Security Sandbox
71 views
Skip to first unread message
Prem
May 19, 2009, 5:44:13 PM5/19/09
to AS3 HttpClient
I am trying to do a simple header get request with authentication with
HTTPClient
var client:HttpClient = new HttpClient();
var uri:URI = new URI("http://www.myurl.com/?xy="+x+","+y
+"&fields=s"+PermitNum?+",s1");
var request:HttpRequest? = new Get();
var creds:String="username:password";
var encoder:Base64Encoder? = new Base64Encoder?();
encoder.encode(creds);
var encodedCreds:String=encoder.toString();
request.addHeader("Authorization", "Basic " + encodedCreds);
client.request(uri, request);
and I get this error
Connection to myurl.com:80 halted - not permitted from
http://www.myurl.com/myproj/bin-debug/SMS2.swf Error: Request for
resource at xmlsocket://www.myurl.com:80 by requestor from
http://www.myurl.com/myproj/bin-debug/SMS2.swf is denied due to lack
of policy file permissions.
What policy file permissions do I need to have? Below is my cross-
domain.xml . I put in all "*"s just to test things and it still doesnt
work. Can someone please help?
<cross-domain-policy> <site-control permitted-cross-domain-
policies="master-only"/> <allow-http-request-headers-from domain="*"
headers="*"/> <allow-access-from domain="*"/> </cross-domain-policy>
HTTPClient
var client:HttpClient = new HttpClient();
var uri:URI = new URI("http://www.myurl.com/?xy="+x+","+y
+"&fields=s"+PermitNum?+",s1");
var request:HttpRequest? = new Get();
var creds:String="username:password";
var encoder:Base64Encoder? = new Base64Encoder?();
encoder.encode(creds);
var encodedCreds:String=encoder.toString();
request.addHeader("Authorization", "Basic " + encodedCreds);
client.request(uri, request);
and I get this error
Connection to myurl.com:80 halted - not permitted from
http://www.myurl.com/myproj/bin-debug/SMS2.swf Error: Request for
resource at xmlsocket://www.myurl.com:80 by requestor from
http://www.myurl.com/myproj/bin-debug/SMS2.swf is denied due to lack
of policy file permissions.
What policy file permissions do I need to have? Below is my cross-
domain.xml . I put in all "*"s just to test things and it still doesnt
work. Can someone please help?
<cross-domain-policy> <site-control permitted-cross-domain-
policies="master-only"/> <allow-http-request-headers-from domain="*"
headers="*"/> <allow-access-from domain="*"/> </cross-domain-policy>
gabe
May 19, 2009, 5:54:46 PM5/19/09
to AS3 HttpClient
You'll need to run a socket policy server on that domain...
See http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
I feel your pain.
On May 19, 2:44 pm, Prem <godsmustbcr...@gmail.com> wrote:
> I am trying to do a simple header get request with authentication with
> HTTPClient
>
> var client:HttpClient = new HttpClient();
>
> var uri:URI = new URI("http://www.myurl.com/?xy="+x+","+y
> +"&fields=s"+PermitNum?+",s1");
> var request:HttpRequest? = new Get();
> var creds:String="username:password";
> var encoder:Base64Encoder? = new Base64Encoder?();
> encoder.encode(creds);
> var encodedCreds:String=encoder.toString();
> request.addHeader("Authorization", "Basic " + encodedCreds);
> client.request(uri, request);
>
> and I get this error
>
> Connection to myurl.com:80 halted - not permitted fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfError: Request for
> resource at xmlsocket://www.myurl.com:80by requestor fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfis denied due to lack
See http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
I feel your pain.
On May 19, 2:44 pm, Prem <godsmustbcr...@gmail.com> wrote:
> I am trying to do a simple header get request with authentication with
> HTTPClient
>
> var client:HttpClient = new HttpClient();
>
> var uri:URI = new URI("http://www.myurl.com/?xy="+x+","+y
> +"&fields=s"+PermitNum?+",s1");
> var request:HttpRequest? = new Get();
> var creds:String="username:password";
> var encoder:Base64Encoder? = new Base64Encoder?();
> encoder.encode(creds);
> var encodedCreds:String=encoder.toString();
> request.addHeader("Authorization", "Basic " + encodedCreds);
> client.request(uri, request);
>
> and I get this error
>
> resource at xmlsocket://www.myurl.com:80by requestor fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfis denied due to lack
Phil Douglas
May 19, 2009, 7:41:24 PM5/19/09
to as3-htt...@googlegroups.com
Gabe did you get a chance to look at my proxy extension the provides a workaround for this?
http://code.google.com/p/as3httpproxyclientlib/
Cheers
Phil
http://code.google.com/p/as3httpproxyclientlib/
Cheers
Phil
Gabe
May 19, 2009, 8:11:39 PM5/19/09
to as3-htt...@googlegroups.com
Oh didn't get a chance to check that out. Looks awesome!
Another alternative is to use an HTTP proxy (was patched awhile back
to take a proxy URI in the constructor):
public function HttpClient(proxy:URI = null, timeout:int = 60000)
I wonder if someone could setup a google app engine project or
something that acts as a http proxy + socket policy server.. might be
a cool project
Another alternative is to use an HTTP proxy (was patched awhile back
to take a proxy URI in the constructor):
public function HttpClient(proxy:URI = null, timeout:int = 60000)
I wonder if someone could setup a google app engine project or
something that acts as a http proxy + socket policy server.. might be
a cool project
JaM
May 22, 2009, 5:33:37 PM5/22/09
to AS3 HttpClient
Even after following this I am still having some issues getting this
to work. I have the following in my crossdomain.xml file
<allow-access-from domain="*" to-ports="*" />
but still get the security error.
Just some background I am deploying this on JBoss, the REST services I
am asking are located within the same instance of JBoss. I have this
file deployed to the life cycle services war file (in the config
directory) and had tried to deploy it to jbossweb.deployer/Root.war
but neither had any impact on the outcome.
This is all new to me so any help is appreciated.
On May 19, 8:11 pm, Gabe <gabri...@gmail.com> wrote:
> Oh didn't get a chance to check that out. Looks awesome!
>
> Another alternative is to use an HTTP proxy (was patched awhile back
> to take a proxy URI in the constructor):
>
> public function HttpClient(proxy:URI = null, timeout:int = 60000)
>
> I wonder if someone could setup a google app engine project or
> something that acts as a http proxy + socket policy server.. might be
> a cool project
>
> On Tue, May 19, 2009 at 4:41 PM, Phil Douglas <ric...@gmail.com> wrote:
> > Gabe did you get a chance to look at my proxy extension the provides a
> > workaround for this?
>
> >http://code.google.com/p/as3httpproxyclientlib/
>
> > Cheers
>
> > Phil
>
to work. I have the following in my crossdomain.xml file
<allow-access-from domain="*" to-ports="*" />
but still get the security error.
Just some background I am deploying this on JBoss, the REST services I
am asking are located within the same instance of JBoss. I have this
file deployed to the life cycle services war file (in the config
directory) and had tried to deploy it to jbossweb.deployer/Root.war
but neither had any impact on the outcome.
This is all new to me so any help is appreciated.
On May 19, 8:11 pm, Gabe <gabri...@gmail.com> wrote:
> Oh didn't get a chance to check that out. Looks awesome!
>
> Another alternative is to use an HTTP proxy (was patched awhile back
> to take a proxy URI in the constructor):
>
> public function HttpClient(proxy:URI = null, timeout:int = 60000)
>
> I wonder if someone could setup a google app engine project or
> something that acts as a http proxy + socket policy server.. might be
> a cool project
>
> On Tue, May 19, 2009 at 4:41 PM, Phil Douglas <ric...@gmail.com> wrote:
> > Gabe did you get a chance to look at my proxy extension the provides a
> > workaround for this?
>
> >http://code.google.com/p/as3httpproxyclientlib/
>
> > Cheers
>
> > Phil
>
> > On Wed, May 20, 2009 at 7:54 AM, gabe <gabri...@gmail.com> wrote:
>
> >> You'll need to run a socket policy server on that domain...
>
> >> See
> >>http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files....
>
> >> You'll need to run a socket policy server on that domain...
>
> >> See
>
> >> I feel your pain.
>
> >> On May 19, 2:44 pm, Prem <godsmustbcr...@gmail.com> wrote:
> >> > I am trying to do a simple header get request with authentication with
> >> > HTTPClient
>
> >> > var client:HttpClient = new HttpClient();
>
> >> > var uri:URI = new URI("http://www.myurl.com/?xy="+x+","+y
> >> > +"&fields=s"+PermitNum?+",s1");
> >> > var request:HttpRequest? = new Get();
> >> > var creds:String="username:password";
> >> > var encoder:Base64Encoder? = new Base64Encoder?();
> >> > encoder.encode(creds);
> >> > var encodedCreds:String=encoder.toString();
> >> > request.addHeader("Authorization", "Basic " + encodedCreds);
> >> > client.request(uri, request);
>
> >> > and I get this error
>
> >> > Connection to myurl.com:80 halted - not permitted
> >> > fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfError:Request for
> >> > resource at xmlsocket://www.myurl.com:80byrequestor
> >> > fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfisdenied due to lack
> >> I feel your pain.
>
> >> On May 19, 2:44 pm, Prem <godsmustbcr...@gmail.com> wrote:
> >> > I am trying to do a simple header get request with authentication with
> >> > HTTPClient
>
> >> > var client:HttpClient = new HttpClient();
>
> >> > var uri:URI = new URI("http://www.myurl.com/?xy="+x+","+y
> >> > +"&fields=s"+PermitNum?+",s1");
> >> > var request:HttpRequest? = new Get();
> >> > var creds:String="username:password";
> >> > var encoder:Base64Encoder? = new Base64Encoder?();
> >> > encoder.encode(creds);
> >> > var encodedCreds:String=encoder.toString();
> >> > request.addHeader("Authorization", "Basic " + encodedCreds);
> >> > client.request(uri, request);
>
> >> > and I get this error
>
> >> > Connection to myurl.com:80 halted - not permitted
> >> > fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfError:Request for
> >> > resource at xmlsocket://www.myurl.com:80byrequestor
Digvijay Richhariya
May 22, 2009, 5:43:36 PM5/22/09
to as3-htt...@googlegroups.com
Try this one
- Modify the default policy file to your one.
- Define 843 port in the config file
- Start the policy server.
Now whenever u will open the socket connection using as3lib, flash will ask for policy file first from the policy server and after getting the policy content it will allow our request to be served through socket connection.
Digvijay
JaM
May 22, 2009, 6:40:38 PM5/22/09
to AS3 HttpClient
Ok, I am a bit lost now. I was under the impression that I was able
to change a configuration on my JBoss server (what is actually serving
the SWF and the REST service) and make this work. What is this and
how do I use it?
On May 22, 5:43 pm, Digvijay Richhariya <digvijay.r...@gmail.com>
wrote:
> Try this onehttp://www.flash-resources.net/download.html
> > > >> > fromhttp://www.myurl.com/myproj/bin-debug/SMS2.swfisdenieddue to
to change a configuration on my JBoss server (what is actually serving
the SWF and the REST service) and make this work. What is this and
how do I use it?
On May 22, 5:43 pm, Digvijay Richhariya <digvijay.r...@gmail.com>
wrote:
> Try this onehttp://www.flash-resources.net/download.html
>
> - Modify the default policy file to your one.
> - Define 843 port in the config file
> - Start the policy server.
>
> Now whenever u will open the socket connection using as3lib, flash will ask
> for policy file first from the policy server and after getting the policy
> content it will allow our request to be served through socket connection.
>
> Digvijay
>
> - Modify the default policy file to your one.
> - Define 843 port in the config file
> - Start the policy server.
>
> Now whenever u will open the socket connection using as3lib, flash will ask
> for policy file first from the policy server and after getting the policy
> content it will allow our request to be served through socket connection.
>
> Digvijay
>
Gabe
May 22, 2009, 6:42:59 PM5/22/09
to as3-htt...@googlegroups.com
Did you read this?
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
Using flash.net.Socket requires a socket policy server. This is a more
strict requirement than the crossdomain.xml
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
Using flash.net.Socket requires a socket policy server. This is a more
strict requirement than the crossdomain.xml
Jamie Johnson
May 22, 2009, 8:29:52 PM5/22/09
to as3-htt...@googlegroups.com
apparently not close enough. I went back and reread and now have a better grasp. The problem is that I really am not sure the environment I am building in will allow me to have this additional server running. Will have to see what the "powers that be" require.
Thanks for all the help.
Thanks for all the help.
Digvijay Richhariya
May 22, 2009, 8:39:43 PM5/22/09
to as3-htt...@googlegroups.com
Even if your http or proxy server can interpret the Flash proxy request "<policy-file-server>" (i.e. non-http request of only 23 bytes) and respond with policy content, then also it can be done.
Jamie Johnson
May 22, 2009, 9:07:10 PM5/22/09
to as3-htt...@googlegroups.com
I hear what you're saying, but unfortunately the environment this is being built for that amounts to the same thing, another open port which will need to have a reason behind it.
Reply all
Reply to author
Forward
0 new messages