About policy files

Similar Messages

• Doubts about Policy File Creation....please help me....

  I already reach a applet<-> servlet<->DB communication since my own pc i can access to it....indicating http://localhost:8088/name_file.html o http://localhost:8088/name_file.jsp in the browser.
  Now according with:
  http://developer.java.sun.com/developer/onlineTraining/Programming/BasicJava1/dba.html
  I already created a file that contains:
  grant {
  permission java.net.SocketPermission "developer",
  "resolve";
  permission java.net.SocketPermission
  "172.21.2.195:1521", "connect,resolve";
  I named it like:
  DbaApplPol.policy
  Now....is correct it?....ie, the file have to be saved with extension ".policy"?
  Also, how can i specify or indicate in the browser that the file *.html o *.jsp uses the "file DbaApplPol.policy"?, ie, what additional thing i have to place together with:
  http://localhost:8088/name_file.html o http://localhost:8088/name_file.jsp in the browser.
  On other hand.....doing it...any other different pc (including the mine), could to have access to my applet<-> servlet<->DB program?
  Thanks in advance...
  Mary

  Thanks by answering to me....i really appreciate it....thanks...
  Well....i already did the change in 1 and 2....
  I'm using Tomcat 4.0.3, Windows 2000, jdk 1.3
  1) I placed dbaapplpol.policy in:
  C:\Jakarta-Tomcat-4.0.3\conf\DbaApplPol.policy
  2) And i modified the java.security file in the following directory:
  C:\Program Files\Java\j2re1.3\lib\security\java.security
  with the following:
  policy.url.1=file:${java.home}/lib/security/java.policy
  policy.url.2=file:${user.home}/.java.policy
  policy.url.3=http://172.21.2.195:8088/DbaApplPol.policy
  Could you tell me if i have to do something more...Do i have to restart my computer? or something like that, because i obtain the following runtime exception:
  java.security.AccessControlException: access denied (java.net.SocketPermission localhost:8088 connect,resolve)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkConnect(Unknown Source)
       at sun.plugin.net.protocol.http.HttpURLConnection.checkPermission(Unknown Source)
       at sun.plugin.net.protocol.http.HttpURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
       at j13_a.make_servlet_connection(j13_a.java:129)
       at j13_a.Llenado_Valores_Region(j13_a.java:353)
       at j13_a.init(j13_a.java:99)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Any suggestion?....
  Thanks...
  Mary

• Help needed about HTTPS and policy files !!

  Hi everyone,
  my Web Start application crashes with a SSLPeerUnverifiedException when I
  try to connect to the server with HTTPClient :
  // proxy settings
  HTTPConnection.setProxyServer(ipProxy, portProxy);
  // connection
  HTTPConnection con = new HTTPConnection("https", serverName, -1);
  // Post (then there is a SSLPeerUnverifiedException....)
  HTTPResponse rsp = con.Post("/myurl.jsp, toSend, ct_hdr);
  My application runs in a secure environnement configured by the javaws.policy :
  grant codeBase "file:${jnlpx.home}/javaws.jar" {
  permission java.security.AllPermission;
  and the ${user.home}.java.policy (shared by another application, an applet I think) :
  keystore "file:${user.home}/xxxxxxxxxxxxxxxxxxxxx.p7c";
  grant codebase "https://xxxxxxxxxxxxxxx/-" signedby "xxxxxxxxxx" {
  permission java.lang.RuntimePermission "usePolicy";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "setIO";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "stopThread";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.provider";
  permission java.lang.RuntimePermission "loadLibrary.*";
  permission java.security.SecurityPermission "insertProvider.SUN";
  permission java.security.SecurityPermission "insertProvider.JCRYPTO";
  permission java.security.SecurityPermission "insertProvider.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "putProviderProperty.JCRYPTO";
  permission java.security.SecurityPermission "putProviderProperty.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "removeProviderProperty.JCRYPTO";
  permission java.security.SecurityPermission "removeProvider.JCRYPTO";
  permission java.security.SecurityPermission "removeProvider.JCRYPTO_PKCS11";
  permission java.security.SecurityPermission "removeProvider.SUN";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.io.FilePermission "<<ALL FILES>>", "write,read,delete";
  permission java.net.NetPermission "specifyStreamHandler";
  permission java.net.SocketPermission "localhost:1024-", "listen";
  permission java.net.SocketPermission "*", "connect,accept,listen,resolve";
  permission java.awt.AWTPermission "accessClipboard";
  permission java.lang.RuntimePermission "queuePrintJob";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
  grant codebase "file:/myApplication/-" {
  permission java.security.AllPermission;
  In this file (.java.policy) when I replace "codebase "https://xxxxxxxxxxxxxxx/-""
  by "codebase "http://xxxxxxxxxxxxxxx/-"" everything works fine !! It's very very
  very very strange...
  my application is launched by Web Start 1.2 and use JRE 1.4.1
  Any ideas ? Please, I become crazy...

  In this file (.java.policy) when I replace "codebase
  "https://xxxxxxxxxxxxxxx/-""
  by "codebase "http://xxxxxxxxxxxxxxx/-"" everything
  works fine !! I am not so sure that a code source cares for whether the resource is downloaded with s-http or normal http. Is the distinction important for the policy file?
  You could go digging in the RFC that describes what a URL is (because that is what the code source is).
  Also you could switch on a nice flag in you server environment that output information if security things go wrong: -Djava.security.debug=failure
  In the output you should see from where your code is loaded. If it says http and not https, then that is what should appear in your policy file.

• How to use a custum permission in the .policy file

  Hi,
  I am stuck with the problem of having a custum permission that extands java.security.BasicPermission.
  I really want this permission to be checked from my .policy file, but when I try to include its location : c:\java_project\server\SpecialPolicy.class
  it pops a message that file is not found. I have tried dots, different slashes (back and forward) and still have no luck. I need this custum permission to be checked so that I can allow special access from a certain codebase so that say if I try a dangerous method I can just simply check in the code;
  this.getSecurityManager.checkPermission(new SpecialPermission("lol"));
  Also I need a paramater option, but I cant think of any since its not a FilePermission that takes a name and attributes (read, write..) what does BasicPermission take and if I extend it what attribute should I pass in. I dont really care about how this permission works, i just use it to restrict access to a certain functions in code that are ran from specific codeBAse.
  Please dont ask why I need this :)
  Thanks in advance, the documentation on how to add custum policies is simply NOT THERE. thus I have to bug people around.

  Hi
  If you just have to add another permission it is easy.
  Create a class extending the BasicPermission. Have an entry into
  the policy file like
  grant <Principal> {
  permission <CumstomPermission> "lol"
  }that should be all. If you do have a specific Principal, please
  do not forget to add the Principal to the relevant Subject after login.
  cheers
  Projyal

• Load XML file from addon domain without cross-domain Policy file

  Hello.
  Assuming that there are two addon domains on the same server: /public_html/domain1.com       and      /public_html/domain2.com
  I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
  So the idea is to use php file in order to load XML and read it back to flash.
  I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
  Here are the AS3/PHP scripts:
  AS3 (.swf in www.domain1.com):
  // location of the xml that you would like to load, full http address
  var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
  // location of the php xml grabber file, in relation to the .swf
  var phpLoc:String = "loadXML.php";
  var xml:XML;
  var loader:URLLoader = new URLLoader();
  var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
  loader.addEventListener(Event.COMPLETE, onXMLLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
  loader.load(request);
  function onIOErrorHandler(e:IOErrorEvent):void {
      trace("There was an error with the xml file "+e);
  function onXMLLoaded(e:Event):void {
      trace("the rss feed has been loaded");
      xml = new XML(loader.data);
      // set to string, since it is passed back from php as an object
      xml = XML(xml.toString());
      xml_txt.text = xml;
  PHP (loadXML.php in www.domain1.com):
  <?php
  header("Content-type: text/xml");
  $location = "";
  if(isset($_GET["location"])) {
      $location = $_GET["location"];
      $location = urldecode($location);
  $xml_string = getData($location);
  // pass the url encoded vars back to Flash
  echo $xml_string;
  //cURLs a URL and returns it
  function getData($query) {
      // create curl resource
      $ch = curl_init();
      // cURL url
      curl_setopt($ch, CURLOPT_URL, $query);
      //Set some necessary params for using CURL
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     //Execute the curl function, and decode the returned JSON data
      $result = curl_exec($ch);
      return $result;
      // close curl resource to free up system resources
      curl_close($ch);
  ?>

  I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
  So I wrote my own script - this time I used file path instead of http address of the XML file.  It works fine in my case.
  Here it is:
  XML file on domain2.com:
  <?xml version="1.0" encoding="UTF-8"?>
  <gallery>
      <image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
      <image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
      <image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
  </gallery>
  swf  on domain1.com:
  var imagesXML:XML;
  var variables:URLVariables = new URLVariables();
  var varURL:URLRequest = new URLRequest("MyPHPfile.php");
  varURL.method = URLRequestMethod.POST;
  varURL.data = variables;
  var MyLoader:URLLoader = new URLLoader;
  MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
  MyLoader.addEventListener(Event.COMPLETE, XMLDone);
  MyLoader.load(varURL);
  function XMLDone(event:Event):void {
      var imported_XML:Object = event.target.data.imported_XML;
      imagesXML = new XML(imported_XML);
     MyTextfield_1.text = imagesXML;
     MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath");  // sample reference to attribute "thumbPath" of the first element
  php file on domain1.com:
  <?php
  $xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml');  // directory to XML file on the same server
  $imported_XML = $xml_file->asXML();
  print "imported_XML=" . $imported_XML;
  ?>
  Regards
  PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed.

• Distributing software with unlimited strength JCE policy files

  I'm about to release some software that uses AES 256-bit encryption. I had to download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" to do this level of encryption. I'd like to distribute my software with a bundled version of the JRE that includes these policy files. The software will be available to download from the Internet for those who pay for the service. Placing it on the Internet is technically an export because it's available to anyone in the world.
  I've talked to the Bureau of Industry and Security and they said I need to file for a classification number (ECCN). Is this necessary if I'm using Sun's software? The JCE has already been through the export approval process so it would make sense if just including it in my software required nothing. I haven't been able to find any information about what to do legally if using the unlimited strength policy files. What laws do I need to know about or comply with to do this? Also, are there any legal ramifications of including the JRE with my software? I'm using a custom jre launcher that lets me bundle whatever jre I want with my software, so I assume it's a common practice, but I'm not sure.
  Any help would be appreciated.

  I posted this question on other sites as well, but never heard any good answers.
  I've had to do some research and I've heard a few different things, but this is what I've learned:
  Software being exported (putting on the Internet is an export) that contains symmetric encryption above 64-bit requires filling out a BIS-748P form. I had to first of all request a PIN and CIN (company id number) from the BIS so that I can access their SNAP-R system which is where you fill out and submit all the paper work (including the BIS-748P) online. I haven't filled that out yet, but once you do they will review your software and classify it with an ECCN number and depending on what if falls under they will require you to obtain a license or license exception. For what I'm doing (and what most probably need this for), a license is not needed. It's simply classified as a type of encryption software and they know who you are and what you're doing with it.
  Until this is filed, the software is under a certain statute as to what you can do with it and there's a lot of legalities behind this entire process that I don't fully understand, but I think filling this paperwork out and talking to those who receive it is a good place to start.
  I'm not a lawyer by any means and I could be missing some details, but this is what I understand about the process. If you learn anything else (or find some of this to be untrue), let me know.

• W7 client machine stuck on startup "Group Policy Files Policy"

  we have some w7 machine getting stuck on boot up before ctrl-alt-del, once verbose message was turned on for troubleshooting, we noticed they were stuck at "applying group policy files policy".
  we had let it wait for more than 60 minutes at time and it would still be stuck. (thou mouse / kb still responsive)
  this problem however, is not re-produceable on demand, if we power off the machine, it boots back up with no issues.
  checking the group policy log, we didn't find anything weird, but was not sure if that's the right place to look thou.
  we do have two group policy preferences pushing out host files as well as desktop shortcuts, might that be the culprit?
  thanks!

  > we do have two group policy preferences pushing out host files as well
  > as desktop shortcuts, might that be the culprit?
  My recommendation: Use Group Policy Preferences as you like, but do NOT
  use the "Files" extension.
  Why? GP Processing at Boot/Logon is a synchronous foreground process
  that cannot be interrupted (as you are already experiencing ;-)).
  Replace GPP Files with a script that runs some robocopy commands. Start
  this script through a scheduled task at boot or logon, so that it can
  run asynchronously in the background, not disturbing the user experience.
  regards, Martin
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

• Import a policy file in java 1.5

  Hi:
  The quesiton I am about to ask might not really relate to java programming...but I have no idea where else I can get help. I am an university student and my school use a online java submission system. In order to hand in my java programs, I need to set up a new policy so that I am able to up load the files. However, school hasn't been able to help people who use java 1.5 to fix the problem. Can somebody kindly help me solve the problem. Thank you for your time.
  here is the policy file which I have no idea where to put it
  grant codeBase "https://www.scs.carleton.ca/raven/-" {
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.util.PropertyPermission "*", "read";
  grant codeBase "https://raven.scs.carleton.ca/-" {
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.util.PropertyPermission "*", "read";
  };

  You can put it anywhere you like.
  Then in the command line where you start the application that needs to use it you do this:java -Djava.security.policy='whereveryouputit' ...Unless the application that needs to use it loads its security policies in some other way.

• Can distribution of a .java.policy file be eliminated

  Sorry for the stupid question, but I'm fairly new to the realm of dealing with Java security...
  I have an applet that I want to deploy worldwide as part of an upgrade to an existing website, but I've run into the following error:
  "Error getting connection to: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.0.101)(PORT=1521)))(CONNECT_DATA=(SID=EKB)(SERVER=DEDICATED))) using oracle.jdbc.driver.OracleDriver
  access denied (java.util.PropertyPermission oracle.jserver.version read)"
  I have managed to figure out that I can eliminate this problem by placing a .java.policy file on all client machines that contain the following:
  "grant {
       permission java.util.PropertyPermission "oracle.jserver.version", "read";
  However, is there any way to eliminate the need to distribute the policy file to those wanting to use the web site's applet? Can it be done somehow within the SSL certificate that I seemingly also have to distribute?
  Any help for this newbee would be appreciated!

  In contrast to what many people say in this forum, it is possible to have an unsigned applet access a database. You don't even have to manipulate the client's policy-file. The requirement is that the database is located on the same machine as the applet is downloaded from.There are however other things that can break this possibility. One is the database-driver itself.
  In the case of Oracle we have tried using different versions of the driver. When using version 8.1.7 or 9.0.1 things work nicely, but when switching to version 9.2 it stops working. There is a question on OTN [1]. Let's see what Oracle has to say about it.
  [1] Problem connecting using Oracle JDBC drivers

• Cross domain policy file and BitmapData

  Hey guys and gals, I'm having an issue with a Security error
  when trying to access photos from an external site. I have a client
  who is at siteA.com, who wants to load in photos from siteB.com,
  siteC.com, and probably 100 other sites. He has permission to do so
  from the other sites, but doesn't want to go through all the
  trouble of asking each site to post a cross-domain policy file.
  Please correct me if I'm wrong, but the way I understand it is, if
  you want to simply load an image into a Loader object within a swf,
  you're ok, but if you want to access the BitmapData, you will then
  get a security error? My snippet of code that I believe is causing
  the security error is
  public function imageLoaded(e:Event):void {
  var image:Bitmap = Bitmap(e.target.loader.content);
  image.smoothing = true;
  imageContainer.addChild(e.target.loader);
  As you can tell, the reason why I want to access the Bitmap
  itself is to apply smoothing. That is my main concern, I want to be
  able to apply smooth transitions to these pictures that are loaded
  in from external sites. My main goal is to load images externally,
  then apply smooth transitions, so if you know of a way to get
  around the security violations, that would be great. The only
  work-around we have for this is to write a script that will load
  all the images from the external sites onto the local server, as
  this will be less work than getting the cross-domain policy file on
  each server (if that's what it takes). Thanks in advance for
  anybody who can shed some light on the subject.

  If I understand you correctly, a 'helper' swf would be on the
  site where the images are held, much like a cross-domain policy
  file? I don't understand how that would be much different than
  getting the external sites to add a cross-domain policy file on
  their server. It sounds easier to just throw the cross-domain
  policy file on the external site's server with '*' for the path of
  allowed directories to load images from. I'm pretty new to the
  cross-domain security issue, so I'm not sure. I don't understand
  why it's a security risk to access the pixels of an image either...
  anybody know about that? Just trying to figure out where to go from
  here on this project. Thanks for the reply GWD, still looking for
  some more feedback.

• Runtime parsing of policy.file - from source

  Hi All
  Decided to post here sinceI did not find any similar topic on forums and googling did not solve this.
  Is there any way to parse polic.file like input at runtime? PolicyTool. PolicyFile are classes that do that but:
  1. all methods are private so it does not give much place to have fun - cant make PolicyFile to read from StringReader for instance.
  2. they make immedaite changes to jvm wide Policy object ? without access to installed code sources.
  The question is is there a way to parse policy.file like data in a way that all goodies from PolicyFile are considered? - I mean keystore, principials, etc etc.
  Or is it perfectly legal to create CodeSource and permissions from what is passed and dont worry about location of keystore or verification of signature?

  You can work-around this by removing the language="java" altogether. The
            default is "java" and I don't expect anything else to be supported for a
            very long time to come!
            "kethidi" <[email protected]> wrote in message
            news:3d5bf557$[email protected]..
            > Parsing of JSP File '/jsp/default.jsp' failed:
            > /jsp/default.jsp(2): page directive language at /jsp/default.jsp:2
            previously defined at /jsp/CheckSession.jsp:1
            > probably occurred due to an error in /jsp/default.jsp line 2:
            > <%@ page language="java" import="com.pmi.mi.MIxmlbean"%>
            >
            >
            > I am getting this error, when I upgrade from weblogic5.1sp10 to
            weblogic7.0. The code is working fine when I use weblogic server 5.1 sp10.
            But it displayed the above error, when we convert to weblogc server 7.0.
            >
            > Thanks,
            > kethidi
            

• Policy files URGENT

  Hello
  I have a question regarding the local and global policy file. The union of these are used, but what will happend if
  - the global policy file allows to write to a file and the local denies this?
  - the local policy file allows to write to a file and the global denies this?
  -the global file allows grants permission to read to a file while the local policy file allows to write AND read this file
  I am a bit confused about the union thing. Seems like the last one will allow both read and writing to the file but the first one seems strange to me. What is the union of allowing something and denying the same?
  As I understand the global and local policy file are equal when it comes to what is beeing granted to code...
  Thanks alot!!! for help.. I have my exam tomorrow and need to know cos Im confused!!

  Well fist of all it is urgent since I have a exam
  tomorrow morning and replies after this doesnt hekp
  me to much.there may be some here that would sympathize with you.
  Also telling me to try my self while sitting on your
  "high horse looking down" mentality is crap. actually, jverds mentality may be quite different that what you percieve.
  I believe from past experience that a much different description would
  describe his mentality and response. I think what i am saying is that
  you jump to conclusions.
  I could
  but I would have to install Java and since Im having
  a teoretical exam this takes time Ill rather spend on
  other material.it would be time well served and MOST likely to be more
  productive than jumping to conclusions.
  I understand perfectly that you dont want to help,with an open mind, you may come to other conclusions
  but coming with statments that takes you longer time
  to write then the answer is plain stupid.not if you understand that suggestions may help you in the long
  run even if they aren't what you expect. graciously accepting help as
  it is given is much better than making demands and lashing out with
  a "help me the way i want to be helped" mentality.
  Just keep
  it to your self. more instructions and suggestions?
  I asked kindly a question that needs
  a yes/no and I cant see the big problem.re-reading this post with an open mind might lead you to a conclusion that
  you would have been better served with a response like.
  Thank you for your help jverd, but currently i have no access to a computer
  with java and since i have an exam tomorrow and did not study when i should
  have, i am in need of more suggestions. Thank you for your patience.
  walker

• Including non-existent permissions in a policy file

  I noticed that if I, in a policy file, specify a permission which implementation is not available to the VM, no error occurs and it seems like the bogus permission is simply ignored.
  I use -Djava.security.manager and -Djava.security.policy=my.policy.
  For example, if I specify a permission that was added in J2SE 5.0 in a policy file used with a J2SE 1.4.2 JVM (from Sun), I get no errors. This is good, since it means that I can use the same policy file for all JVM versions that I have to support. However, I was not able to find anything about this in the documentation.
  Can I trust all compliant JVMs to work like this, or is this specific to Sun's implementations? Is this mentioned in the documentation/spec somewhere?
  Thanks...

  if you want to give read permissions for all the files in conf:
  permission java.io.FilePermission "\\dvp\\conf\\-","read";
  Hope this help!

• !!Still unresolved error #2123: BitmapData.draw(), videosampleaccess, No policy files granted access

  Hello,
  I have looked all over the forums, google etc. and not found any reliable and working solution to be able to retrieve the stream bitmapdata from RTMP  or HTTPDynamicStreaming source. Please find the details below.
  I have tried everything:
  NetStream.checkPolicyFile = true
  Security.loadPolicyFile(...);
  /applications/live/main.asc has the code below:
  application.onConnect = function( client )
      client.videoSampleAccess = "/";
      this.acceptConnection(client) ;
  The Application.xml has the tag:
  <Client>
       <access>
            <VideoSampleAccess enabled="true">/</VideoSampleAccess>
       </access>
  </Client>
  But constantly, I receive this error ( both on FMS3.5 and FMS4.0 RTMP & HttpLiveDynamicStreaming):
  securityerror:Error #2123: Security sandbox violation: BitmapData.draw: http://localhost/xxyy.swf cannot access rtmpt://localhost:1935/live. No policy files granted access.
  The problem persists wherever the player.swf is placed.
  Since I'm using OSMF the video display object had to be retrieved in the way like this:
  var mediaDisplayObjectTrait:DisplayObjectTrait;
  mediaDisplayObjectTrait = media.getTrait(MediaTraitType.DISPLAY_OBJECT) as DisplayObjectTrait;
  v = new Video(mediaDisplayObjectTrait.mediaWidth,mediaDisplayObjectTrait.mediaHeight);
  loadable.netStream.checkPolicyFile = true;
  v.attachNetStream(loadable.netStream);
  The new Video part is a must because when using ( the only working http - vod setup ) the BitmapData of the DisplayObject defaults to 320x240 even though the mediaWidth and mediaHeight properties are set fine and the video itself has much higher resolution. I must note at this point its far weird and worths another post.
  Seems like the player simply doesn't know anything about where and how to obtain any kind of policy information from the stream.
  I think this issue must be resolved once and for all, it's simply not acceptable to have this poor documentation floating around an essential feature without any professional help involved.

  You don't need crossdomain policy files, you need to do the following;
  1)      Edit the Application.xml file in the host folder, within install directory/conf/... , edit the client tag, adding the attribute override=”yes”
  <Client override=”yes”>
  In a default install of Flash Media Server, the Client class is set to prevent overriding values in the application folder. This was why the settings we were trying were not holding.
  We do not need to alter anything else of the conf Application.xml
  2)      Add the client/access nodes to the root Application.xml within the content folder  ( we have already done this as far as I am aware ).
  <Application>
    <Client>
     <Access>
      <VideoSampleAccess enabled="true">/</VideoSampleAccess>
      <AudioSampleAccess enabled="true">/</AudioSampleAccess>
     </Access>
    </Client>
  </Application>
  3)      Restart the Media Server by using the administration console. This will enable the client>access values to be overridden to true.

• Applets, Policy Files, jar signing, JNI, etc

  Hi,
  I need an Applet to be able to connect to sockets and use some JNI. Hence, as far as I can tell, I need to use a Policy File. In a standalone application, I have written my policy file tried it out by switching on the security manager. However I am not sure how I do this with an applet.
  I have read many examples of Jar signing, yet every example uses appletviewer and the -J-Djava.security.policy to show the security policy in action.
  However I want this to work through a normal browser, so how do I achieve this?
  Do I specify a URL to the java.security.file in the embed/object/applet tags in the HTML?
  Do I put the policy file in the jar and reference it via the Manifest?
  Any ideas much appreciated,
  John B

  The standard AccessControlException:
  java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
  at java.security.AccessController.checkPermission(AccessController.java:401)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
  at java.lang.ClassLoader.getParent(ClassLoader.java:701)
  Or something like that.
  That's what I'm trying to solve, I wish to use the Java Security Policy system to allow my applet access to various resources, such as writing files. Now I've seen that signing an applet will give it full access (in my view, this is rather insecure, but anyway), however following the steps to sign an applet two or three times has still presented me with the same problem. The signing is ignored, and the exception is thrown.
  Applet signing aside, I fail to see any documentation stating how the policy file is used by the VM when running on a browser. I assumed it might be an entry in the Jar's manifest file, but again, I can find no documentation.
  It's all very annoying, and Sun have done quite a bad job at documenting this. For example, their example talkes about -D-Jjava.security.policy=.... being passed to appletviewer. Who on earth uses appletviewer! If policies only work with that, then they are useless. I want them to work with whatever browser the applet is being run within.
  Surely this isn't too much to ask? :)