1 Reply Latest reply on Jan 29, 2010 12:08 PM by geomagnet

    about the socket security problem,Plese help.

    anaping wan Level 1

      I use the port 843 server to send xml to swf.But not work. Please help. My Code is:

      Server:

      //HelloTest.java

       

      import java.io.IOException;

      import java.net.ServerSocket;

      import java.net.Socket;

       

      //让其继承线程类是为了更好控制 其余的线程

      public class HelloTest extends Thread {

       

      /**

      * @param args

      */

      public static void main(String[] args) {

      // TODO Auto-generated method stub

      //发送策略的服务器

      new HelloTest().start();

       

      //这个是用的fuq

      new Thread(new QtServer()).start();

       

       

      }

      @Override

      public void run()

      {

      System.out.println("策略服务器启动");

        boolean lising=true;

      ServerSocket ss;

      try {

      ss = new ServerSocket(843);

      while(lising)

        {

       

      try {

      //得到socket服务器

       

       

        Socket sc=ss.accept();

      SendPolicyFile sp=new SendPolicyFile(sc);

       

      System.out.println("为什么呢");

      new Thread(sp).start();

       

       

      } catch (IOException e) {

      // TODO Auto-generated catch block

      e.printStackTrace();

      }

       

      try {

      Thread.sleep(1000);

      } catch (InterruptedException e) {

      // TODO Auto-generated catch block

      e.printStackTrace();

      }

       

        }

      ss.close();

      } catch (IOException e1) {

      // TODO Auto-generated catch block

      e1.printStackTrace();

      }

       

       

      }

       

      }

      //SendPolicyFile.java
      import java.io.IOException;
      import java.io.InputStream;
      import java.io.OutputStream;
      import java.io.PrintWriter;
      import java.net.Socket;
      public class SendPolicyFile implements Runnable {
        
      private Socket soc;
      private OutputStream _socketOut;
      private InputStream _socketIn;
      public SendPolicyFile(Socket s) throws IOException
      {
      this.soc=s;
      _socketOut=s.getOutputStream();
      _socketIn=s.getInputStream();
      //设置超时的限制
      //soc.setSoTimeout(1000);
      }
      public void run() {
      // TODO Auto-generated method stub
          try {
      readRandSp();
      } catch (IOException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
      }
      }
      @SuppressWarnings("unused")
      private void readRandSp() throws IOException
      {
        if(read().equals("<policy-file-request/>"))
        {
        System.out.println("write Policy to flash");
        writePolicy();
        }
              //close stream and socket
        close();
      }
      //写策略文件的方法
      private void writePolicy() throws IOException
      {
         String string1="<?xml version=\"utf-8\" ?><cross-domain-policy><site-control permitted-cross-domain-policies=\"master-only\"/><allow-access-from domain=\"*\" to-ports=\"8001\"/></cross-domain-policy>"+"\u0000";
      PrintWriter pw=new PrintWriter(_socketOut);
      pw.println(string1+"\u0000");
      pw.flush();
      pw.close();
      //
      System.out.println(string1+"\u0000");
      //关闭流
      //关闭socket
      }
      public void close()
      {
        if(_socketOut!=null)
      try {
      _socketOut.close();
      if(_socketIn!=null)
        _socketIn.close();
        if(soc!=null)
        soc.close();
      } catch (IOException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
      }
      _socketIn=null;
      _socketOut=null;
      soc=null;
      }
      //发送两个Socket
      private String read() throws IOException
      {
      System.out.println("这里也执行吗");
      StringBuffer buffer=new StringBuffer();
      int codePoint;
      boolean zeroByteRead=false;
      do{
      //这个地方阻塞了
      codePoint=this._socketIn.read();
      //如果接受到的codePoint为null那证明客户端与我们失去连接了
      if(codePoint==0)
        zeroByteRead=true;
      else
      buffer.appendCodePoint(codePoint);
      }
      while(!zeroByteRead && buffer.length()<30);
      return buffer.toString();
      }
      }
      // WqService.java
      import java.awt.List;
      import java.io.PrintWriter;
      public class WqService {
           private List list;
        
           public WqService(List list)
           {
          this.list=list;
         
           }
        
           //发送信息给一个用户
           public void sentToOne(User user,String  str)
           {
          PrintWriter pw=new PrintWriter(user.outputStream);
         
          pw.println(str);
         
          pw.close();
         
           }
           //发送信息给两个用户
        
           public void sentToBoth()
           {
         
         
           }
        
        
      }
      //IdoKnow.java
      import java.io.BufferedInputStream;
      import java.io.IOException;
      import java.io.InputStream;
      import java.io.OutputStream;
      import java.net.Socket;
      public class IdoKnow implements Runnable {
         
      private InputStream _inpts;
          
        //   private OutputStream _oupts;
          
           private Socket _socket;
          
           public IdoKnow(Socket  socket)
           {
          this._socket=socket;
          try {
      this._inpts=socket.getInputStream();
      } catch (IOException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
      }
         
           }
      public void run() {
      // TODO Auto-generated method stub
        byte[] bytes=new byte[1024];
        BufferedInputStream bis=new BufferedInputStream(_inpts);
        int len;
      try {
      System.out.println("大哥我説什么好呢");
      len = bis.read(bytes);
      bis.close();
        System.out.println("大哥我説什么好呢"+new String(bytes,0,len));
        _socket.close();
      } catch (IOException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
      }
      }
      }
      Flex Code:

       

       

      <?xml version="1.0" encoding="utf-8"?>

      <s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"

         xmlns:s="library://ns.adobe.com/flex/spark"

         xmlns:mx="library://ns.adobe.com/flex/halo" minWidth="1024" minHeight="768">

       

      <fx:Script>

      <![CDATA[

      import mx.controls.Alert;

       

      private function conns():void

      {

       

        var so:Socket=new Socket();

       

        so.connect("localhost",8001);

       

        var by:ByteArray=new ByteArray();

       

        so.addEventListener(Event.CONNECT,ec);

        so.addEventListener(IOErrorEvent.IO_ERROR,ei);

       

        function ei(e:IOErrorEvent):void

        {

          Alert.show(e.text);

        }

        function ec(e:Event):void

        {

       

       

       

           setTimeout(sto,5000);

       

      function sto():void

        {

      Alert.show("nnd");

      so.writeUTF("tnnd");

      so.flush();

       

        }

       

        }

       

       

        function sd(e:ProgressEvent):void

        {

       

        Alert.show("Tnnd")

       

             so.readBytes(by,by.length,so.bytesAvailable);

        }

       

       

       

      }

       

      ]]>

      </fx:Script>

      <fx:Declarations>

      <!-- Place non-visual elements (e.g., services, value objects) here -->

      </fx:Declarations>

      <s:layout>

      <s:VerticalLayout />

      </s:layout>

       

      <s:Button label="Connection" click="this.conns()"/>

       

       

      </s:Application>

      please help..............大虾们

        • 1. Re: about the socket security problem,Plese help.
          geomagnet

          Try using "\x00" or "\0" instead of "\u0000".

           

          Also

            so.connect("localhost",8001);

           

          should be

            so.connect("localhost",843);

           

           

           

          There's also some issues with the new policy handler in flash 9+

          http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html#Meta-Policy_Opt ions

           

          I can't make heads or tails of it and have tried all sorts of variations based on these instructions.

          I get nothing but:

           

          OK: Root-level SWF loaded: http://www.jasminescott.net/jsmd/chat2.0.swf
          OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at xmlsocket://74.167.164.72:843 by requestor from http://www.jasminescott.net/jsmd/chat2.0.swf
          Warning: Timeout on xmlsocket://74.167.164.72:843 (at 3 seconds) while waiting for socket policy file.  This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.
          Error: Request for resource at xmlsocket://74.167.164.72:843 by requestor from http://www.jasminescott.net/jsmd/chat2.0.swf is denied due to lack of policy file permissions.

           

          But the file is there and will push out to socket the instant it detects the policy request.(as seen when I override the request and run localhost).

           

           

          So...to give you what I've done that doesnt' work:

           

          • Changed the server port to run on 843 - in attempt to eliminate master-policy issue'
          • Added :Security.allowInsecureDomain("*");
            Security.allowDomain("*");
            Security.loadPolicyFile("xmlsocket://"+IPaddress+":"+port); to AS before connection is requested in hopes the policy file will be returned.
          • Added null characters in all formats (at different times) - seems the "\0" is the only one that gets a response from flash player.
          • Modified my headers to Content-type: text/x-cross-domain-policy.  Did nothing that I could see.
          • Ran both inline "xml string" and fileread "policy.xml" to see if there was a formatting issue...did not work.
          • Stripped out all characters with trim() function
          • Found an unknown character a beginning of output which I had to remove with msg.substring(1) function.  This took three days to find and allowed flash to talk bi-directional with server (on localhost)...I thought I was home free.  And then came the policy-file-request.

           

          In all honesty, I feel very demoralized and humiliated. As you have seen, there will be no help from this forum. Even with Adobe's best effort at providing instructions on how to use these utilities, I'm unable to decipher the cryptic instructions.  Maybe I'm too much of a simpleton, but it would be nice to see a live working example of this in various versions AS2, AS3, java-server, C# server...whatever...accompanied by the source code.

           

          I don't know what to do. I've spent days looking for the answer and trying various solutions. All I wanted to was a simple chat client but got a time vampire instead.

          1 person found this helpful