control who has access to create, read, or update shared objects or streams.

When a client connects to the server, the server-side script (main.asc or yourApplicationName.asc) is passed a Client object. Each Client object has readAccess and writeAccess properties. You can use these properties to control access for each connection.

Implement dynamic access control

The Client.readAccess and Client.writeAccess properties take string values. These values can contain multiple strings separated by semicolons, like this:

 client.readAccess = "appStreams;/appSO/"; 
 client.writeAccess = "appStreams/public/;appSO/public/";

By default, readAccess and writeAccess are set to /, which means the client can access every stream and shared object on the server.

Allow access to streams

  • In main.asc, add an onConnect() function that specifies a directory name on the server in your main.asc file:

     application.onConnect = function(client, name) { 
         // give this new client the same name as passed in 
         client.name = name; 
      
         // give write access 
         client.writeAccess = "appStreams/public/"; 
      
         // accept the new client's connection 
         application.acceptConnection(client); 
     }

    This main.asc file grants access to all URIs that start with appStreams/public.

Deny access to streams

  • In main.asc, add an onConnect() function that specifies a null value for client.writeAccess:

     application.onConnect = function(client, name) { 
         ... 
         // deny write access to the server 
         client.writeAccess = ""; 
     }

Define access to shared objects

  • In main.asc, add an onConnect() function that specifies shared object names, using the same URI naming conventions:

     application.onConnect = function(client, name) { 
         ... 
         client.writeAccess = "appSO/public/"; 
     }

    This gives the client write access to all shared objects whose URIs begin with appSO/public/.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy