0 Replies Latest reply on Jun 10, 2010 1:26 PM by englishbob2

    Socket server security - Java and Flex


      Hi all,

      I have seen messages on this topic all over the web, so apologies for  starting a new one but I have been on this for 48 hours with no joy.

      I have a tomcat webapp holding a swf and running two java sockets, one  on port 843 and one on port 7777.  It is my understanding that when AS3  (I am using flex but I assume that does not matter so much) connects to a  socket, it will send a simple <policy-file-request> to port 843  and then if no response it will try port 7777.  My SocketServer on 843  is hearing these requests and is echoing to my tomcat log that it is  writing a policy file (an xml string which I think is fine judging from  others posts).  The thing is that flash never hears this - and a  SecurityError is thrown after 4/5 seconds.

      There are a whole load of things I have tested - someone suggested  returning the XML as soon as a connection is made and not waiting to  read the <policy-file-request>, someone suggested checking that  the XML is well formed and is of the correct schema for FP10, someone  has suggested trying to connect multiple times.  Others have suggested  checking for a \0 character at the end of the XML returned. I have tried  all of these ot no avail.   I understand from a few websites that  Security.loadPolicyFile(URL) is no longer allowed on FP10 - that a  socket request must obtain the cross domain policy file by socket,  although I have tried this approach too!

      So my question is does anyone have a working example of flex connecting  to a java socket on a network (not running from local files, that works  fine).
      The next thing I'll try is installing an older version of flash player since the one I'm using doesn't seem to produce any policy log files.

      Thanks and best!