I have a JAX-RS (Rest) web service, that only enables access through SSL.
If I try to acces it though IE feeding the according parameters, I get the correct response.
Now using Flex's HTTPService component like this:
<s:HTTPService id="httpsService"
url="https://myIp:myHTTPSPort/JAXRS/jaxrs/GetText"
resultFormat="text"
result="httpsService_resultHandler(event)"
fault="httpsService_faultHandler(event)">
<s:request>
<text>My Text</text>
</s:request>
</s:HTTPService>
The fault event is started with the "HTTP request error" faultstring.
I already added this crossdomain file to the WEB-INF folder of the web service project:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="flexApplicationIp" secure="true"/>
</cross-domain-policy>
...but as you might have guessed didn't work.
I have a self generated HTTPS certificate on the host of my web service, so I dont'k know if I need to add it on Flex somewhere.
Any ideas?
at least, crossdomain.xml should be placed in root of your war file, because it has to be accessible by flash plugin. according to specification, contents of WEB-INF is NOT directly accessible by clients.
Just added the certificate following the steps mentioned here and voilá... Got it working
Related
I am getting Error "2048" while accessing one of my deployed application of flex which is deployed on apache server.
I am using database which is hosted on other server and my application is on different server.
I have added crossdomain.xml in application's directory eg. apache.../webapps/MyApplication/crossdomain.xml
I can access crossdomain.xml successfully.
Are you loading the crossdomain.xml file manually by loadPolicyFile() function ?
System.security.loadPolicyFile("http://yourdomain.com/webapps/MyApplication/crossdomain.xml");
or
try moving the crossdomain.xml file to the root of your web server as http://yourdomain.com/crossdomain.xml
Also you can use flashbug extension for firebug to see all the policy violations... its very handy.
Get Flashbug
You are on the right way.
When you required information from an application on a host, you have, for flash security purpose, to copy the crossdomain.xml file in the root web dir on the server hosting the application.
Now maybe the problem comes from your crossdomain.xml file, try this one :
<?xml version="1.0"?>
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>
I get the below error when i am trying to make a java call from flex.
[RPC Fault faultString="Send failed"
faultCode="Client.Error.MessageSend"
faultDetail="Channel.Security.Error error
Error #2048: Security sandbox violation:
'http://sample.com/sample.swf' cannot
load data from
http://sample:8080/messagebroker/amf.
url:
'http://sample:8080/messagebroker/amf'"]
When i tried running the same in my local tomcat server, this was working fine. But when hosted as a site, i am getting this error. I tried placing the crossdomain.xml file in the root directory too. But the error would never go. crossdomain file is like below.
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" to-ports="*"/>
<cross-domain-policy/>
The logs says this
Connection to
'http://sample:8080/messagebroker/amf'
halted - not permitted from
http://sample.com/sample.swf.
has anyone faced a similar problem in hosting a flex site?
Take a look you have a different domains http://sample.com/ and http://sample:8080/.
A bit late to the game, but some other items to check.
You stated you can run off of the local instance of tomcat. I am going to assume you are invoking this service as localhost and not by IP address (and/or computer name). If you are running a flex app and you have not changed your run configurations, you are running from to localhost. Once you leave the locahost domain, ensure that you go into your run configurations (the little down arrow next to the run or debug button), and enter the local path you are running the application from using your IP address. Now you will be running IP address of application to IP address (or whatever not localhost) of service. This usually will resolve the problem.
Next, ensure your crossdomain.xml file is located at the ROOT of the server. you should be able to browse to http://yourhostname/crossdomain.xml. There should not be any pathing involved. crossdomain.xml should be at root level of hosting service.
It might also be necessary to set your local instance of workspace for Flex to a virtual directory under your web server (IIS, tomcat). In my case I can browse to 127.0.0.1/workspace/someflexapp/bin-debug/projectname.html and the flex app will run.
Been through this many times and following the above steps has always resolved the problems.
You can use a crossdomain.xml file such as below for open access to most everything that flex will request from a web/soap service.
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
<allow-http-request-headers-from domain="*"/>
</cross-domain-policy>
I have to deploy a webapp on Tomcat 6.0.24, serving some webservices that should be accessed with REST-style methods (not fully REST, since the used flex class HTTPService can just send GET and POST).
The webservices are deployed at http://localhost:8080/-webappname-/rest/-methodname-
The problem is that the policy of flex sandbox (i think it is called so) requires that the server with the services has to offer a file crossdomain.xml on his root directory.
I created that file with the following contents:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
Now i have to find the right place to put it, since i also have an apache server running on that machine, on port 80:
in the /var/www of apache?
Accessible at http://localhost/
in the ROOT of the tomcat default
webapp? Accessible at
http://localhost:8080/
I am testing it and it does not seem to work. Maybe i am not doing it right.
PS: I think Apache is not configured to manage Tomcat-addressed requests, every request is dispatched by port, i think.
I can not provide the exact flex error since i am not developing that part. I will try to make a minimal example in the next hours and see if i can reproduce the problem.
It actually doesn't matter where you stick it (physically) as long as the URL request "http://localhost:8080/crossdomain.xml" returns the right file.
I'm having issues with cross domain access from a Silverlight project to a WCF service in ASP.
This tutorial recommends making crossdomain.xml or clientaccesspolicy.xml files and putting them in the web root of the service.
I have made these files, and put them in the top level of the project in Visual Studio. I'm still having the problem. Does that mean that I have the files in the wrong place?
clientaccesspolicy.xml:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
crossdomain.xml:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Update: I'm currently just working on the development server. How can I make it work there?
As far as I know they have to go in the root directory of the web server ( / ) and not the root of your web project.
These files must be deployed along with the WCF service on the IIS web-server.
So the "root" is not the one of your project but the one of the web-site (in the sense of a IIS web-site).
One problem you end up with using the developement web server is that the web project holding your WCF service may well specify a virtual path. This places what appears at the root of the project in a virtual folder down from the "/" root from the clients perspective. Hence placing a clientaccesspolicy.xml file at the root of your project doesn't put the file at "/clientaccesspolicy.xml" where the silverlight client will expect it to be.
In Visual Studio open the properties window for the web project hosting you WCF services, select the Web tab, set the Virtual Path to "/". (You probably want to do that before you create the references and proxies to it in the Silverlight project).
BTW unless you intend to support client technologies other than Silverlight you do not need the crossdomain.xml file.
My files were in the right place. The problem is that the names of those two files were swapped - the SL cross domain rules were named with the Flash file name, and vice versa.
Does flash.security.allowDomain("*") allow for redirects?
The reason why I ask is that I'm trying to load a swf which is redirected from a url, but am getting an IOError when loading.
The AS2 docs shed light into adding the url for the final domain, but I was wondering if there were any changes for AS3 or any security updates.
Thanks!
Had there been a security issue, there would have been Security Error.
You are getting an IOError, this is because you are calling swf from wrong location(though it is redirected to the content location but flash is very specific about domain names.)
This has nothing to do with Security.allowDomain("*"); - this line is written into the swf for it to be accessed from anywhere.
Your question is not very clear. As far as I understand, the solution is to call the swf from actual content location and to make it accessible there are two options:
Put crossdomain.xml at actual location from where you are trying to load the SWF, e.g. https://www.domain.com/crossdomain.xml:
<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="myapp.com" />
</cross-domain-policy>
DON'T use <allow-access-from domain="*" /> unless your domain doesn't use cookies or HTTP Auth and you clearly understand that anybody will be able to make requests on behalf of your users.