Re: [Laszlo-user] unable to refer to a jsp on the FMS applicationfrom the swf on the web server

[Max Carlson]

I'm pretty sure it's a security issue.  From the Flash 9 security 
whitepaper:
The URL policy file is located, by default, in the root directory of the target 
server, with the name crossdomain.xml (for example, at 
www.example.com/crossdomain.xml). Flash application developers can specify 
another location by calling the ActionScript loadPolicyFile() method. The URL 
policy file located in the root directory is referred to as the master policy 
file.
The scope of the permissions defined in a URL policy file includes all 
resources within the directory and within nested subdirectories. Policy files 
are only able to grant access to a resource; they cannot restrict access. The 
search order of the policy files does not need to be well-defined, because 
there is no precedence among them. If a resource is within the scope of more 
than one policy file, any one of the policy files may grant access.
Note: There are two distinct (basically unrelated) controls that apply to 
cross-domain actions that might be confused: URL policy files (covered here) 
are managed by domain administrators to allow network access to data; the 
ActionScript allowDomain() method is specified by authors to allow client-side 
cross-domain scripting (see “Developer controls” on page 33).
When a domain is specified in a URL policy file, the site declares that it is willing to 
allow the operators of any servers in that domain to obtain any document on the server 
where the policy file resides. Often this is the effect that you want. For example, if a 
site serves only public documents from a particular server, the site should have no 
qualms about who can obtain documents on that server, because anyone can simply visit the 
server and download files that they want. In this situation, it is safe to open the 
server to all domains (use of a single asterisk "*" as a pure wildcard is 
supported):
<cross-domain-policy> <allow-access-from domain="*" />
</cross-domain-policy>

Let me know how it goes!

Regards,
Max Carlson
OpenLaszlo.org

On 5/10/10 10:06 AM, cem sonmez wrote:
using in oninit of the canvas :
flash.system.Security.allowDomain("*");

I am not sure if it is a cross-domain issue.
Maybe someone point me where should have have a look.
Regards


2010/5/10 Peter Brand <peter.br...@eines-alles-nichts.org
<mailto:peter.br...@eines-alles-nichts.org>>

    Could it be a cross-domain problem?
    Sorry, if this is a silly thought

    ------------------------------------------------------------------------
    *From:* laszlo-user-boun...@openlaszlo.org
    <mailto:laszlo-user-boun...@openlaszlo.org>
    [mailto:laszlo-user-boun...@openlaszlo.org
    <mailto:laszlo-user-boun...@openlaszlo.org>] *On Behalf Of *cem sonmez
    *Sent:* Monday, May 10, 2010 4:17 PM
    *To:* Raju Bitter
    *Cc:* laszlo-user@openlaszlo.org <mailto:laszlo-user@openlaszlo.org>
    *Subject:* Re: [Laszlo-user] unable to refer to a jsp on the FMS
    applicationfrom the swf on the web server

    I looked at the HTTP headers but for the 4. case, there is not any
    response header when the expected action performed.
    Everything seems fine for the first three case. I can see the xml
    content that is coming from jsp clearly.
    Do you have any idea about that?
    Thanks

    2010/5/10 Raju Bitter <r.bitter.mailingli...@googlemail.com
    <mailto:r.bitter.mailingli...@googlemail.com>>

        Did you look into the HTTP response headers? What are you seeing
        there?


        On Mon, May 10, 2010 at 2:37 PM, cem sonmez
        <cemoson...@gmail.com <mailto:cemoson...@gmail.com>> wrote:

            Hi all
            I am not sure that if this is an openlaszlo issue. But
            anyway, someone here may help me to work out this problem.

            At first, the following problem just occurs if I deploy the
            swf application on the web server and run the application on
            the web.
            There is a red5 server application and at the openlaszlo
            side, one local dataset refers to a JSP on the server
            application and gets a xml result.
            Then a grid uses this dataset as the datapath.

            <dataset name="dset" id="dset" type="http" querytype="POST"
            src="http://server-static-ipv4-address:5080/fi6en/myjsp.jsp";
            autorequest="true"/>
            <grid name="videoGrid"
            datapath="local:classroot.dset:/videos"
            contentdatapath="video" />

            [1]- When I run the lzx on the browser like :
            
http://localhost:8080/lps-4.7.2/workspace-laszlo/client/fi6en.lzx?lzr=swf10&debug=true
            
<http://localhost:8080/lps-4.7.2/workspace-laszlo/client/fi6en.lzx?lzr=swf10&debug=true>
            Dataset gets the xml with no problem. OK
            [2]- When I run the swf which has been generated by using
            "solo deploy" of openlaszlo developer console, like
            file:///home/cem/Desktop/client/fi6en.lzx.swf10.swf
            Dataset gets the xml with no problem. OK
            [3]- When I run the application on localhost without
            changing nothing on [2], like
            http://localhost/client/fi6en.lzx.swf10.swf
            Dataset gets the xml with no problem. OK

            [4]- When I run the application on the web without changing
            nothing on [2], like
            http://fi6en.comu.edu.tr/client/fi6en.lzx.swf10.swf
            *Dataset can not get the xml from jsp. FAILS*
            I get no errors on the server application console.

            Even I canT reason anything, got stuck here.
            Did any of you faced such like problem before?
            Thanks
            Kind regards

            --
            Cem SONMEZ





    --
    Cem SONMEZ




--
Cem SONMEZ