View Full Version : HTTPService Security

03-12-2008, 10:32 PM
I am using the HTTPService class to call a jsp script which talk to my db and returns xml. When I hit the url in a browser I get the xml but when I run the flex app with the same url the swf seems to just hang talking to the server.

I have a resultHandler & faultHandler defined though neither of them are invoked when hitting this url from my swf.

It seems crossdomain.xml is not enough anymore for things like this for and above. All documentation refers to setting up fds and creating a proxy-config.xml in your WEB-INF/flex/ directory.

Do I really need to install fds 2 for this to work?


<service id="proxy-service" class="flex.messaging.services.HTTPProxyService">

<adapter-definition id="java-object"
class="flex.messaging.services.remoting.adapters.JavaAdap ter"

<destination id="defaultHTTP">
<security-constraint ref="privileged-users"/>

It seems to be referencing classes. Do these become available when installing fds 2?

03-12-2008, 10:41 PM
I also have a crossdomain.xml file in the root of the db so if that is suffice.
If I copy the xml response and create a file and place it on another server and call the xml file then it works fine.

03-13-2008, 12:45 AM
well in the flex Getting Started with Flex 2 documentation is claims you do not need a proxy-config.xml file unless you are using FDS 2 (Flex Data Services 2 aka LiveCycle ES). The crossdomain.xml should be fine.

I am currently explicitly loading in the crossdomain.xml file on initial load of the swf. My current file looks like so.


<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<allow-access-from domain="*" to-ports="*" secure="false"/>

I will change the values once the project goes to production. Just need to know if the format is correct or not?