OpenPeak Flash app XMLSocket Security Problem
We're trying to create an app for OpenPeak. The Flash app will act as a clien开发者_如何学Ct to a Java server on another computer on another domain.
The Flash app client connects via XMLSocket. The Java Server uses ServerSocket to receive a request and send back a message.
In order to trust the server, the Flash client needs a socket master policy file to tell it that the server comes from a trustworthy domain. According to an article on Adobe, when a connection has succeeded, the Flash client automatically requests the cross-domain policy or socket master policy file on port 843.
Still, even when we implement it according to the tutorials and recommendations we have read, the Flash client continues to throw the following security error:
SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"
We've tried logging the policy file request during testing to see if there was any call made to port 843. There was not.
Interestingly, even without a policy file, the Flash client still manages to send the first data message to the server successfully. It's just when the server tries to send back a reply that the entire thing hangs for about 10 seconds before the security error above is displayed.
Any ideas / suggestions?
In order for flash to access another domain you'll need a crossdomain.xml file, For this specific need you will probably have to specify a custom URL. Here is the code you need to do that:
flash.system.Security.loadPolicyFile("{Url to my crossdomain.xml file on the SSL virtual root}");
Here is a sample file which disables flash's "Same Origin Policy" protection for the domain that is using this file. Limiting this access to specific domains is highly recommended, but this is not always possible for some apps.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.*" secure="false" />
</cross-domain-policy>
To debug this I would use TamperData to make sure flash is actually downloading the crossdomain.xml file. If you need to debug rtmp or some other non-http protocol then you'll have to use Wireshark.
精彩评论