Flash Security Policy Solutions

Source: Internet
Author: User
Tags http request socket

A lot of people in the process of dealing with security policy problems, I also summed up some experience for your reference. In Flash Player 9.0.124.0 and later versions, the socket policy file is required for any socket connection. That is, a socket policy file is required on the target host regardless of which port is connected, even if the port on the same host that provides the SWF file is connected. Connection steps:

0. The file system does not request policy files, whether below or above 1024 ports, that are not requested on a network basis.
1. first send a null-terminated <policy-file-request/> message, check the server 843 port for Security policy files, the policy file format is:
<cross-domain-policy>
<allow-access-from domain= "*" to-ports= "80-9000"/>
</cross-domain-policy>
When the policy file is sent back, it is necessary to end with 0, if the 843 port in 3 seconds did not request to the policy file or the To-ports configured port does not allow links, then break the link throw securityerror, this is the Flash initiative.
2. If your client socket or Xmlsocket connection is set Security.loadpolicyfile ("xmlsocket://Service Address: Application Port"), connect your application target port to request security policy files. Requests and responses are not set as above, and are not requested. The request was made before the Connect was invoked.
3. If you are HTTP request way to set Security.loadpolicyfile ("http://Service Address/crossdomain.xml "), crossdomain.xml the contents of the file as above, placed in the site root directory on the line. For example, Mop'sHttp://www.mop.com/crossdomain.xml

Solution 1: use Adobe official files directly on the server's 843 port to establish a service, so the fastest response, but for the deployment of the application is a problemhttp://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

Solution 2: The client must add Security.loadpolicyfile ("xmlsocket://Service Address: Application Port"), handle on the private protocol on the server application port, the general protocol is length + type + data, This determines the length of the 0x3c70 type 0x6c69, handling the message alone, but still has an impact on its own private protocol processing.
Why is this length and type look at the diagram:



Solution 3: handle 843 ports separately on service applications, and split the services from other applications:

  1. //Security Policy Services
  2. Public void startpolicyserver () throws ioexception{
  3. Ioacceptor acceptor = New   Niosocketacceptor ();
  4. Acceptor.sethandler (new Policyserverhandler ());
  5. Acceptor.bind ( new inetsocketaddress (843));
  6. System.out.println ("Security Policy Service Listening port: 843");
  7. }   
  8. //Other application services   
  9. ..................   
  10. ..................   
  11.   
  12.   
  13. //individual security policy processor
  14. Public class policyserverhandler extends iohandleradapter {
  15. //22 bytes +0 for 1 bytes
  16. String security_quest = "<policy-file-request/>";
  17. //End with 0
  18. String policystr = "<cross-domain-policy>rn<allow-access-from   To-ports= ' "80-9000" ' domain= ' "*" "/>rn </cross-domain-policy>rn";
  19. private final Logger log = Logger.getlogger (Policyserverhandler. class   . GetName ());
  20.        
  21. public void Messagereceived (iosession session, object< /c22> message )
  22. throws Exception {
  23. Iobuffer processbuf = (iobuffer) session.getattribute ("Processbuf");
  24. Processbuf.put ((iobuffer) message);
  25. Processbuf.flip ();
  26.                        
  27. if(Getrequest (processbuf)) {
  28. byte[] reps = policystr.getbytes ("UTF-8");
  29. Iobuffer RB = Iobuffer.allocate (reps.length);
  30. rb.put (reps); //There are also putstring methods   
  31. Rb.flip ();
  32. Session.write (RB); //Send back   
  33. Log.info ("Send Policy");
  34.         }   
  35.     }   
  36.        
  37. //Get the security request string
  38. private Boolean getrequest (Iobuffer buf) {
  39. string req = new string(Buf.array ());
  40. if (Req.indexof (security_quest)!=-1) {
  41. return true;
  42.          }   
  43. return false;
  44.     }   
  45. @Override
  46. public void Messagesent (iosession session, Object message ) throws Exception {
  47. Session.close (true);
  48.     }   
  49.   
  50. @Override
  51. public void sessionclosed (Iosession session) throws Exception {
  52. Super. sessionclosed (session);
  53. Session.removeattribute ("Processbuf");
  54.     }   
  55.   
  56. @Override
  57. public void sessioncreated (Iosession session) throws Exception {
  58. Super. sessioncreated (session);
  59. Iobuffer processbuf = iobuffer.allocate (64);
  60. Session.setattribute ("Processbuf", Processbuf);
  61.     }   
  62.   
  63. }


Note:

1 mina2.x compared to 1.x more efficient, abandoned the original Btyebuffer, wrote a new Iobuffer, for the following reasons:
It doesn ' t provide useful getters and putters such as fill, get/putstring, and Get/putasciiint () enough.
It is difficult to write variable-length the data due to its fixed capacity
2 Demux under the Demuxingprotocolcodecfactory and Messagedecoder functions more perfect, decodable judge whether can parse the data, decode parse the actual data, in handling the private agreement is simpler
3 FLASH10 Socket Class New Add Timeout property indicates the number of milliseconds to wait when establishing a connection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.