|
|
If you've done any Web Service programming in Flash MX Pro then you've most likely run into situations where you're accessing Web Services that don't reside on the same domain as your .swf file. Assuming you have administrative access to the server that hosts the Web Services, you'll need to deploy a crossdomain.xml file which gives access rights to certain specific Flash clients. This file needs to reside in your wwwroot so that the Flash player can check the access rights and determine whether or not the .swf file can access the services. For example, in our development environment at work we allow all clients to have access to the Web Services and the crossdomain.xml file looks like:
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
So if you're accessing a Web Service at
http://devserver:8080/axis/services/TestService?wsdl, then the crossdomain.xml file will need to exist at http://devserver:8080/crossdomain.xml.
Okay so that works great but the problem we ran into was accessing these services over SSL. It's not complicated at all once you know what to do, which generally takes the most time to figure out. In our quest for answers we found out the accessing Web Services over SSL is simple as long as you modify your crossdomain.xml file to look like:
<cross-domain-policy>
<allow-access-from domain="*" secure="true"/>
</cross-domain-policy>
The secure attribute needs to be set to true if the Flash client is being served over a secure connection, this is the default if the attribute isn't specified (as in the first snippet). If you want to access the secure services but aren't serving the client over a secure connection then you'll need to set secure="false". In most situations I would highly recommend serving the Flash client over SSL if you're accessing Web Services. If you don't, the nice security icon doesn't display in the browser and you might have users questioning whether or not their transactions are secure.
One last note, if the SSL cert is self-signed or not from a trusted authority then the WS call will fall. This holds true even when accessing the secure Web Service through the IDE, which was a huge suprise to me. I'll be doing more investigation of this issue but that's it for now.
Posted by dennis baldwin at July 26, 2004 09:53 PM