I think I have solved the problem with SSL offloading and flex data
services. As Bryan said earlier, we're putting this through tests, but they
look very promising and I will share the solution.
The logical communication set up is like this:
client <----https----> SSL Offloading Webserver <-------http-------> App
Server with FDS
As you can see this is quite tricky because you would expect the flash
client to speak the same language as the App Server. But the problem is
that our client needs to speak https and the server needs to speak http. So
my solution was to "fool" each into thinking they are speaking the same
language. In the services-config.xml I forced the compiled swf into
speaking SSL to the offloading server for translation into plain http by
doing this in my channel-definition.
<channel-definition id="my-polling-amf" class="
mx.messaging.channels.SecureAMFChannel">
<endpoint
uri="https://{server.name}:{server.port}/{context.root}/messagebroker/amfpolling";
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>true</polling-enabled>
<polling-interval-seconds>8</polling-interval-seconds>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
Note: The flex class is the secure channel and the endpoint class is the
plain channel while the URI is over https.
I only compiled the swf using this configuration. This is a very important
step.
Now when I deployed the application, I had to change the configuration to
look like this:
<channel-definition id="my-polling-amf" class="
mx.messaging.channels.AMFChannel">
<endpoint
uri="http://{server.name}:{server.port}/{context.root}/messagebroker/amfpolling";
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>true</polling-enabled>
<polling-interval-seconds>8</polling-interval-seconds>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
Notice the https became http and the SecureAMFChannel became AMFChannel.
Keeping these configurations separate is how I "fooled" each piece into
thinking they are speaking the same language. In all actuality, I let the
SSL offloader do the translation.
Another important thing to keep in mind is the SSL issue with the Flash
player and IE. We had to add the add-no-cach-headers node to keep IE and
Flash on speaking terms because the client is receiving encrypted
information.
I hope this helps.
Brandon Alexander
On 2/8/08, Darin Kohles <[EMAIL PROTECTED]> wrote:
>
> I'm not familiar with Charles (http://www.xk72.com/charles/), but I
> imagine it has similar features to ServiceCapture
> (http://kevinlangdon.com/serviceCapture/). Another good resource for
> development is XRay (http://osflash.org/xray).
>
> I'm downloading Charles now, and I'll post my impressions.
>
> On Feb 8, 2008 9:53 AM, Fox, Andrew J <[EMAIL PROTECTED]> wrote:
> > We're having a similar problem - I think. I've never heard of Charles,
> is
> > it a tool for Flex developers, or more for use by system admins?
> >
> > Looking forward to the solution that sounded promising in the related
> post!
> >
> > --
> > Andy Fox
> > Systems Analyst III
> > Georgia Tech OIT-EIS
> > 404-894-4413
> >
> >
> >
> > ----- Original Message -----
> > From: "John Mason" <[EMAIL PROTECTED]>
> > To: [email protected]
> > Sent: Tuesday, February 5, 2008 3:13:21 PM (GMT-0500) America/New_York
> > Subject: RE: [AFFUG Discuss] SSL Offloading and Flex Application
> > Configuration
> >
> >
> > Have you run Charles to see exactly the dialog between the outside world
> and
> > this Flex app? Sounds like the secure channel on the firewall is set
> wrong
> > for flex. Are you using it for other applications? Https?
> >
> >
> > John Mason
> > [EMAIL PROTECTED]
> > 770.337.8363
> >
> > www.FusionLink.com - ColdFusion and Flex hosting
> > Now offering ColdFusion 8 Enterprise hosting
> > FREE Subversion hosting
> >
> > This e-mail message and all attachments transmitted with it may contain
> > legally privileged and/or confidential information intended solely for
> the
> > use of the addressee(s). If the reader of this message is not the
> intended
> > recipient, you are hereby notified that any reading, dissemination,
> > distribution, copying, forwarding or other use of this message or its
> > attachments is strictly prohibited. If you have received this message in
> > error, please notify the sender immediately and delete this message and
> all
> > copies and backups thereof.
> >
> >
> >
> > ________________________________
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Tidd
> > Sent: Tuesday, February 05, 2008 11:24 AM
> > To: [email protected]
> > Subject: [AFFUG Discuss] SSL Offloading and Flex Application
> Configuration
> >
> >
> >
> > Has anyone had experience with SSL offloading technology and Flex
> > application configuration?
> > I have an application that is accessed from the Internet via https, SSL
> os
> > offloaded at the Firewall and http traffic goes to the application
> server of
> > the Flex application.
> > I have AMF and AMF secure, http and http secure, and AMF polling
> configured.
> > It works fine on the intranet, but I get a 500 error No Channel Defined
> > error from the Internet.
> > This has been quite frustrating so any thoughts would be appreciated.
> Also
> > would consider solicitations for consulting at this point.
> >
> > Thanks
> > Bryan Tidd
> > [EMAIL PROTECTED]
> > 770-595-2516
> >
> >
> > -------------------------------------------------------------
> > To unsubscribe from this list, simply email the list with unsubscribe in
> the
> > subject line
> >
> > For more info, see http://www.affug.com
> > Archive @ http://www.mail-archive.com/discussion%40affug.com/
> > List hosted by FusionLink
> > -------------------------------------------------------------
> > -------------------------------------------------------------
> > To unsubscribe from this list, simply email the list with unsubscribe in
> the
> > subject line
> >
> > For more info, see http://www.affug.com
> > Archive @ http://www.mail-archive.com/discussion%40affug.com/
> > List hosted by FusionLink
> > -------------------------------------------------------------
> >
> >
> >
> >
> > -------------------------------------------------------------
> > To unsubscribe from this list, simply email the list with unsubscribe in
> the
> > subject line
> >
> > For more info, see http://www.affug.com
> > Archive @ http://www.mail-archive.com/discussion%40affug.com/
> > List hosted by FusionLink
> > -------------------------------------------------------------
>
>
> -------------------------------------------------------------
> To unsubscribe from this list, simply email the list with unsubscribe in
> the subject line
>
> For more info, see http://www.affug.com
> Archive @ http://www.mail-archive.com/discussion%40affug.com/
> List hosted by http://www.fusionlink.com
> -------------------------------------------------------------
>
>
>
-------------------------------------------------------------
To unsubscribe from this list, simply email the list with unsubscribe in the
subject line
For more info, see http://www.affug.com
Archive @ http://www.mail-archive.com/discussion%40affug.com/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
