So, the latest versions of Flash 9.0.115.0 and 9.0.124.0 are much more strict about which sockets you are allowed to connect to. Openfire is configured to serve a policy file on a separate port (5229) than the client port (5222). This works fine, except for some of our users behind strict firewalls do not have port 5229 open, as it is not very common.
This patch allows openfire to recognize a cross-domain policy request in the form of a "policy-file-request" and automatically serve up a cross-domain policy which allows flash to connect to the client port. After the policy is sent, the connection is closed.
I hope this can be accepted into trunk, as it really is a pain to require our users to open two ports in their firewall just to be able to connect. The simple change is inside StanzaHandler.java, at the top of the process function:
public void process(String stanza, XMPPPacketReader reader) throws Exception {
boolean initialStream = stanza.startsWith("<stream:stream") || stanza.startsWith("></stream:stream>" ) ){
& nbsp; String crossDomainText = FlashCrossDomainHandler.CROSS_DOMAIN_TEXT +
& nbsp; XMPPServer.getInstance().getConnectionManager().getClientListenerPort() +
& nbsp; FlashCrossDomainHandler.CROSS_DOMAIN_END_TEXT + '\0';
& nbsp; connection.deliverRawText( crossDomainText );
& nbsp; return;
& nbsp; } else {
& nbsp; // Ignore <?xml version="1.0"?>
& nbsp; return;
& nbsp; }
}
With this code in place, I can remove the call to System.security.loadPolicyFile("xmlsocket://" + address + ":5229" ) which is currently required.
Here is the output from the flash debugger, which shows that the strict policy rules are being followed properly:
OK: Policy file accepted: xmlsocket://localhost:5222
OK: Request for resource at xmlsocket://localhost:5222 by requestor from http://localhost:3000/flash/chat.swf
I hope this is helpful to others, it is really a lifesaver for us.
Message was edited by: BenV
