On WebServices, crossdomain.xml and debug-mode

Similar Messages

• Crossdomain.xml and Reporting Services

  Hi,
  I'm trying to get my Flex application to call a webservice on a remote Reporting Services instance, but am running up against insummountable problems with the Flash Player's cross-site scripting security.
  Due to the way that Reporting Services works, there is no root folder (i.e. http://theserver/ doesn't actually exist anywhere in the filesystem) - so we cannot have a master policy file at that location.
  However, we have been able - through extensive fiddling of the SSRS web.config - to get an XML and/or ASPX file into the http://myserver/ReportServer/ subfolder and have the "X-Permitted-Cross-Domain-Policies: all" HTTP header returned along with the content.
  We are then calling Security.loadPolicyFile("http://theserver/ReportServer/crossdomain.xml") before we try and start calling the WebService.
  We are then able to load the WebService description (GET /ReportServer/ReportService2005.asmx?wsdl). However, when we then try to make the actual call to the webservice - which is a HTTP POST of XML data to the same URL - /ReportServer/ReportService2005.asmx - we get the following errors in the Flex debugger (and the Flash Player log file):
  Warning: Failed to load policy file from http://theserver/crossdomain.xml
  Error: Request for resource at http://theserver/ReportServer/ReportService2005.asmx by requestor from http://localhost/modules/ReportsModule.swf is denied due to lack of policy file permissions.
  *** Security Sandbox Violation ***
  Are GET and POST requests handled differently, or is there something more sinister going on here? Can anyone think of a way to proceed in this investigation, apart from just giving up on Flash's ability to do anything cross-site, and writing our own Server-Side proxy for everything!
  regards
  Richard

  Sounds like the update for Flash 8 may help.

• Multiple plugtmp-1 plugtmp-2 etc. in local\temp folder stay , crossdomain.xml and other files containing visited websitenames created while private browsing

  OS = Windows 7
  When I visit a site like youtube whith private browsing enabled and with the add-on named "shockwave flash" in firefox add-on list installed and activate the flashplayer by going to a video the following files are created in the folder C:\Users\MyUserName\AppData\Local\Temp\plugtmp-1
  plugin-crossdomain.xml
  plugin-strings-nl_NL-vflLqJ7vu.xlb
  The contents of plugin-crossdomain contain both the "youtube.com" adress as "s.ytimg.com" and is as follows:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  -<cross-domain-policy> <allow-access-from domain="s.ytimg.com"/> <allow-access-from domain="*.youtube.com"/> </cross-domain-policy>
  The contents of the other file I will spare you cause I think those are less common when I visit other sites but I certainly don't trust the file. The crossdomain.xml I see when I visit most other flashpayer sites as well.
  I've also noticed multiple plugin-crossdomain-1.xml and onwards in numbers, I just clicked a youtube video to test, got 6 of them in my temp plus a file named "plugin-read2" (no more NL file cause I changed my country, don't know how youtube knows where I'm from, but that's another subject, don't like that either). I just noticed one with a different code:
  <?xml version="1.0"?>
  -<cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy>
  So I guess this one comprimises my browsing history a bit less since it doesn't contain a webadress. If these files are even meant to be deposited in my local\temp folder. The bigger problem occurs when they stay there even after using private browsing, after clearing history, after clearing internet temporary files, cache, whatever you can think of. Which they do in my case, got more than 50 plugtmp-# folders in the previous mentioned local\temp folder containing all website names I visited in the last months. There are a variety of files in them, mostly ASP and XML, some just say file. I have yet to witness such a duplicate folder creation since I started checking my temp (perhaps when firefox crashes? I'd say I've had about 50 crashes in recent months).
  I started checking my temp because of the following Microsoft Security Essential warnings I received on 23-4-12:
  Exploit:Java/CVE-2010-0840.HE
  containerfile:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp
  file:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp->pong/reversi.class
  and...
  Exploit:Java/CVE-2008-5353.ZT
  containerfile:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp
  file:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp->Testability.class
  Microsoft Security Essentials informed me that these files were quarantained and deleted but when going to my temp file they were still there, I deleted them manually and began the great quest of finding out what the multiple gigabytes of other files and folders were doing in that temp folder and not being deleted with the usual clearing options within firefox (and IE).
  Note that I have set my adobe flasplayer settings to the most private intense I could think of while doing these tests (don't allow data storage for all websites, disable peer-to peer stuff, don't remember exactly anymore, etc.). I found it highly suspicious that i needed to change these settings online on an adobe website, is that correct? When right-clicking a video only limited privacy options are available which is why I tried the website thing.
  After the inital discovery of the java exploit (which was discovered by MSE shortly after I installed and started my first scan with Malwarebytes, which in turn made me suspicious whether I had even downloaded the right malwarebytes, but no indication in the filename if I google it). Malwarebytes found nothing, MSE found nothing after it said it removed the files, yet it didn't remove them, manually scanning these jar_cache files with both malwarevytes and MSE resulted in nothing. Just to be sure, I deleted them anyways like I said earlier. No new jar_cache files have been created, no exploits detected since then. CCleaner has cleaned most of my temp folder, I did the rest, am blocking all cookies (except for now shortly), noscript add-on has been running a while on my firefox (V 3.6.26) to block most javascripts except from sites like youtube. I've had almost the same problem using similar manual solutions a couple of months ago, and a couple of months before that (clearing all the multiple tmp folders, removing or renaming jar_cache manually, running various antmalware software, full scan not finding a thing afterwards, installing extra add-ons to increase my security, this time it's BetterPrivacy which I found through a mozilla firefox https connection, I hope, which showed me nicely how adobe flash was still storing LSO's even after setting all storage settings to 0 kb and such on the adobe website, enabling private browsing in firefox crushed those little trolls, but still plugtmp trolls are being created, help me crush them please, they confuse me when I'm looking for a real threat but I still want to use flash, IE doesn't need those folders and files, or does it store them somewhere else?).
  I'm sorry for the long story and many questions, hope it doesn't scare you away from helping me fight this. I suspect it's people wanting to belong to the hackergroup Anonymous who are doing this to my system and repeating their tricks (or the virus is still there, but I've done many antivirus scans with different programs so no need to suggest that option to me, they don't find it or I run into it after a while again, so far, have not seen jar_cache show up). Obviously, you may focus on the questions pertaining firefox and plugtmp folders, but if you can help me with any information regarding those exploits I would be extremely grateful, I've read alot but there isn't much specific information for checking where it comes from when all the anti-virus scanners don't detect anything anymore and don't block it incoming. I also have downloaded and installed process monitor but it crashes when I try to run it. The first time I tried to run it it lasted the longest, now it crashes after a few seconds, I just saw the number of events run up to almost a million and lots of cpu usage. When it crashed everything returned back to normal, or at least that's what I'm supposed to think I guess. I'll follow up on that one on their forum, but you can tell me if the program is ligit or not (it has a microsoft digital signature, or the name micosoft is used in that signature).

  update:
  I haven't upgraded my firefox yet because of a "TVU Web Player" plugin that isn't supported in the new firefox and I'm using it occasionally, couldn't find an upgrade for it. Most of my other plugins are upgraded in the green (according to mozilla websitechecker):
  Java(TM) Platform SE 6 U31 (green)
  Shockwave for Director (green - from Adobe I think)
  Shockwave Flash (green - why do I even need 2 of these adobe add-ons? can I remove one? I removed everything else i could find except the reader i think, I found AdobeARM and Adobe Acrobat several versions, very confusing with names constantly switching around)
  Java Deployment Toolkit 6.0.310.5 (green, grrr, again a second java, why do they do this stuff, to annoy people who are plagued with java and flash exploits? make it more complicating?)
  Adobe Acrobat (green, great, it's still there, well I guess this is the reader then)
  TVU Web Player for FireFox (grey - mentioned it already)
  Silverlight Plug-In (yellow - hardly use it, I think, unless it's automatic without my knowing, perhaps I watched one stream with it once, I'd like to remove it, but just in case I need it, don't remember why I didn't update, perhaps a conflict, perhaps because I don't use it, or it didn't report a threat like java and doesn't create unwantend and history compromising temp files)
  Google Update (grey - can I remove? what will i lose? don't remember installing it, and if I didn't, why didn't firefox block it?)
  Veetle TV Core (grey)
  Veetle TV Player (grey - using this for watching streams on veetle.com, probably needs the Core, deleted the broadcaster that was there earlier, never chose to install that, can't firefox regulate that when installing different components? or did i just miss that option and assumed I needed when I was installing veetle add-on?)
  Well, that's the list i get when checking on your site, when i use my own browseroptions to check add-ons I get a slightly different and longer list including a few I have already turned off (which also doesn't seem very secure to me, what's the point in using your site then for anything other than updates?), here are the differences in MY list:
  I can see 2 versions of Java(TM) Platform SE 6 U31, (thanks firefox for not being able to copy-paste this)
  one "Classic Java plug-in for Netscape and Mozilla"
  the other is "next generation plug-in for Mozilla browsers".
  I think I'll just turn off the Netscape and Mozilla one, don't trust it, why would I need 2? There I did it, no crashes, screw java :P
  There's also a Mozilla Default plugin listed there, why does firefox list it there without any further information whether I need it or not or whether it really originates from Mozilla firefox? It doesn't even show up when I use your website plugin checker, so is there no easy way by watching this list for me to determin I can skip worrying about it?
  There's also some old ones that I recently deactivated still listed like windows live photo gallery, never remember adding that one either or needing it for anything and as usual, right-clicking and "visit homepage" is greyed out, just as it is for the many java crap add-ons I encountered so far.
  Doing a quick check, the only homepage I can visit is the veetle one. The rest are greyed out. I also have several "Java Console" in my extentions tab, I deactivated all but the one with the highest number. Still no Java Console visible though, even after going to start/search "java", clicking java file and changing the settings there to "show" console instead of "hide" (can't remember exact details).
  There's some other extentions from noscript, TVU webplayer again, ADblock Plus and now also BetterPrivacy (sidenote, a default.LSO remains after cleanup correct? How do I know that one isn't doing anything nasty if it's code has been changed or is being changed? To prevent other LSO's I need to use both private browsing and change all kinds of restrictions online for adobe flashplayer, can anyone say absurd!!! if you think you're infected and want to improve your security? Sorry that rant was against Adobe, but it's really against Anonymous, no offense).

• AS2 Crossdomain.xml and sendAndLoad

  I have a flash form with input text fields. I am sending the data to a 3rd party server. I can send the information via getURL but I want to send the data without opening a browser window so I am utilizing sendAndLoad. It works great locally but not through a browser (tested in IE and Firefox). I have verified that all the variables and urls are in the correct case, I have tried both Post and Get, I have tried network and local... Ugh! I am losing my hair on this one please help asap!!!
  Here is the file - click on the second image...
  http://www.axonmediagroup.com/adimag...directbuy.html
  Here is the code...
  on (release) {
  if (first_name.text.length == 0) {
  error.text = "** First Name Required **";
  } else if (last_name.text.length == 0) {
  error.text = "** Last Name Required **";
  } else if (address1.text.length == 0) {
  error.text = "** Address Required **";
  } else if (city.text.length == 0) {
  error.text = "** City Required **";
  } else if (state1.value == "") {
  error.text = "** State Required **";
  } else if (postal_code.text.length == 0) {
  error.text = "** Zip Required **";
  } else if (phone_home.text.length == 0) {
  error.text = "** Phone Required **";
  } else if (email.text.length == 0) {
  error.text = "** Email Required **";
  } else {
  System.security.loadPolicyFile('https://app.leadconduit.com/crossdomain.xml');
  var myloadVars:LoadVars = new LoadVars();
  myloadVars.RName = 'AxonMedia';
  myloadVars.AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
  myloadVars.ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
  myloadVars.SUBID = 1;
  myloadVars.xxNodeId = '050l0tjhd';
  myloadVars.xxTest = 'true';
  myloadVars.Country = 'USA';
  myloadVars.first_name = first_name.text;
  myloadVars.last_name = last_name.text;
  myloadVars.SpouseName = SpouseName.text;
  myloadVars.address1 = address1.text;
  myloadVars.city = city.text;
  myloadVars.state1 = state1.selectedItem.label;
  myloadVars.postal_code = postal_code.text;
  myloadVars.phone_home = phone_home.text;
  myloadVars.email = email.text;
  trace(myloadVars);
  myloadVars.sendAndLoad("https://app.leadconduit.com/v2/PostLeadAction?",myloadVars,"POST");
  myloadVars.onLoad = function(success:Boolean) {
  if (success) {
  error.text = "Thank you for contacting us!";
  } else {
  error.text = "Error connecting to server.";
  Here is the code that works via browser...
  on (release) {
  if (first_name.text.length == 0) {
  error.text = "** First Name Required **";
  } else if (last_name.text.length == 0) {
  error.text = "** Last Name Required **";
  } else if (address1.text.length == 0) {
  error.text = "** Address Required **";
  } else if (city.text.length == 0) {
  error.text = "** City Required **";
  } else if (state1.value == "") {
  error.text = "** State Required **";
  } else if (postal_code.text.length == 0) {
  error.text = "** Zip Required **";
  } else if (phone_home.text.length == 0) {
  error.text = "** Phone Required **";
  } else if (email.text.length == 0) {
  error.text = "** Email Required **";
  } else {
  System.security.loadPolicyFile('crossdomain.xml');
  var RName = 'AxonMedia';
  var AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
  var ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
  var TimeFrame = 0;
  var SUBID = 1;
  var xxNodeId = '050l0tjha';
  var xxTest = 'true';
  var Country = 'USA';
  var first_name = first_name.text;
  var last_name = last_name.text;
  var SpouseName = SpouseName.text;
  var address1 = address1.text;
  var city = city.text;
  var state1 = state1.selectedItem.label;
  var postal_code = postal_code.text;
  var phone_home = phone_home.text;
  var email = email.text;
  getURL("https://app.leadconduit.com/v2/PostLeadAction?", "_blank", "GET");
  error.text = "Thank you for your response!";
  }

  Sounds like the update for Flash 8 may help.

• Swfobject and debug mode?

  Im using swfobject for an actionscript project and cant seem
  to get the debugger (eclipse) hooked up.. just sits there idly
  waiting for a connection...
  Tried looking thru the default template for some kind of
  option to pass along but, its kind of messy :)
  Anyone able to hint me in the right direction on why I cant
  get the darn debugger working?

  Understand the SandboxType of flash player before getinto this issue.
  While inside the  bin-debug, your sandbox type is LocalTrusted. This will allow access to external system,
  When go go for the deployment it wont works, cos you sandbox type will be different (say Network with Local)
  http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_04.html
  The above URL will expain the security concept
  Nith

• Problem with Debug mode and SLD

  Using the config tool, we have turned the Debuggable flag to 'yes' and set the Debug mode to OFF.   Now from the studio, when I enable debugging for the process, the server0 stops successfully and restarts successfully. However, during the restart, the SLD service errors out and does not get started. It encounters the following exception. I can verify the error in std_server0.out
  With erred SLD service, when I try to deploy and run the webdynpro application from studio, the deploy fails with the same exception.
  We tried all kinds of restart (of the engine\server instance), debuggable and debug mode setting permutations, but not successfull.  (debug port is 50021)
  We are having remote debug server setup (not local).
  Does anybody have any suggestions???
  The exception we get is:
  Finished with warnings: development component 'CreateOrder'/'local'/'LOKAL'/'0.2007.11.26.14.33.54':Caught exception during application startup from SAP J2EE Engine's deploy service:java.rmi.RemoteException: Error occurred while starting application local/CreateOrder and wait. Reason: Clusterwide execption: server ID 3775750:<Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='com.sap.engine.services.deploy.container.DeploymentException: <Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='Implied start failed for dependency :local/CreateOrder -> service:sld', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Implied start failed for dependency :local/CreateOrder -> service:sld', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.engine.services.deploy.container.DeploymentException: <Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='Implied start failed for dependency :local/CreateOrder -> service:sld', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Implied start failed for dependency :local/CreateOrder -> service:sld (message ID: com.sap.sdm.serverext.servertype.inqmy.extern.EngineApplOnlineDeployerImpl.performAction(DeploymentActionTypes).REMEXC)

  Hi Michael,
  one way is to enhance the server go.bat with debug parameters. Under c:\usr\sap\<SID>\j2ee\<INSTANCE>\cluster\server\go.bat define the following params
  set DEBUG_PORT=5000
  set DEBUG_PARAMS=-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=
  and add both params to the java arguments (e.g. behind the -classpath): %DEBUG_PARAMS%%DEBUG_PORT%.
  Regards,
  Stefan

• IOError in IE but not in Firefox (possible crossdomain.xml problem)

  Yesterday, I hopefully debugged a problem that is occuring for our application in IE but not in Firefox.
  It has to do with accessing remote content from a separate domain.
  In every aspect it APPEARS to be a crossdomain.xml issue but the fact that this issue only arrises in IE is what has prompted me to post here.
  We have a solution in the works (bureaucratically speaking) but I want to double check here.
  Our application is on domain "a.domain".
  It access an xml file on "b.domain/xml/".
  And finally (this is the tricky part) it also accesses an xml file at "b.domain/forwardingPath/" which is actually forwarded to "c.domain/xml/".
  The crossdomain.xml is located at "b.domain/crossdomain.xml".
  The request for "b.domain/xml/anXMLFile.xml" works without any problem.
  The request for "b.domain/forwardingPath/anotherXMLFile.xml" succeeds in Firefox but not in IE (remember, the ACTUAL request is forwarded to "c.domain/xml/anotherXMLFile.xml").
  In IE I get an IOError.
  I believe we need an appropriate crossdomain.xml file also located at "c.domain/crossdomain.xml" and have put in that request.  What I want to confirm is whether this understanding is correct.  I am not a server-side person at all.  It's all elves and fairies to me.  And then finally, why the hell is this behavior inconsistent between IE and Firefox?  Is the Firefox version of flash player violating its own security standards?!
  I am cross-posting this at stack overflow.  http://stackoverflow.com/questions/7395931/ioerror-in-ie-but-not-in-firefox-possible-cross domain-xml-problem

  I've pinged our developers about this and here's what they have to say:
  "We did some work for the plugin around redirects andhence the correct behavior on Firefox.
  AFAIK, on IE we don't get notified of the redirect and can't participate in making security decisions during redirect scenarios. This behavior is out of our control.
  There is a workaround documented in the AS3docs here: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/LoaderCont ext.html#checkPolicyFile
  Here is the pertinent paragraph:
  Be careful with checkPolicyFile if you are downloading anobject from a URL that may use server-side HTTP redirects. Policy files arealways retrieved from the corresponding initial URL that you specify inURLRequest.url. If the final object comes from a different URL because of HTTPredirects, then the initially downloaded policy files might not be applicableto the object's final URL, which is the URL that matters in security decisions.If you find yourself in this situation, you can examine the value ofLoaderInfo.url after you have received a ProgressEvent.PROGRESS orEvent.COMPLETE event, which tells you the object's final URL. Then call theSecurity.loadPolicyFile() method with a policy file URL based on the object'sfinal URL. Then poll the value of LoaderInfo.childAllowsParent until it becomes true."
  Chris

• Crossdomain.xml just not working

  Hello,
  I am having problems moving my application from my Local
  Machine to a DEV/TEST server for testing. My app uses C# Web
  Services for data access and is a Flex front end.
  Here is the error I get (only on the DEV/TEST server):
  A Fault occured contacting the server.
  Fault Message is: HTTP request error
  Faul Code is: Server.Error.Request
  Fault Detail is: Error: [IOErrorEvent type="ioError"
  bubbles=false cancelable=false eventPhase=2 text="Error #2032:
  Stream Error. URL:
  http://DOMAIN/APPLICATION/WebService.asmx"
  URL: WebService.asmx
  The same exact configuration works on my local machine. I
  have a crossdomain.xml file in place that looks like this:
  <?xml version="1.0" ?>
  <!DOCTYPE cross-domain-policy (View Source for full
  doctype...)>
  - <cross-domain-policy>
  <site-control permitted-cross-domain-policies="all" />
  <allow-access-from domain="*" secure="fase" />
  <allow-http-request-headers-from domain="*" headers="*"
  secure="fase" />
  </cross-domain-policy>
  However, I wouldn't think that the crossdomain is actually
  necessary because the application exists on the same domain and
  directory as the webServices. But, I added one anyway because every
  google lookup seems to say that the HTTP Request Error -
  Server.Error.Request is a crossdomain.xml problem.
  I was kind of thinking it could be a permission error.
  However, I have the web page run as an 'application' and that
  application's user account has permissions to the root directory
  and all it's children files/directories (so it can read the
  crossdomain.xml) and also the application idenity has access to run
  all the selects.
  Unfortunately I'm running this on IIS6 on the DEV/TEST
  machine and IIS7 on my local machine. So, I'm unable to setup
  failed request tracing to see if I can find the problem there.
  Does anybody have any help they can share? I've spent the
  complete day trying everything I can think of to get it to work
  with no resolve.
  Any help would be greatly appreciated!
  Thanks!!
  -Mike

  Turns out that the problem was that the Application Pool
  Identity didn't have access to the SQL DBs to do CRUD. I guess you
  should never be too sure of things. -=o/

• How to set debug mode in jdeveloper for SOA Suite

  Hello,
  Is possible to use jdeveloper, soa suite and debug mode? I can debug my web application with oc4j embendded server. But when i want to deploy on oracle application server and debug, doesnt work.
  How can i fix that?
  I saw that tutorials for jdeveloper and weblogic server, but not for oracle server.

  see :
  http://weblogs.asp.net/gsusx/archive/2006/06/01/WS_2D00_Addressing-interoperability-between-Oracle-BPEL-Process-Manager-and-Microsoft-Windows-Communication-Foundation.aspx
  http://dlimiter.wordpress.com/2009/11/16/manipulating-ws-addressing-headers-in-oracle-bpel/
  on how to populate the ws-addressing elements yourself
  basically you need to add the ws-addressing xsd, create a new variable of it, populate the elements and add it to your partnerlink

• SWF Jitters on drupal site - crossdomain.xml

  I've been working on a mapping application for a client.  The swf I've created references a xml that provides names for mc's and listeners.  The xml also has info that populates text boxes when clicked on.
  I'd been hosting the working version of this swf on our website (drupal based) where I worked on changes and tested it.  It worked fine in this location and still is functioning well
  http://wildlands.org/node/683
  When I sent a copy for my clients to post on their website, we ran into a few problems.  First, there was a crossdomain issue and we had to create a crossdomain.xml and place it in their site's root.  Once we did this, the app worked but became jittery (a problem i cannot replicate on my site).  The client is using the same version of drupal and the same flashnode module.
  http://www.gallatinwrp.org/content/testflash
  Does anyone know where I could start to begin troubleshooting this?  It's strange that this does not occur on my site.  I also never had to create a crossdomain.xml and place it in our site's root.
  thanks in advance,
  j

  the easiest way to avoid cross-domain issues, is to use a local executable (like a php file) and have that executable load your cross-domain assets and pass them to your local swf.
  otherwise, you must correct your crossdomain.xml file.  to start, you need a cross-domain meta policy file that is in the host server's root directory.  if you don't have access to the root directory, you don't control that server and you are not allowed to place policy files on it.  (see above solution.)

• Server looses Debug mode after a restart

  Hello,
  At the NWDS there is an option to enable the Server debug mode. When I do that the server restarts and debug mode is on. The problem is that if I restart the server again it looses the debug mode and than I have to enable it again from the NWDS (Which, again, requires a restart). The same symptom is happen if I do the enable through the Config tool at the Debug tab.
  Any idea why this happen?
  Roy

  Hey Shubhadip,
  I think you misunderstood my problem: I did save it, otherwise how the debig mode will be on. The problem is that after ANOTHER restart (after the restart to enable the debug mode) it loses the debug mode again.
  Roy

• Problems Accessing Crossdomain.xml

  Ok, so ive been searching for a solution to my problem for 3 days now with no avail... hopefully someone here can help.
  Im building a website that i want to allow users to post jobs with or without an attached file...
  here is the site.... http://soengjobopp.dyndns.org/
  If you go to the POSTAJOB section at the bottom, fill in some test information, click attach to select a file from your machine, press and press submit you will see the error i get... ERROR 2049! (The file wont be attempted to upload until the form has valid data)
  I have a crossdomain policy on my root directory.....  http://soengjobopp.dyndns.org/crossdomain.xml
  Everything works fine when im testing it on my localhost, but when i try to upload from a machine elsewhere i get an error....
  Ive used Firebug(firefox plugin) to monitor the network when im at a client machine and it shows that the crossdomain.xml is trying to be downloaded from http://localhost/crossdomain.xml... i have no idea why... i allow administrators to download file from specific jobs and everything works fine... its just when i want to upload files i get an error... would anyone know why the site would try to get crossdomain.xml from its own local host and not from  http://soengjobopp.dyndns.org/crossdomain.xml ?
  Ive tried the "recompile with network monitor disabled" trick and i have the same problem.
  Ive also tried the Security.loadPolicyFile("http://soengjobopp.dyndns.org/crossdomain.xml ") and it still tries to get its policy file from localhost...
  If anyone could help it would be greatly apprecieated...
  Thanks!

  Hi Rich,
  I followed the steps in your video when our system was R/3 4.7 (WAS 6.20) and the test worked fine, i.e. accessing the crossdomain by typing http://server:port/crossdomain.xml.
  I followed the same steps with our new version (we're undergoing an upgrade) but I kept getting the error message:
  "BSP Exception: the BSP URL /crossdomain.xml Does Not Contain Any Application Entries".  Then I saw Ivan post suggesting implementing OSS Note 1260386.  I applied the Note but I got the same error message. 
  Then I ran function ICFBUFFER_INIT to make sure the buffer is cleared, cleared the cache in the browser and still got the same error message.
  Our system is ERP 6.0, NetWeaver 7.0, level 17 (BASIS Component is SAPKB70017).
  Please help.  Thank you.
  Achille.

• How to reload cached crossdomain.xml

  Hi, All
  When I request remote data from different server for the
  first time, flash automatically requests crossdomain.xml. For
  subsequent calls it does not load crossdomain.xml but uses cached
  permissions. This makes sence.
  Problem.
  Assume server was offline at time of the first call. Flash
  fails to load crossdomain.xml and blocks all subsequent calls. Even
  if server went online, no subsequent remote calls will succeed.
  I hoped to fine some API to reset permissions cache. But the
  only workaround I found is to reload .swf (acutally I remove OBJECT
  from DOM and reinsert it).
  Is there a better solution? Or this is Flash bug?
  Thanks,
  - Alex

  Found the answer adding loadData() before the sort.
  Order by <div onclick="dsGroups.loadData();"
  spry:sort="dsPupils @firstname”>First Name</div>
  < div onclick="dsGroups.loadData();" spry:sort="dsPupils
  @lastname">Last Name</div>

• Will I need a crossdomain.xml file?

  I have been working on my first Flex application and it
  builds several menu structures based on data received from external
  XML files. Everything works fine when running the project within
  Flex Builder but when I move the build directory (/bin) to another
  location it does not load my menus. I have since found out this is
  because of the security setting the projects build directory gets
  and to get my files to work elsewhere I will need a crossdomain.xml
  file.
  After researching how crossdomain.xml files work I'm
  wondering if in my case I should even need one because the files my
  SWF are loading will already be placed on the local machine - not a
  server. Still, the application is not working so I have tried a
  crossdomain.xml anyways using the following code:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="192.168.*" secure="false"/>
  </cross-domain-policy>
  The file seems to have no effect (althought the "192.168.*"
  string I used may not be what I want) and I'm looking for other
  options. Also, I was originally getting my XML from an HTTPRequest
  but am now using a URLRequest() which then converts the content to
  XML which I find cleaner in the code.
  Any ideas keeping in mind this application will have all its
  content loaded from CD onto the users local drive?

  This is always a little confusing. Here's how it works. The
  Flash Player is aware of which domain is referenced when the first
  SWF is loaded. The "domain" could be www.adobe.com or
  labs.adobe.com or 192.168.0.100. The Flash Player thinks of this as
  its home domain. Any reference to any other domain is a security
  concern. Even if that happens to be "localhost".
  Things work from Flex Builder because Flex Builder registers
  its directories with the Flash Player and makes everything have the
  security level of "local-trusted". This means your Flex app can
  load files from anywhere - the local file system (via HTTPService
  for example, not a direct read of the file) or from the network.
  When you move your SWF to another place, such as a web
  server, that server's domain becomes the home, trusted domain for
  the Flash Player when it loads a SWF from there. If your data file
  is in the same domain as the SWF (eg, in the same directory or a
  sub-directory), then the Flash Player won't have a problem loading
  it.
  HTTPService url="mydata/myfile.xml" or
  url="/flex/mydata/myfile.xml" work because they are relative paths
  to where the SWF is located and thus, in the same domain. However,
  if you do: url="
  http://localhost/mydata/myfile.xml"
  and the SWF is now coming from a web server in a different domain
  (foreign domain), then its a security problem.
  In order for the Flash Player to be allowed to load data from
  outside the home domain, there must be something that authorizes
  it. That's the crossdomain.xml file. When the Flash Player sees
  that you are going to load a file from a different domain, it asks
  that domain for its crossdomain.xml file. The Player then looks to
  see if its home domain is among those allowed to access files. If
  not, security error. If the home domain is present, then the file
  is requested.
  The crossdomain.xml file should list the home domain of the
  SWF, not your machine's domain or IP address. For example, suppose
  the SWF is now on adobe.com and is launched like this:
  http://www.adobe.com/flex/YourApp.html.
  The Flash Player will assume that www.adobe.com is its home domain.
  Even if you are in the abcxyz.com domain.
  Now your Flex app wants to load
  http://localhost/mydata/myfile.xml.
  The Player will ask for
  http://localhost/crossdomain.xml
  and look to see if www.adobe.com is allowed access.
  To recap:
  The domain of the first SWF loaded
  into the Player is the home domain.
  Any access to data outside of the
  home domain requires a crossdomain.xml file.
  The crossdomain.xml file should be at
  the context root of the domain (eg,
  http://www.adobe.com/crossdomain.xml
  or
  http://localhost/crossdomain.xml).
  The home domain must be granted access to load any resources from
  the foreign domain.
  If you are using Flex Data Services and you have
  useProxy="true" on your data service request, then some different
  security rules apply. Let us know if that's the case.

• #2170 error calling a webservice from Xcelsius having crossdomain.xml

  Hello together,
  we are facing a #2170 error indicating we don't have a proper policy file in place when executing a published Xcelsius flash in SAP BI application portal.
  We created a WebService that is running an SAP BI System 7.01. The WebService is function module based and was generated following the wizzard. Afterwards we created a Xcelsius app that consumes data from this WebService (via data connection). The resulting flash from Xcelsius was pulished to SAP BI System (portal).
  Since there are many entries in the SDN and the internet in general we finally also created an crossdomain.xml file on the BI system which can be accessed and is visible by using "https://<server>/crossdomain.xml".
  Now the confusion begins: We exported the flash from Xcelsius to local desktop and executed the corresponding HTML-file. It's working and I can receive/see WebService data (after adjusting flash-security-settings). If we upload both exported files (html and swf) to the BI system (as MIME objects) and execute the html again we are also receiving WebServervice data. So far so good. But if we execute the link from the SAP BI Portal (Xcelsius menu > SAP > Start) we still get the error #2170 indicating we don't have a proper domain policy file in place. But for my understanding we do have. So currently I would assume the error message is somehow misleading.
  During all the activities I found out that this error is also raised if the user has insufficient authorization. My user has SAP_ALL authorization for testing purpose.
  In general I would say we are not that wrong with our Xcelsius/WebService if we are not coming from BI portal. So my questions are:
  1.) Are there any authorization on portal side that might not fit and lead to this error? If insufficient authorizations produces such an error ...
  2.) Did we miss any other stuff during our try/fail-operations?
  Many thanks in advance for your hints.
  Steffen

  Hi Rajat,
  This is how the default trace looks
  FATAL: Application Servlet failed to notify devices.
  Caught java.rmi.RemoteException: Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1289)
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1298)
       at com.om.ApplicationServlet$NotifyDevices.run(ApplicationServlet.java:86)
  Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:980)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1430)
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1282)
       ... 2 more
  java.lang.NoSuchMethodError
  at java.lang.Thread.destroy(Thread.java:779)
       at com.omApplicationServlet$NotifyDevices.run(ApplicationServlet.java:92)
  Rgds
  Shashank