A lot of people in the process of dealing with security policy problems, I also summed up some experience for your reference. In Flash Player 9.0.124.0 and later versions, the socket policy file is required for any socket connection. That is, a socket policy file is required on the target host regardless of which port is connected, even if the port on the same host that provides the SWF file is connected. Connection steps:
0. The file system does not request policy files, whether below or above 1024 ports, that are not requested on a network basis.
1. first send a null-terminated <policy-file-request/> message, check the server 843 port for Security policy files, the policy file format is:
<cross-domain-policy>
<allow-access-from domain= "*" to-ports= "80-9000"/>
</cross-domain-policy>
When the policy file is sent back, it is necessary to end with 0, if the 843 port in 3 seconds did not request to the policy file or the To-ports configured port does not allow links, then break the link throw securityerror, this is the Flash initiative.
2. If your client socket or Xmlsocket connection is set Security.loadpolicyfile ("xmlsocket://Service Address: Application Port"), connect your application target port to request security policy files. Requests and responses are not set as above, and are not requested. The request was made before the Connect was invoked.
3. If you are HTTP request way to set Security.loadpolicyfile ("http://Service Address/crossdomain.xml "), crossdomain.xml the contents of the file as above, placed in the site root directory on the line. For example, Mop'sHttp://www.mop.com/crossdomain.xml
Solution 1: use Adobe official files directly on the server's 843 port to establish a service, so the fastest response, but for the deployment of the application is a problemhttp://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
Solution 2: The client must add Security.loadpolicyfile ("xmlsocket://Service Address: Application Port"), handle on the private protocol on the server application port, the general protocol is length + type + data, This determines the length of the 0x3c70 type 0x6c69, handling the message alone, but still has an impact on its own private protocol processing.
Why is this length and type look at the diagram:
Solution 3: handle 843 ports separately on service applications, and split the services from other applications:
Note:
1 mina2.x compared to 1.x more efficient, abandoned the original Btyebuffer, wrote a new Iobuffer, for the following reasons:
It doesn ' t provide useful getters and putters such as fill, get/putstring, and Get/putasciiint () enough.
It is difficult to write variable-length the data due to its fixed capacity
2 Demux under the Demuxingprotocolcodecfactory and Messagedecoder functions more perfect, decodable judge whether can parse the data, decode parse the actual data, in handling the private agreement is simpler
3 FLASH10 Socket Class New Add Timeout property indicates the number of milliseconds to wait when establishing a connection