How to reload cached crossdomain.xml

Similar Messages

• How can I serve crossdomain.xml file on a specific port?

  Let me introduce my problem step by step:
  I was using a socket connection on the address www.mydomain.com:1925 to provide a chat service for my users. When I moved to cloudflare, I could not connect to port 1925 directly because of the fact that my requests were reaching my origin server over cloudflare and the port was changing.
  How did I solve it? I created a subdomain chat.mydomain.com whose DNS settings point to my origin server not cloudflare. I bypassed cloudflare by this way and I connected my chat service by using chat.mydomain.com:1925 on the browser. So far so good.
  Here is the problem. I am also using Flash and AS3. It is the core of my game on the site. Chat is working on html and my game in flash is in some part of my website. In flash, I was sending scores of players using again a socket connection on www.mydomain.com:1925 by a different namespace.(Since swf's host and url's host matched, I didn't have any problem I think).Since I have changed the domain to chat.mydomain.com:1925, Flash started to request a crossdomain.xml on chat.mydomain.com:1925. There is a crossdomain.xml file on chat.mydomain.com however I cannot serve it from chat.mydomain.com:1925. Here is my code:
  Security.loadPolicyFile("https://chat.mydomain.com/crossdomain.xml");
  var urlLoader:URLLoader = new URLLoader ();
  var url:String = "https://chat.mydomain.com:1925/socket.io/1/";
  var request:URLRequest = new URLRequest(url);
  request.method = URLRequestMethod.POST; 
  urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
  urlLoader.addEventListener(Event.COMPLETE, completeHandler);
  urlLoader.addEventListener(IOErrorEvent.IO_ERROR,ioErrorHandler);
  urlLoader.load(request);
  Since flash cannot find crossdomain.xml by getting 404, the requests in my code do not work. How can I solve this problem? How can I use the origin chat.mysite.com:1925?

  You're going to have to host it in a way that lets you serve HTTP/S content (at least the crossdomain.xml) on port 80 or 443 respectively.
  The Flash Player Security Whitepaper has an excellent breakdown of the requirements for crossdomain policy stuff:
  White paper: Adobe Flash Player 10 security | Adobe Developer Connection

• How to clear cache for XML data source?

  Hi All,
  I'm facing a problem loading XML data into Oracle using Oracle Data Integrator. The problem is ODI will cache the data of the XML file at the first time loading the data. And afterwards, when the XML file changed, ODI will load data from the cache.
  I did serveral testing on this. If I run the interface in local agent of the designer, I must restart the designer to clear the cache. If I run the interface in an agent, I must restart the agent to clear the cache.
  Below is my configuration:
  ODI version: 10.1.3.5.0
  The technology of the source: XML.
  JDBC driver: com.sunopsis.jdbc.driver.xml.SnpsXmlDriver
  Does anybody know how to clear the cache of the agent or XML?
  Thanks.

  Hi ,
  Use drop_on_disc or dod in your JDBC URL .
  example ,
  jdbc:snps:xml?f=C:\mutation.xml&d=C:\mutation.xsd&lf=C:\mutation.log&ro=true&dod=yes
  The dod (drop_on_disc) drop automatically the schema when closing the JDBC connection.
  dod option must be the last option of the URL.
  This option removes the reference to the schema from the driver, and if the schema is store in memory, it also drops the schema. If the schema is stored in an external database (set via db_props), the driver tries to drop the database schema.
  Thanks,
  Sutirtha

• How to specify index for cache in coherence-cache-config.xml

  Hi All,
  We want to apply indexing on cache data.
  Suppose i have a EMPLOYEE object in coherence cache.
  and i want to use employeeID for indexing purpose.
  Can anybody help me to achieve this at Congregational level i.e. using xml file (coherence-cache-config.xml) .
  Edited by: 981644 on Jan 16, 2013 1:51 AM

  Hi,
  I've posted some [url http://coherence.oracle.com/download/attachments/14647422/add-index-namespace.jar]code and the [url http://coherence.oracle.com/download/attachments/14647422/add-index-namespace-src.jar]source. It depends on coherence common version 2.3.0.39174 however I believe it will work with 2.0.0.23649 also. Coherence common library can be downloaded from [url http://coherence.oracle.com/display/INC10/coherence-common]here
  Note: This is purely an example on how to achieve index creation via a cache configuration file and is not a part of the product thus is not covered by product support.
  Here is an example cache configuration that uses the namespace:
  <cache-config xmlns:service="class://com.oracle.coherence.environment.extensible.ServiceOperations">
      <caching-scheme-mapping>
          <service:index-add cache-name="dist-indexes">
              <extractor>
                  <class-name>ReflectionExtractor</class-name>
                  <init-params>
                      <init-param>
                          <param-type>string</param-type>
                          <param-value>getName</param-value>
                      </init-param>
                  </init-params>
              </extractor>
          </service:index-add>
          <!-- Simplified POF Config -->
          <service:index-add cache-name="dist-indexes" pof-enabled="true">
              <pof-index>8,16,32</pof-index>
          </service:index-add>
          <!-- This should not be counted based on system-property override -->
          <service:index-add cache-name="dist-indexes" pof-enabled="true" enabled="{tangosol.index.add}">
              <pof-index>8,16,31</pof-index>
          </service:index-add>
          <!-- Explicit POF Config -->
          <service:index-add cache-name="dist-indexes">
              <extractor>
                  <class-name>PofExtractor</class-name>
                  <init-params>
                      <init-param>
                          <param-type>{class}</param-type>
                          <param-value>null</param-value>
                      </init-param>
                      <init-param>
                          <param-type>{object}</param-type>
                          <param-value>
                              <class-name>com.tangosol.io.pof.reflect.SimplePofPath</class-name>
                              <init-params>
                                  <init-param>
                                      <param-type>{int[]}</param-type>
                                      <param-value>1,2,4</param-value>
                                  </init-param>
                              </init-params>                     
                          </param-value>
                      </init-param>
                  </init-params>
              </extractor>
          </service:index-add>
      </caching-scheme-mapping>
  </cache-config>Thanks,
  Harvey

• How to read the extended-cache-config.xml file. in C++ API

  I want to create my own XML config file and define the config values in that, so that C++ Client (using Coherence C++ API) application can access the config files.
  Also how to get the instance of configuration values which Coherence client has read,
  i.e.
  TangosolCoherenceOverride=$PATH/examples/config/tangosol-coherence-override.xml
  TangosolCoherenceCacheconfig=$PATH/examples/config/extend-cache-config.xml
  How to get the instance of this XMLDocument ? and read values from it.
  Thanks,
  Naveen

  Hi,
  You can get the cache-config that was read by getting it from the ConfigurableCacheFatory (which you can get from the CacheFactory) via getConfig(). See:
  http://download.oracle.com/otn_hosted_doc/coherence/352CPP/classcoherence_1_1net_1_1_cache_factory.html
  http://download.oracle.com/otn_hosted_doc/coherence/352CPP/classcoherence_1_1net_1_1_configurable_cache_factory.html
  There is no way to get the actual XmlDocument object from the cluster that is read for the cluster-config (though you could open the same path yourself).
  thanks,
  -Rob

• Multiple plugtmp-1 plugtmp-2 etc. in local\temp folder stay , crossdomain.xml and other files containing visited websitenames created while private browsing

  OS = Windows 7
  When I visit a site like youtube whith private browsing enabled and with the add-on named "shockwave flash" in firefox add-on list installed and activate the flashplayer by going to a video the following files are created in the folder C:\Users\MyUserName\AppData\Local\Temp\plugtmp-1
  plugin-crossdomain.xml
  plugin-strings-nl_NL-vflLqJ7vu.xlb
  The contents of plugin-crossdomain contain both the "youtube.com" adress as "s.ytimg.com" and is as follows:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  -<cross-domain-policy> <allow-access-from domain="s.ytimg.com"/> <allow-access-from domain="*.youtube.com"/> </cross-domain-policy>
  The contents of the other file I will spare you cause I think those are less common when I visit other sites but I certainly don't trust the file. The crossdomain.xml I see when I visit most other flashpayer sites as well.
  I've also noticed multiple plugin-crossdomain-1.xml and onwards in numbers, I just clicked a youtube video to test, got 6 of them in my temp plus a file named "plugin-read2" (no more NL file cause I changed my country, don't know how youtube knows where I'm from, but that's another subject, don't like that either). I just noticed one with a different code:
  <?xml version="1.0"?>
  -<cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy>
  So I guess this one comprimises my browsing history a bit less since it doesn't contain a webadress. If these files are even meant to be deposited in my local\temp folder. The bigger problem occurs when they stay there even after using private browsing, after clearing history, after clearing internet temporary files, cache, whatever you can think of. Which they do in my case, got more than 50 plugtmp-# folders in the previous mentioned local\temp folder containing all website names I visited in the last months. There are a variety of files in them, mostly ASP and XML, some just say file. I have yet to witness such a duplicate folder creation since I started checking my temp (perhaps when firefox crashes? I'd say I've had about 50 crashes in recent months).
  I started checking my temp because of the following Microsoft Security Essential warnings I received on 23-4-12:
  Exploit:Java/CVE-2010-0840.HE
  containerfile:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp
  file:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp->pong/reversi.class
  and...
  Exploit:Java/CVE-2008-5353.ZT
  containerfile:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp
  file:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp->Testability.class
  Microsoft Security Essentials informed me that these files were quarantained and deleted but when going to my temp file they were still there, I deleted them manually and began the great quest of finding out what the multiple gigabytes of other files and folders were doing in that temp folder and not being deleted with the usual clearing options within firefox (and IE).
  Note that I have set my adobe flasplayer settings to the most private intense I could think of while doing these tests (don't allow data storage for all websites, disable peer-to peer stuff, don't remember exactly anymore, etc.). I found it highly suspicious that i needed to change these settings online on an adobe website, is that correct? When right-clicking a video only limited privacy options are available which is why I tried the website thing.
  After the inital discovery of the java exploit (which was discovered by MSE shortly after I installed and started my first scan with Malwarebytes, which in turn made me suspicious whether I had even downloaded the right malwarebytes, but no indication in the filename if I google it). Malwarebytes found nothing, MSE found nothing after it said it removed the files, yet it didn't remove them, manually scanning these jar_cache files with both malwarevytes and MSE resulted in nothing. Just to be sure, I deleted them anyways like I said earlier. No new jar_cache files have been created, no exploits detected since then. CCleaner has cleaned most of my temp folder, I did the rest, am blocking all cookies (except for now shortly), noscript add-on has been running a while on my firefox (V 3.6.26) to block most javascripts except from sites like youtube. I've had almost the same problem using similar manual solutions a couple of months ago, and a couple of months before that (clearing all the multiple tmp folders, removing or renaming jar_cache manually, running various antmalware software, full scan not finding a thing afterwards, installing extra add-ons to increase my security, this time it's BetterPrivacy which I found through a mozilla firefox https connection, I hope, which showed me nicely how adobe flash was still storing LSO's even after setting all storage settings to 0 kb and such on the adobe website, enabling private browsing in firefox crushed those little trolls, but still plugtmp trolls are being created, help me crush them please, they confuse me when I'm looking for a real threat but I still want to use flash, IE doesn't need those folders and files, or does it store them somewhere else?).
  I'm sorry for the long story and many questions, hope it doesn't scare you away from helping me fight this. I suspect it's people wanting to belong to the hackergroup Anonymous who are doing this to my system and repeating their tricks (or the virus is still there, but I've done many antivirus scans with different programs so no need to suggest that option to me, they don't find it or I run into it after a while again, so far, have not seen jar_cache show up). Obviously, you may focus on the questions pertaining firefox and plugtmp folders, but if you can help me with any information regarding those exploits I would be extremely grateful, I've read alot but there isn't much specific information for checking where it comes from when all the anti-virus scanners don't detect anything anymore and don't block it incoming. I also have downloaded and installed process monitor but it crashes when I try to run it. The first time I tried to run it it lasted the longest, now it crashes after a few seconds, I just saw the number of events run up to almost a million and lots of cpu usage. When it crashed everything returned back to normal, or at least that's what I'm supposed to think I guess. I'll follow up on that one on their forum, but you can tell me if the program is ligit or not (it has a microsoft digital signature, or the name micosoft is used in that signature).

  update:
  I haven't upgraded my firefox yet because of a "TVU Web Player" plugin that isn't supported in the new firefox and I'm using it occasionally, couldn't find an upgrade for it. Most of my other plugins are upgraded in the green (according to mozilla websitechecker):
  Java(TM) Platform SE 6 U31 (green)
  Shockwave for Director (green - from Adobe I think)
  Shockwave Flash (green - why do I even need 2 of these adobe add-ons? can I remove one? I removed everything else i could find except the reader i think, I found AdobeARM and Adobe Acrobat several versions, very confusing with names constantly switching around)
  Java Deployment Toolkit 6.0.310.5 (green, grrr, again a second java, why do they do this stuff, to annoy people who are plagued with java and flash exploits? make it more complicating?)
  Adobe Acrobat (green, great, it's still there, well I guess this is the reader then)
  TVU Web Player for FireFox (grey - mentioned it already)
  Silverlight Plug-In (yellow - hardly use it, I think, unless it's automatic without my knowing, perhaps I watched one stream with it once, I'd like to remove it, but just in case I need it, don't remember why I didn't update, perhaps a conflict, perhaps because I don't use it, or it didn't report a threat like java and doesn't create unwantend and history compromising temp files)
  Google Update (grey - can I remove? what will i lose? don't remember installing it, and if I didn't, why didn't firefox block it?)
  Veetle TV Core (grey)
  Veetle TV Player (grey - using this for watching streams on veetle.com, probably needs the Core, deleted the broadcaster that was there earlier, never chose to install that, can't firefox regulate that when installing different components? or did i just miss that option and assumed I needed when I was installing veetle add-on?)
  Well, that's the list i get when checking on your site, when i use my own browseroptions to check add-ons I get a slightly different and longer list including a few I have already turned off (which also doesn't seem very secure to me, what's the point in using your site then for anything other than updates?), here are the differences in MY list:
  I can see 2 versions of Java(TM) Platform SE 6 U31, (thanks firefox for not being able to copy-paste this)
  one "Classic Java plug-in for Netscape and Mozilla"
  the other is "next generation plug-in for Mozilla browsers".
  I think I'll just turn off the Netscape and Mozilla one, don't trust it, why would I need 2? There I did it, no crashes, screw java :P
  There's also a Mozilla Default plugin listed there, why does firefox list it there without any further information whether I need it or not or whether it really originates from Mozilla firefox? It doesn't even show up when I use your website plugin checker, so is there no easy way by watching this list for me to determin I can skip worrying about it?
  There's also some old ones that I recently deactivated still listed like windows live photo gallery, never remember adding that one either or needing it for anything and as usual, right-clicking and "visit homepage" is greyed out, just as it is for the many java crap add-ons I encountered so far.
  Doing a quick check, the only homepage I can visit is the veetle one. The rest are greyed out. I also have several "Java Console" in my extentions tab, I deactivated all but the one with the highest number. Still no Java Console visible though, even after going to start/search "java", clicking java file and changing the settings there to "show" console instead of "hide" (can't remember exact details).
  There's some other extentions from noscript, TVU webplayer again, ADblock Plus and now also BetterPrivacy (sidenote, a default.LSO remains after cleanup correct? How do I know that one isn't doing anything nasty if it's code has been changed or is being changed? To prevent other LSO's I need to use both private browsing and change all kinds of restrictions online for adobe flashplayer, can anyone say absurd!!! if you think you're infected and want to improve your security? Sorry that rant was against Adobe, but it's really against Anonymous, no offense).

• Google crossdomain.xml when making requests

  Hi guys,
  Does anyone know how to get round the googles cross domain
  when trying to access their services like the maps.google.com
  geocode?
  Every call i make to try and make a LoadVars request works
  fine in the flash IDE where it just trys to pull down the
  google.com crossdomain, but any calls in a live enviroment just
  request the crossdomain from the appropriate service, i.e. the
  maps.google.com and then don't make the actual request.
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <site-control
  permitted-cross-domain-policies="by-content-type" />
  </cross-domain-policy>
  Any help would be great, otherwise i'll have to proxy the
  requests through a php page.

  Howdy,
  I have done some further investigations and I have so far concluded that:
  - in the cases where the service does NOT work, the following is happening:
  I watch a video (video 1), then close the window. I start a new window with a new video (video 2). However, despite closing a window and opening a new window, the TCP session for video 1 remains open. So when I start video 2, the crossdomain.xml request is sent on the old TCP session.
  Instead of getting an "OK" reply, I simply get an "ACK" reply and the process is halted.
  - in the cases where the service does work, the following is happening:
  I watch a video (video 1), then close the window. I start a new window with a new video (video 2). For each window, a new TCP session is set up/ synchronised, and the crossdomain.xml request receices an "ACK".
  - it seems that the failure scenario happens when there are no files in the cache.
  Any ideas of what this could be?

• Crossdomain.xml issue - Accessing SAP from adobe FLEX

  Hi All,
  We are in the process of trying to integrate 4 SAP bapis exposed as Web services from adobe flex.
  When we do so we are getting a "security error accessing URL"
  The URL of our flex application is:
  http://10.10.0.48:8081/water0305/iden.html
  The WSDL of the web service is:
  http://10.10.0.66:8001/sap/bc/srt/rfc/sap/ZKK_BAPI_EQMT_DETAIL?sap-client=800&wsdl=1.1
  We looked at various forums and we found that adding a crossdomain.xml file to the root directory
  (at the destination server) will resolve the issue.
  I did implement all those steps on the R/3 side to add a crossdomain.xml to an ABAP WAS.
  crossdomain.xml on WAS
  however i still get those errors(security error accessing URL).
  Below is the code i use to access the SAP web service
  <mx:WebService
  id="EqmtDetailWS" showBusyCursor="true" fault="Alert.show(event.fault.faultString)" >
  <mx:operation name="EqmtDetail" resultFormat="e4x" result="getEquip_result(event);" fault="getFault(event);">
  <mx:request>
  <Equipment></Equipment>
  </mx:request>
  </mx:operation>
  </mx:WebService>
  We are  displaying the SAP info on a map service provided by esri so we included the load operation here.
  <-Loading the wsdl->
  private
  function onExtentChange(event:ExtentEvent):void {
  EqmtDetailWS.wsdl=
  "http://10.10.0.66:8001/sap/bc/srt/rfc/sap/ZKK_BAPI_EQMT_DETAIL?sap-client=800&wsdl=1.1&sap-user=******&sap-password=****&sap-language=EN&~transaction=iw51";
  EqmtDetailWS.loadWSDL();
  <Displaying the info from SAP>
  private function getEquip_result(event:ResultEvent):void {
  equip_desc = event.result.Equitext.Equidescr;
  txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Equi. Desc. : " + event.result.Equitext.Equidescr + "\n";
  var material:String=event.result.Equimaster.Material;
  SAPIDAliasEquipDesc =event.result.Equitext.Equidescr;
  material=material.substring(14,18);
  txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Material : " + material + "\n";
  txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Serial No : " + event.result.Equimaster.Serialno + "\n";
  var costcntr:String=event.result.Equilocation.Costcenter;
  costcntr=costcntr.substring(7,10);
  txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Cost Center : " + costcntr + "\n";
  CustomerID = event.result.Equisales.Customer;
  This is how we load the policy file.
  Security.loadPolicyFile(
  http://10.10.0.66:8001/sap/bc/bsp/sap/zroot/crossdomain.xml);
  This works fine when we run it from the IDE but throws up an error when we deploy it on the server
  So are we missing something ?
  Is there anything else to be done to overcome the security issue ?
  Thanks in advance.
  Regards,
  Karthik.

  Hi Rich,
  I followed the steps in your video when our system was R/3 4.7 (WAS 6.20) and the test worked fine, i.e. accessing the crossdomain by typing http://server:port/crossdomain.xml.
  I followed the same steps with our new version (we're undergoing an upgrade) but I kept getting the error message:
  "BSP Exception: the BSP URL /crossdomain.xml Does Not Contain Any Application Entries".  Then I saw Ivan post suggesting implementing OSS Note 1260386.  I applied the Note but I got the same error message. 
  Then I ran function ICFBUFFER_INIT to make sure the buffer is cleared, cleared the cache in the browser and still got the same error message.
  Our system is ERP 6.0, NetWeaver 7.0, level 17 (BASIS Component is SAPKB70017).
  Please help.  Thank you.
  Achille.

• #2170 error calling a webservice from Xcelsius having crossdomain.xml

  Hello together,
  we are facing a #2170 error indicating we don't have a proper policy file in place when executing a published Xcelsius flash in SAP BI application portal.
  We created a WebService that is running an SAP BI System 7.01. The WebService is function module based and was generated following the wizzard. Afterwards we created a Xcelsius app that consumes data from this WebService (via data connection). The resulting flash from Xcelsius was pulished to SAP BI System (portal).
  Since there are many entries in the SDN and the internet in general we finally also created an crossdomain.xml file on the BI system which can be accessed and is visible by using "https://<server>/crossdomain.xml".
  Now the confusion begins: We exported the flash from Xcelsius to local desktop and executed the corresponding HTML-file. It's working and I can receive/see WebService data (after adjusting flash-security-settings). If we upload both exported files (html and swf) to the BI system (as MIME objects) and execute the html again we are also receiving WebServervice data. So far so good. But if we execute the link from the SAP BI Portal (Xcelsius menu > SAP > Start) we still get the error #2170 indicating we don't have a proper domain policy file in place. But for my understanding we do have. So currently I would assume the error message is somehow misleading.
  During all the activities I found out that this error is also raised if the user has insufficient authorization. My user has SAP_ALL authorization for testing purpose.
  In general I would say we are not that wrong with our Xcelsius/WebService if we are not coming from BI portal. So my questions are:
  1.) Are there any authorization on portal side that might not fit and lead to this error? If insufficient authorizations produces such an error ...
  2.) Did we miss any other stuff during our try/fail-operations?
  Many thanks in advance for your hints.
  Steffen

  Hi Rajat,
  This is how the default trace looks
  FATAL: Application Servlet failed to notify devices.
  Caught java.rmi.RemoteException: Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1289)
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1298)
       at com.om.ApplicationServlet$NotifyDevices.run(ApplicationServlet.java:86)
  Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:980)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1430)
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1282)
       ... 2 more
  java.lang.NoSuchMethodError
  at java.lang.Thread.destroy(Thread.java:779)
       at com.omApplicationServlet$NotifyDevices.run(ApplicationServlet.java:92)
  Rgds
  Shashank

• Where to place crossdomain.xml in SAP ECC IDES?

  Hi,
  I have a flex application which uses webservices generated in SAP IDES system. This flex app is stored in portal server. Since the physical servers are involved, I get a security error message, which says, "Security error accessing url". I browsed through the net and found that, we have to place a crossdomain.xml file in the web root folder of the server from where we are fetching the data. In my case, it would be SAP IDES system.
  I wanted to know where do I place this xml file in IDES? What would be it's location and how can I generate a URL to access this xml file?
  Please let me know about this, if anyone has done this before.
  Appreciate your help.
  Thank you,
  Warm regards,
  Deepak

  Hi Durairaj,
  As mentioned in that thread, I created a BSP application in the server and loaded crossdomain.xml. It was accessible from the browser too.
  This is the xml code which is there in crossdomain:
  <?xml version="1.0" ?>
  <cross-domain-policy>
    <allow-access-from domain="*" />
    <site-control permitted-cross-domain-policies="all" />
    <allow-http-request-headers-from domain="*" headers="*" />
    </cross-domain-policy>
  But this did not solve my purpose
  I have my flex application in a server, servera.abc.com and I am using the webservices of another server, serverb.abc.com
  I uploaded the crossdomain.xml in serverb.abc.com, in the following path through a BSP application:
  http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml
  But I still get the 'security accessing url' message in flex. It doesn't load the wsdl.
  I'm also using this piece of code in initialize event of the application in flex:
                         private function initSecurity():void{
                      Security.allowDomain("*");
                      Security.loadPolicyFile("http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml");
                      Alert.show("crossdomain xml loaded....");
  Where am I going wrong here?

• Apache proxypass and crossdomain.xml not working

  Hi everyone,
  I have the following problem. I have set up jboss on a Linux server connecting to local port 8080 (localhost:8080).
  I have opened the application on port 80 with Apache ( www.myDomain.com) and set up a virtual host that proxies
  this connection to localhost:8080 where jboss is listening.
  <VirtualHost *:80>
      DocumentRoot /var/www/nyDomain
      ServerName myDomain.com
      Alias /crossdomain.xml /var/www/html/crossdomain.xml
      # proxy pass to the jboss server
      <IfModule mod_proxy.c>
      ProxyRequests Off
      <Proxy *>
          Order deny,allow
          Deny from all
          Allow from all
      </Proxy>
      ProxyPass /Stylect http://127.0.0.1:8081/Stylect
      ProxyPassReverse /Stylect http://127.0.0.1:8081/Stylect
      # ProxyPreserveHost on
      </IfModule>
  </VirtualHost>
  The crossdomain.xml file is at the root of the server and can be accessed with www.mydomain.com/crossdomain.xml
  <cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" to-ports="*" secure="false"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
  </cross-domain-policy>
  I can see in firebug that it's being downloaded when I first request the page - this is the response:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
     "http://www.w3.org/TR/html4/strict.dtd">
  <html>
  <head>
    <title>Software as a Service Development. </title>
    <META name="description" content="Description here"><META name="keywords" content="Saas, fashion design, plm, production, nutrition, food, orders">
  </head>
  <frameset rows="100%,*" border="0">
    <frame src="http://xxx.xxx.xxx.xx/crossdomain.xml" frameborder="0" />
    <frame frameborder="0" noresize />
  </frameset>
  <!-- pageok -->
  <!-- 04 -->
  <!-- -->
  </html>
  Yet I still get a 2048 sandbox violation error.
  The crossdomain is needed because the proxied request
  appears to be coming from the public ip while jboss
  is bound to the local host.
  If I expose Jboss directly to the web all works well but there
  are too many security issues in that setup. Apache as a front is
  much better.
  The question is: is this the correct response I should be getting
  (or should it be directly the xml file) and why is it not working?
  How can I fix this?
  Any help much appreciated. I'm stuck.
  Dahn 

  Try adding security="false" inside the next line:
  <allow-access-from domain="*"/>
  so it would look something like
  <allow-access-from domain="*" security="false" />
  It fixed the problem for me.

• Why is the Shockwave player not requesting the root crossdomain.xml

  Hi,
  I have a Director movie (DCR) that is presented to visitors to my website. The DCR is actually downloaded from a separate Content Delivery Network (CDN).
  On startup, the DCR connects to my original website to retrieve some additional information that is presented to the visitor. But because the DCR comes the CDN, when it attempts to access my website a warning dialog appears informing the visitor that the DCR is attempting to access another site and asking them to allow or deny access.
  I did some reading of the Adobe docs and found that from version 11.5, the Shockwave player will skip this dialog if the referenced domain includes a cross domain policy file that permits access. The movie can load a specific policy from the target domain, but if it doesn't the docs say that the player will read the default crossdomain.xml from the root of the target network.
  So I created and deployed the default crossdomain.xml as described in the documentation and redeployed my application. However, when the DCR started the same dialog appeared warning about the cross domain reference and asking me to allow or deny it.
  I thought perhaps there was an error in how I deployed the cross domain file, but when I checked more closely I discovered that Shockwave player never even requested the file from the target server.
  Does anyone have any idea why this might be happening? Am I missing some step that is required to make the player request the default cross domain policy file?
  Thanks in advance for any help people can offer.
  Damian

  I thought this had been fixed in the latest version of the installer, but perhaps not. Try the option suggested in this thread

• How to disable cache implementation in 8.1 SP6 for entity beans

  How to disable cache implementation in 8.1 SP6 for entity beans
  In our production environment, we want to disable cache implementation for entity beans. We are using weblogic 8.1 SP6.
  Weblogic cache implementation has been causing many cachefull exceptions so we want that it fetches the data from database everytime instead of cache.

  Check the "max-beans-in-cache" setting in your weblogic-ejb-jar.xml. The cache full exception, means that a new bean could not be created because of this cache being full.
  Nothing to do with fetching from the database directly.
  If you really want direct fetches then do not use beans at all. Consider using direct JDCB/SQL calls (without a entity bean) to fetch huge data.
  Let's again review your application based on the below explanation before making a decision on which configuration change to perform:
  If you truly have many ejbs simultaneously enrolled in transactions, then yes, the cache must be big enough to hold all the instances.
  Your cache must have a max size large enough to handle your peak simultaneous transaction load.
  Also, try to ask the following query to your application developer. Does every user actually have to have more than one bean in the cache ? Are many of these values read-only reference values that are not updated ?
  SOLUTION CHOICE:
  1. If you are testing with more number of users simultaneously, then you will need to increase the "max-beans-in-cache" setting in your weblogic-ejb-jar.xml to match the load.
  2. If you have few users but still seeing a lot of beans, then consult with your application developer and try to ask the above questions (Does every user have more than......) and based on that try to redesign/tune your application to make it an effective Entity bean model.
  3. If you have queries where huge result sets are returned, consider using plain/direct JDB/SQL calls.
  Arun

• Aggregating cache-config.xml files

  I'd like to add to, rather than override, my cache config files. How do I go about that? Do I have to deal with XmlElements of the DefaultConfigurableCacheFactory directly, or is there some simpler way to do this?
  Thanks ---

  Hi Cindy,
  There is nothing in the core product but if you use the Coherence Incubator Commons then you can do it. http://coherence.oracle.com/display/INC10/coherence-common
  You need to include the coherence-commons jar in your class path then you can do this...
  <cache-config
       xmlns="http://xmlns.oracle.com/coherence/coherence-cache-config"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://xmlns.oracle.com/coherence/coherence-cache-config coherence-cache-config.xsd"
          xmlns:element="class://com.oracle.coherence.environment.extensible.namespaces.XmlElementProcessingNamespaceContentHandler"
          element:introduce-cache-config="coherence-common-cache-config.xml">
      <caching-scheme-mapping>
      </caching-scheme-mapping>
      <caching-schemes>
      </caching-schemes>
  </cache-config>The above config uses the element namespace from the incubator that allows you to add the element:introduce-cache-config attribute to the cache-config tag which imports the specified cache config file. http://coherence.oracle.com/display/INC10/element-namespace
  JK

• Ye Olde crossdomain.xml

  An App I was working on just went into production on
  Saturday. We have this setup: A weblogic application server (Server
  A) running on Machine A (a solaris OS). We have a separate weblogic
  server located on Machine B.
  Machine A's weblogic hosts the web application and one of the
  pages has a Flex app built in Flex Builder 2.0. This app accesses a
  webservice located on Machine B. In our system test environment
  this worked fine. It also works fine running it with the Run button
  in Flex Builder. When it was deployed to production this weekend, I
  get this error: Unable to load WSDL. If currently online, please
  verify the URL and/or format of the WSDL. I figure it is something
  wrong with crossdomain.xml. I have tried everything.
  Machine A: Port 7001 (crossdomain.xml accessible at
  machinea:7001/crossdomain.xml).
  Machine B: port 4444 (crossdomain.xml accessible at
  machineb:4444/crossdomain.xml).
  I've also tried to load it with Security.loadPolicyFile(url).
  None of this has worked and it always returns the same error. I'd
  really like to get this resolved, as like I said it worked in our
  test environment but is broken in production.

  Just to cover the basics, can you:
  1) test using a wide open cross-domain.xml on machineb?
  <allow-access-from domain="*" />
  2) confirm the URL of the service port at the bottom of the
  wsdl?
  The service port defines where the actual webservice can be
  found and may or may not be on the same server that hosts the wsdl.
  One problem might be that in testing the service port was using a
  canonical domain name that only resolvable on a private intranet,
  and breaks on public facing servers.
  3) run a packet sniffer on the client where Flash Player is
  running and trace connections from the client to machineb ?
  a) you should see an HTTP request / response for
  crossdomain.xml on machineb over port 4444
  b) you should see an HTTP request / response for the wsdl on
  machineb over port 4444
  c) you should see the HTTP req as a POST to the service port
  URL that sends the SOAP Request embedded in the SOAP envelope.
  d) you should see the HTTP response from the service port
  URL with the SOAP response inside a SOAP envelope
  4) Run the Eclipse WTP WebService Explorer from the same
  machine as the client with Flash Player. Type in the WSDL URL into
  the designated field, and Eclipse WTP will parse the wsdl and
  provide a form to permit you to enter data to properly fulfill the
  SOAP Request.
  Eclipse WTP is a great reference tool for testing webservices
  and can be used for troubleshooting by comparison.
  Please let me know how it goes.