I am hosting a java service and a flex application on the same server. The flex application accesses the java service. As the flex application loads I get a security error, how can this happen? I thought I do not need a crossdomain.xml when hosting on the same server.
My flex app gets the data via a http service that sends calls to 1.2.3.4:9000/service, the flex application itself lies on 5.6.7.8/test.swf, my crossdomain.xml looks like the following
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="5.6.7.8" to-ports="*" />
</cross-domain-policy>
It is accessible from 1.2.3.4:9000/crossdomain.xml. Note that everything works when I use domain="*" instead of domain="1.2.3.4"
I hope someone can help me
Sebastian
If your Flex app is on the server with ip 5.6.7.8 you need to allow that ip in the crossdomain for the 1.2.3.4 server. This let's the Flash running from 5.6.7.8 know that 1.2.3.4 allows connections from that specific adress.
If you still have the same problem a quick way to find out what's going on is to use a debug proxy (i like Charles). That way you'll see flash' request for the crossdomain.xml and what the response looks like, most likely the request is going somewhere you didn't expect or the server messes it up somehow.
Are you using Sockets?
In that case you need to serve Policy Files either with your existing Java Server or a standalone one.
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
Does 1.2.3.4 represent an IP address?
If so I believe you have to use a domain name here not an ip address, otherwise you could have several domains on the same server and bypass the same domain checks.
Related
Can someone please help with how I configure my WCF service. The environment is IIS6 and the service can only be accessed via https (the firewall only allows connections to the server on port 443).
So, when I access https://myservice.com/Service.svc it gives me the URL of the WSDL file, which is the correct https address (I got this working by enabled httpsget, i think, there has been a lot of guess work!)
However, if I then consume the service, the end point address is http://localservername/Service.svc.
I assume I need to configure my web.config file to return the correct soap address, but having googled and read so many posts about endpoints, binding and behaviours, I am confused.
Can someone please clear this up for me, how do I configure my service to allow https connection and get the correct SOAP address?
Cheers
Chris
Does this help?
http://weblogs.asp.net/srkirkland/archive/2008/02/20/wcf-bindings-needed-for-https.aspx
Quote the Note:
"Just one note: after 3 hours we realized that webHttpBinding is not suitable for regular SOAP-based clients (one has to watch these bindings :) We switched webHttpBinding to basicHttpBinding and our SOAP-based clients were able to parse the generated WSDL and to consume the web service."
I have recently uploaded my flex applicaiton on server, it works fine on my system (localhost) but on the production server it tries to access http://localhost/crossdomain.xml which is not available and end up showing "loading" eternally.
Check your code and see if anywhere you are referencing localhost url.Like,for instance you might be using a localhost url for a httpservice call.
I have a flex client communicating with a zend-framework based server. Client and Server are hosted on different computers (also on the same development computer with different url). What I had to do to make it work is as follows:
I had to edit the file \src\services\_Super_MyHttpService.as in my flex client's source code and update http url from http://localhost/ to http://SERVER_IP/ for variable called _serviceControl. Then compile the flex client.
I also put crossdomain.xml file in the server's root directory with content like:
<?xml verspion="1.0">
<cross-domain-policy>
<allow-access-from domain="CLIENT_IP"/>
</cross-domain-policy>
Note: replace SERVER_IP, CLIENT_IP with the correct IP address where the server and flex clients are hosted respectively.
I have a problem using Flex with BlazeDS on a Tomcat 5.5 through a Proxy (Apache). I already searched for it but didn't find answers which solved my problem. I hope you guys can help me out. :-)
Our scenario is the following:
Flex-App using BlazeDS to communicate with our Dataservice on a Tomcat 5.5. The Webapp is balze enabled and the services config contains channel definitions like the following:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://xxx.xxx.xxx.xxx:8180/myDataService/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint">
</channel-definition>
I set the Flex Server Root URL to http://xxx.xxx.xxx.xxx:8180/myDataService (Context Root: /myDataService) and compile my flex application against this services-config.
After that I deploy my flex application and my dataservice on a server with some ip address xxx.xxx.xxx.xxx. The two applications are available after that
using http://xxx.xxx.xxx.xxx:8180/myFlexApp or for the dataservice: http://xxx.xxx.xxx.xxx:8180/myDataservice
The tomcat is listening on port 8180.
If I open my flex application using the URL with the ip address everything is working fine. My application is receiving data perfectly.
Ok. Everything fine so far.
Now I want to use a proxy server (via apache http server) to hide the ip and use a domain name.
I do the following changes to my services-config:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://mydomain.com/data/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint">
</channel-definition>
I set the Flex Server Root URL to http://mydomain.com/data (Context Root /data) and compile my flex application against this services-config.
I deploy the applications again on the same tomcat as before.
Now I create an entry in the sites-available (sites-enabled) folder of my apache directory (etc/apache2/sites-available/) called mydomain.com
I create a Virtual Host with ServerName www.mydomain.com and ServerAlias mydomain.com. I also add the neccessary rules in the Proxy block and the other stuff neccessary for the virtual host definition.
The following ProxyPass/ProxyPassReverse entries are contained in this file:
ProxyPass /flexApp http://xxx.xxx.xxx.xxx:8180/myFlexApp
ProxyPassReverse /flexApp http://xxx.xxx.xxx.xxx:8180/myFlexApp
ProxyPass /data http://89.19.229.148:8180/myDataservice
ProxyPassReverse /data http://89.19.229.148:80/myDataservice
After that I can open the flex Application with http://www.mydomain.com/flexApp in the browser and it loads. But an error message is thrown when it tries to contact the dataservice using blazeds.
I even can't open the URL http://mydomain.com/data/messagebroker/amf. A 404 Error is displayed. Before - using the ip address - a blank page was displayed.
The weird thing is, that the non-blaze Servlets are working fine. e.G. I can open http://mydomain.com/data/myServlet and it works. Only Blaze doesn't work.
Do you have any ideas why this problem occurs and how i may solve it. Thanks a lot in advance. You're really helping me out!!!
Henrik
Both BlazeDS and the Flex app are using the URL in the channel-definition's endpoint. But the URLs actually need to be different. BlazeDS needs to use the myDataservice/messagebroker/amf URL while the Flex app needs to use the data/messagebroker/amf URL. So you can either make both URLs the same, ie. myDataservice
instead of data. Or you can manually set the channel information in the Flex app instead of having it read the services-config file.
I'm using AJP for the request redirection:
// enable mod_proxy_ajp
a2enmod proxy_ajp
The proxy configuration looks like this:
ProxyPass /flexApp/messagebroker/ ajp://localhost:8009/flexApp/messagebroker/
In our flex/air application we are calling a web service over https. The web service is java based and has, at the moment, an untrusted certificate.
When doing a POST to the service with some json, the payload on the server side is pretty garbled. A popup does occur asking whether you want to continue and even when I do and add the untrusted certificate into my keychain (on the mac), the data sent through always comes through mangled.
I installed charles http proxy to see the actual traffic and it seems at times I'm getting a SSLHandshakeException back... I'm guessing this is causing the garbled data as ssl isn't being setup properly.
So, to the question - can air/flex handle untrusted certificates? Is there a workaround that you can do? For example in java with commons httpclient you can work around it at the socket level.
Thanks,
Kieran
I don't know but it might help if you use the secure attribute in your server-side crossdomain.xml like this:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="mydomain.com" secure="false" />
</cross-domain-policy>
Here is My ActionScript Code:
var S:Socket=new Socket("127.0.0.1",2222);
Here is My CrossDomain.XML File (Located at http://127.0.0.1/crossdomain.xml)
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="2222"/>
</cross-domain-policy>
Here is The Error I Am Getting
Ignoring policy file at xmlsocket://127.0.0.1:2222 due to incorrect syntax.
Having never used one before, I don't understand what's wrong with the syntax of my CrossDomain file.
Please Help.
Socket policy files work a little differently than HTTP policy files; in particular, they aren't served via HTTP, or at port 80.
Instead, Flash Player checks for a policy file server (port 843 by default), or if necessary, on the socket you're opening (for you, port 2222).
A policy file server is a socket which responds to a <policy-file-request/> with a valid policy file. What's happening with your message is likely that it's sending its request and getting something other than a policy file back, hence invalid syntax from port 2222.
There are a lot of resources out there, and a number of questions here on SO. Here's one tutorial from Adobe.