<SERVICE> <ID>PolicyFileService</ID> <CLASSNAME>org.moock.unity.opt.policyserver.PolicyServer</CLASSNAME> <ATTRIBUTES> <PORT>9102</PORT> <POLICY_FILE>policy.xml</POLICY_FILE> </ATTRIBUTES> </SERVICE>In the above <SERVICE> tag:
<cross-domain-policy> <allow-access-from domain="hostname_or_ip" to-ports="port_list"/> </cross-domain-policy>
hostname_or_ip specifies domains that may connect to the server, and
port_list specifies ports to which Flash clients are allowed to connect. Multple <allow-access-from> tags are permitted, as are wildcards, multiple ports (n1, n2, n3), or port ranges (n-n1). The following policy file demonstrates various ways of formatting an <allow-access-from> tag:
<cross-domain-policy> <allow-access-from domain="*" to-ports="507" /> <allow-access-from domain="*.foo.com" to-ports="507,516" /> <allow-access-from domain="*.bar.com" to-ports="516-523" /> <allow-access-from domain="www.foo.com" to-ports="507,516-523" /> <allow-access-from domain="www.bar.com" to-ports="*" /> </cross-domain-policy>
Note that the Flash Player can only connect to a port under 1024 if the policy file itself is served over a port under 1024.
Unity's Policy File Server reads the policy.xml file from disk each time it is requested. Hence, it is possible to change the contents of the policy.xml file at runtime, without restarting Unity.
The Flash Player will not retrieve policy files over any of the following ports:
22 (SSH) 25 (SMTP) 37 (time) 43 (WHOIS) 53 (DNS) 88 (kerberos) 111 (portmap) 113 (ident) 137-139 (windows networking) 143 (IMAP) 161-162 (SNMP) 389 (LDAP) 465 (SMTPS) 500 (ISAKMP) 535 (IIOP) 546-547 (DHCP) 636 (LDAPS) 749-754 (kerberos 4)
For information on connecting to a policy file with UClient for Macromedia Flash, see the UClient constructor and UClient.setServer() method in the uClientCore API documentation.
To test both Unity 2 Multiuser Server and the Policy File Server, it is possible to telnet to the ports on which they are running. After a successful connection to Unity 2 Multiuser Server, an XML tag containing a client id is returned. After a successful connection to the Policy File Server, a policy file is returned. If either server does not return any content after connection, it is not running correctly. See the server log for troubleshooting help. If both servers return the expected content, but a Flash movie cannot connect, then the movie is not configured correctly or the Flash Player version is too old (i.e., prior to version 220.127.116.11). See the client-side log for troubleshooting help.
For more information on Macromedia Flash policy files, see Macromedia's Flash Player 7 Release Notes.