2 Replies Latest reply on Dec 4, 2009 11:53 AM by Alex Glosband

    Security Error in accessing Web service from Flex.Where to put crossdomain.xml in axis container?

    Raja Himanath

      Hi guys.


      Typically webservices are invoked across domains. Flash has defined certain policies which prevent crossdomain access. The only way to bypass this security feature is to put a crossdomain.xml file within the server root of the webservice provider i.e. in our case at http://abc.com. A sample example of crossdomain.xml is as below:

      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
           <site-control permitted-cross-domain-policies="all" />
           <allow-access-from domain="*" secure="false"/>
           <allow-http-request-headers-from domain="*" headers="*" secure="false" />


      If the crossdomain.xml is not added the developer will get “Security Error accessing URL” type of messages.

      The above mentioned information should be enough for you to get your flex based WebService client up and running.


      We are using axis2 to build webservices. We deployed the webservices under axis2 container under repository/srvices folder . But in Flex when we try to call the webservices we were getting the exception saying security error in accessing url. The solution is we need to put the crossdomain.xml o that it is loaded at runtime and allow us to access. In tomcat if we put the file under ROOT directory we could accss the file and we were able to access the webservices deployed under Tomcat. But I googled for Axis2 container and couldnt find any solution.


      Please post the reply if anyone knows the solution to it.