Tutorial Feature
Part 1: The Theory
Part 2: The Setup
Part 3: Requesting the Token
Part 4: Logging In
Part 5: Conclusion

Tutorial source files
Flash
Secure login with Flash
HTML
HTML quick tips
Photoshop
Converting Images to Black & White
Part 3: Requesting the Token

When the Flash movie starts up, one of the first things that it needs to do is to request a token from the server. Once again, this is a random chunk of text that is appended to the password before it is encoded. It is important that both the server and the Flash application have the same token, otherwise the password comparison will never result in a match.

There are several means of making the request and retrieving the token. The technique I am using here initiates the request simply by calling a jsp, which in turn replies with the token encapsulated in XML.

Set Up the Token Request JSP

You will need to set up a JSP (or ASP, PHP, or servlet) that can respond to the token request. Included here is the code I used in a JSP called requestToken.jsp. Since I am using Apache Tomcat for a JSP server, I placed this file at "/usr/local/jakarta-tomcat-4.0.4/webapps/ROOT/checkUser/requestToken.jsp". The directory "/usr/local/jakarta-tomcat-4.0.4/webapps/ROOT" is the root directory for my particular installation of Tomcat, while I arbitrarily chose the directory "checkUser" to group files for this project together.

<%@ page import="java.util.*" %>
<%
  String passwordToken = "";
  passwordToken = "*" + (Math.random() * 1035.3) + "*";
  session.setAttribute( "passwordToken", passwordToken );
%>

<?xml version="1.0"?>
<token><%=passwordToken%></token>

Figure 4: Contents of requestToken.jsp.

This code generates a random string token based on some randomizing function, then saves that string in the session object so that the server has easy access to this token later on. The session object is a feature made available to most server-side scripting environments that allows information to be saved across multiple requests made by the same client.

Set Up the XML Handling

To allow Flash to make the initial token request, then parse the returned XML, include the following ActionScript below the "include" statement in your first frame.

token_xml = new XML();
token_xml.load("http://localhost:8080/checkUser/requestToken.jsp");
token_xml.ignoreWhite = true;
token_xml.onLoad = saveToken;

function saveToken(loaded)
{
  if (loaded == true)
  {
    rootNode = token_xml.firstChild;
    token_str = rootNode.firstChild;
    tokenOutput = token_str;
  } else {
    tokenOutput = "*Server not responding*";
  }
}

Figure 5: Token handling ActionScript.

The first chunk sets up the xml object and initiates the request. The "onLoad" event handler is given a reference to a function, called "saveToken" here, that will be called once the server has replied. The second chunk thus will deal with extracting the token from the server's response. You may want to modify the token_xml.load() parameter to point to the appropriate server name, port number, path, and file name according to your server setup.

    < Previous: The Setup Tutorial Start Next: Logging In >    
 © Copyright 2004 Nathan Derksen