RE: [flexcoders] Re: Flex SSL over AMF with ColdFusion services-config.xml
In /WEB-INF/flex/remoting-config.xml, you can either set the default channel to be just my-secure-cfamf, or explicity configure the channels on the in question. If you set the RO channelSet property it will use that ChannelSet to connect rather than the configuration (in fact, you can stop specifying -services command line configuration argument if you manually create your own ChannelSets for RemoteObject based apps) - just make sure you only assign one channel in the channelset and then use this simplified scenario to debug what the problem is (rather than complicating it with failover URLs etc). One thing you may have to do is check if it's a problem only in MSIE. If it is, you may be running into the known issue with HTTPS responses that contain no-cache headers. You seem to have the correct property set to false in your secure channel-definition, but that's not a guarantee that something else is not adding this header, such as another filter upstream or even your webserver. You should use a client side HTTP Sniffer such as Paros Proxy with MSIE which will allow you to see your HTTPS responses decrypted to check raw header information. Also watch out for known issues with MSIE and chunked encoded + gzip compressed responses over SSL as this will also fail. Finally, if you find that it's an issue with Firefox only... there is one obscure but known issue with this platform. If your SWF is hosted somewhere other than the CF server, then a crossdomain.xml is probably being requested first before your connection is made (due to sandbox security requirements of the Flash Player in the browser). If this request for crossdomain.xml is challenged for HTTP Basic credentials over an SSL connection that contains a port then it may just fail silently.
RE: [flexcoders] Re: Flex SSL over AMF with ColdFusion services-config.xml
If you use Flex Builder in debug mode then the Console panel will show trace output. However, if you're using a debug Flash Player plugin in a browser (or the debug standalone Flash Player), then so long as you have setup a mm.cfg file in your user directory, the flashlog.txt file will appear in the predefined log location. For windows, mm.cfg would likely need to be setup in C:\Documents and Settings\yourusername\mm.cfg ...and specify: ErrorReportingEnable=1 TraceOutputFileEnable=1 Then trace output will appear in: C:\Documents and Settings\yourusername\Application Data\Macromedia\Flash Player\Logs\flashlog.txt On windows I use tail.exe from cygwin to monitor the file. -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of nasawebguy Sent: Thursday, January 03, 2008 10:34 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Flex SSL over AMF with ColdFusion services-config.xml Thanks Peter. My assumption was that if I'm loading via https, the secure channel would be used. If not, the unsecure channel would be used. I can try the TraceTarget, but where is the flashlog located? Don --- In flexcoders@yahoogroups.com, "Peter Farland" <[EMAIL PROTECTED]> wrote: > > > If you're loading your SWF via HTTPS then you should be able to make > secure connections from the Flash Player. As for the right channel > being automatically selected, it depends on whether channel failover > happens correctly. I didn't see a destination configuration below, but > if the snippet represents the list of channels for your > destination, then I believe it will try to connect using the > SecureAMFChannel first and fall back to the AMFChannel on failing. > While this might be useful in development, I wouldn't suggest it for > deployment - especially if you really do have a requirement to connect to a secure endpoint. > > Can you add to your MXML, recompile, and then debug > or look at flashlog.txt for more information about what might be going > wrong in the channel connection phase? > > > > > > > > > -Original Message- > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] > On Behalf Of nasawebguy > Sent: Wednesday, January 02, 2008 8:45 PM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Flex SSL over AMF with ColdFusion > services-config.xml > > When I use smartsniff/Charles, my remoteObject content is not > encrypted/https/port 443. IE/Firefox shows SSL to the user, eventhough > the data is NOT actually encrypted over AMF! > > Below is my services-config.xml file and remoteObject code snips. > > I've been researching this all day with no clear solution. As I > understand it so far, I should be able to use two channels in my > ColdFusion destination and the correct channel would be used > automatically. Not the case. I need https pages to use SSL and http > pages to not. > > I tried splitting them up into two destinations, "ColdFusion" and > "ColdFusionSecure", in the same services-config, but I keep getting > errors that ColdFusionSecure cannot be found, when it is used at the > remoteObject destination. > > I'd appreciate any suggestions. > > Thanks, > Don > > > > > > > > class="mx.messaging.channels.AMFChannel"> > uri="http://{server.name}:{server.port}/flex2gateway/"; > class="flex.messaging.endpoints.AMFEndpoint"/> > > > false > > false > > > > > class="mx.messaging.channels.SecureAMFChannel"> > uri="https://{server.name}:{server.port}/flex2gateway/"; > class="flex.messaging.endpoints.SecureAMFEndpoint"/> > > > > false > false > > false > > > > > >id="cfdata" showBusyCursor="true" > destination="ColdFusion" source="flex.secure.send"> > result="sendUpdate_Result(event)" > fault="sendUpdate_Fault(event)" /> > > > > > -- > Flexcoders Mailing List > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > Search Archives: > http://www.mail-archive.com/flexcoders%40yahoogroups.com > Yahoo! Groups Links > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links
RE: [flexcoders] Re: Flex SSL over AMF with ColdFusion services-config.xml
If your destination refers to both a secure and non secure channel in that order, and the non secure channel is being used, and you're not specifying an endpoint property on the tag, that sounds like failover is working? To confirm, you could use as I described and then check the flashlog.txt. From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Thursday, January 03, 2008 11:14 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Flex SSL over AMF with ColdFusion services-config.xml Not the case in my experience. If the swf is loaded over SSL and AMF is not setup for SSL in CF land, AMF will go over non-SSL. Peter, FWIW, I never got this supposed failover to work, maybe others have by now dunno. I manually setup AMFChannel to use SSL in production environments. Note that you have to compile your swf against the proper services-config to do this. What I did was have a services-config for dev, staging, and production environments and had my build scripts use the proper one. YMMV. DK On Jan 3, 2008 10:34 AM, nasawebguy <[EMAIL PROTECTED]> wrote: Thanks Peter. My assumption was that if I'm loading via https, the secure channel would be used. If not, the unsecure channel would be used. I can try the TraceTarget, but where is the flashlog located? Don --- In flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> , "Peter Farland" <[EMAIL PROTECTED]> wrote: > > > If you're loading your SWF via HTTPS then you should be able to make > secure connections from the Flash Player. As for the right channel being > automatically selected, it depends on whether channel failover happens > correctly. I didn't see a destination configuration below, but if the > snippet represents the list of channels for your destination, > then I believe it will try to connect using the SecureAMFChannel first > and fall back to the AMFChannel on failing. While this might be useful > in development, I wouldn't suggest it for deployment - especially if you > really do have a requirement to connect to a secure endpoint. > > Can you add to your MXML, recompile, and then debug > or look at flashlog.txt for more information about what might be going > wrong in the channel connection phase? > > > > > > > > > -Original Message- > From: flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> [mailto:flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> ] On > Behalf Of nasawebguy > Sent: Wednesday, January 02, 2008 8:45 PM > To: flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> > Subject: [flexcoders] Flex SSL over AMF with ColdFusion > services-config.xml > > When I use smartsniff/Charles, my remoteObject content is not > encrypted/https/port 443. IE/Firefox shows SSL to the user, eventhough > the data is NOT actually encrypted over AMF! > > Below is my services-config.xml file and remoteObject code snips. > > I've been researching this all day with no clear solution. As I > understand it so far, I should be able to use two channels in my > ColdFusion destination and the correct channel would be used > automatically. Not the case. I need https pages to use SSL and http > pages to not. > > I tried splitting them up into two destinations, "ColdFusion" and > "ColdFusionSecure", in the same services-config, but I keep getting > errors that ColdFusionSecure cannot be found, when it is used at the > remoteObject destination. > > I'd appreciate any suggestions. > > Thanks, > Don > > > > > > > > class="mx.messaging.channels.AMFChannel"> > uri="http://{server.name}:{server.port}/flex2gateway/"; > class="flex.messaging.endpoints.AMFEndpoint"/> > > > false > > false > > > > > class="mx.messaging.channels.SecureAMFChannel"> > uri="https://{server.name}:{server.port}/flex2gateway/"; > class="
Re: [flexcoders] Re: Flex SSL over AMF with ColdFusion services-config.xml
Not the case in my experience. If the swf is loaded over SSL and AMF is not setup for SSL in CF land, AMF will go over non-SSL. Peter, FWIW, I never got this supposed failover to work, maybe others have by now dunno. I manually setup AMFChannel to use SSL in production environments. Note that you have to compile your swf against the proper services-config to do this. What I did was have a services-config for dev, staging, and production environments and had my build scripts use the proper one. YMMV. DK On Jan 3, 2008 10:34 AM, nasawebguy <[EMAIL PROTECTED]> wrote: > Thanks Peter. My assumption was that if I'm loading via https, the > secure channel would be used. If not, the unsecure channel would be used. > > I can try the TraceTarget, but where is the flashlog located? > > Don > > > --- In flexcoders@yahoogroups.com , "Peter > Farland" <[EMAIL PROTECTED]> wrote: > > > > > > If you're loading your SWF via HTTPS then you should be able to make > > secure connections from the Flash Player. As for the right channel being > > automatically selected, it depends on whether channel failover happens > > correctly. I didn't see a destination configuration below, but if the > > snippet represents the list of channels for your destination, > > then I believe it will try to connect using the SecureAMFChannel first > > and fall back to the AMFChannel on failing. While this might be useful > > in development, I wouldn't suggest it for deployment - especially if you > > really do have a requirement to connect to a secure endpoint. > > > > Can you add to your MXML, recompile, and then debug > > or look at flashlog.txt for more information about what might be going > > wrong in the channel connection phase? > > > > > > > > > > > > > > > > > > -Original Message- > > From: flexcoders@yahoogroups.com [mailto: > flexcoders@yahoogroups.com ] On > > Behalf Of nasawebguy > > Sent: Wednesday, January 02, 2008 8:45 PM > > To: flexcoders@yahoogroups.com > > Subject: [flexcoders] Flex SSL over AMF with ColdFusion > > services-config.xml > > > > When I use smartsniff/Charles, my remoteObject content is not > > encrypted/https/port 443. IE/Firefox shows SSL to the user, eventhough > > the data is NOT actually encrypted over AMF! > > > > Below is my services-config.xml file and remoteObject code snips. > > > > I've been researching this all day with no clear solution. As I > > understand it so far, I should be able to use two channels in my > > ColdFusion destination and the correct channel would be used > > automatically. Not the case. I need https pages to use SSL and http > > pages to not. > > > > I tried splitting them up into two destinations, "ColdFusion" and > > "ColdFusionSecure", in the same services-config, but I keep getting > > errors that ColdFusionSecure cannot be found, when it is used at the > > remoteObject destination. > > > > I'd appreciate any suggestions. > > > > Thanks, > > Don > > > > > > > > > > > > > > > > > class="mx.messaging.channels.AMFChannel"> > > > uri="http://{server.name}:{server.port}/flex2gateway/"; > > class="flex.messaging.endpoints.AMFEndpoint"/> > > > > > > false > > > > false > > > > > > > > > > > class="mx.messaging.channels.SecureAMFChannel"> > > > uri="https://{server.name}:{server.port}/flex2gateway/"; > > class="flex.messaging.endpoints.SecureAMFEndpoint"/> > > > > > > > > false > > false > > > > false > > > > > > > > > > > > > id="cfdata" showBusyCursor="true" > > destination="ColdFusion" source="flex.secure.send"> > > > result="sendUpdate_Result(event)" > > fault="sendUpdate_Fault(event)" /> > > > > > > > > > > -- > > Flexcoders Mailing List > > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > > Search Archives: > > http://www.mail-archive.com/flexcoders%40yahoogroups.com > > Yahoo! Groups Links > > > > > -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it?