SandBox Violation while invoking remoteObject on different war

Hi,
I have two wars in my application say abc.war and xyz.war
My abc.war contains the swf file and I am trying to invoke a method in xyz.war using RemoteObject.
And while doing so I get Security sandbox violation.
The context and domain of both are different.
I tried putting the crossdomain.xml in xyz.war but no luck
Please advise?

Yes, I had put in on creationComplete.
Seems like Security.loadPolicyFile is not work.
I tried putting it in the root like you said and it worked..
Thanks a lot.

Similar Messages

RequestTimeoutException error while invoking a BPEL process using RMI

Hi,
I am getting RequestTimeoutException error while invoking a BPEL process using this code:
Locator locator = LocatorFactory.createLocator(jndiProps);
String compositeDN = "default/"+processName+"!1.0";
Composite composite = locator.lookupComposite(compositeDN);
String serviceName = "client";
Service deliveryService = composite.getService(serviceName);
NormalizedMessage nm = new NormalizedMessageImpl();
nm.getPayload().put("payload", requestXml);
NormalizedMessage res = deliveryService.request("process", nm);
responseMap = res.getPayload();
The error stack trace is
weblogic.rmi.extensions.RequestTimeoutException: RJVM response from 'weblogic.rjvm.RJVMImpl@604f2d14 - id: '-361032376059206
2776S:10.67.232.164:[8001,-1,-1,-1,-1,-1,-1]:emaar_domain:soa_server1' connect time: 'Mon Jan 18 11:34:41 GST 2010'' for 'executeServiceMethod
(Loracle.soa.management.CompositeDN;Ljava.lang.String;Ljava.lang.String;[Ljava.lang.Object;) 'timed out after: 60000ms.
oracle.fabric.common.FabricInvocationException: weblogic.rmi.extensions.RequestTimeoutException: RJVM response from 'weblogic.rjvm.RJVMImpl@60
4f2d14 - id: '-3610323760592062776S:10.67.232.164:[8001,-1,-1,-1,-1,-1,-1]:emaar_domain:soa_server1' connect time: 'Mon Jan 18 11:34:41 GST 20
10'' for 'executeServiceMethod(Loracle.soa.management.CompositeDN;Ljava.lang.String;Ljava.lang.String;[Ljava.lang.Object;) 'timed out after: 6
0000ms.
        at oracle.soa.management.internal.facade.ServiceImpl.request(ServiceImpl.java:135)
        at com.gss.common.bo.BpelUtil.invokeBPELProcess(BpelUtil.java:81)
To add to it the BPEL process is executing successfuly and RMI call timeout is happening.
Can I know how to increase the related timeout value?

Have got the same problem. Scenario at my end is little different though.
I am trying to invoke a BPEL process from an ESB Service.
I am trying to look into it..
However, would be grateful, if someone can give some insight into this since many are running into this issue without being able to fix.
Ashish.

Invalid connection cache name error while invoking a bpel process

while invoking a service via DB adapter ,it gives invalid connection cache name orabpel 00000 error. the JCA connection is set properly and its reffered via jndi name in code. i tested the connection in EM and its working fine.
Few transactions have passed and thereafter i'm getting this error.
is there any parameter that needs to be set. Someone can help here!!

Have got the same problem. Scenario at my end is little different though.
I am trying to invoke a BPEL process from an ESB Service.
I am trying to look into it..
However, would be grateful, if someone can give some insight into this since many are running into this issue without being able to fix.
Ashish.

Error #2048: Security sandbox violation

I've been developing Flex apps for a couple of years now and feel comfortable with my development environment.
I'm testing out Gumbo in my same environment (new workspace): WAMP based
My test app works fine on my localhost set up... but when I upload the files to my hosted domain server... I get Error #2048: Security sandbox violation.
Specifically:
- I'm invoking an HTTPService by setting the url to a relative path (folder/file in same dir as the swf)
- I set method to POST and useProxy to false
(<fx:Declarations>
        <s:HTTPService id="contentService" url="data/verd_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
    </fx:Declarations>)
- I wrapped the send call in a try / catch block and show an Alert with the error message in the catch... here's what it says
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "F4B9A542-8B00-5CDB-3C36-1316919FC255"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#1
    DSStatusCode = 0
messageId = "E629F555-EF8B-E535-7CE4-13169662A82A"
rootCause = (flash.events::SecurityErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = (null)
      dataFormat = "text"
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2048: Security sandbox violation: http://****.com/Main.swf cannot load data from http://localhost:***/data/verd_content.xml?hostport=***t.com&https=N&id=F4B9A542-8B00-5CDB -3C36-1316919FC255."
    type = "securityError"
timestamp = 0
timeToLive = 0
*NOTE: I obfuscated parts of the url for security reasons
I read the other similar posts here about problems like this when using the PHP / Zend set up... but I checked the .actionScriptProperties file and it does not have any URLs in there (like localhost:port#)
I'm not using a service-config.xml file in this project... but I have set up WebORB for PHP servers and use that all the time... so I know how that works...
Is this a bug or am I missing something new in the Gumbo ?
Again: my swf file is in a folder in the webroot on my ISP
also inside that folder is another folder with an XML file in it
I'm setting an HTTPService call using the url parameter on a POST with a relative file path (folder/filename.xml)
changing the url to an absolute makes no difference...
thanks in advance for any help

Sure...
here's the code that contains both the HTTPService setup and the URLLoader setup... like i said in the original post.. the HTTPService call throws the error described, whereas the URLLoader call does not:
private var loader : URLLoader = new URLLoader();
private var req : URLRequest = new URLRequest("data/***dant_content.xml");//path obfuscated
protected function Application_creationComplete():void
    // This works...
    loader.addEventListener( Event.COMPLETE, parseContent );
    loader.addEventListener( IOErrorEvent.IO_ERROR, contentFault );
    // This does not...
    /* contentService.addEventListener( ResultEvent.RESULT, parseContent );
        contentService.addEventListener(FaultEvent.FAULT, contentFault ); */
    try
        loader.load( req );
    catch (err:Error)
        Alert.show("In Try Catch Error Block: " + err.message);
        currentState='home';
the HTTPService was set up like this: (again, i obfuscate the URLs for security)
    <fx:Declarations>
        <s:HTTPService id="contentService" url="data/***dant_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
    </fx:Declarations>
the parseContent function setup in the event listener justs reads the XML file and uses that data to build an image gallery.
hope this helps (for what its worth: I'm not doing anything serious with Gumbo as of yet due to these kinds of bugs)

Flex 4 + AIR 2 + mx:Image = Security Sandbox Violation!

Hi there!
I've been using Flex 4 and AIR 2 for some time now and there's a bug (or is it really one) that I always get and can't understand...
Whenever I use a <mx:Image> to load an image (JPG) on a remote server that has a valid crossdomain.xml I get some annoying warnings. Of course, these only are warnings and everything runs fine (except that) but it's a pain to debug an app that has lots of logs like that:
*** Security Sandbox Violation ***
SecurityDomain 'http://static-p3.fotolia.com/jpg/00/07/56/92/110_F_7569245_9hdeWKxUxFRNYuowdSDBNv0YFN9xTJ9 S.jpg' tried to access incompatible context 'app:/Main.swf'
I've googled it and found lots of others folks/threads about this, but none of them provide a valid solution... Seems like it's specific to AIR because some answers/solutions I found work in a basic SWF, but fail in an AIR app.
Is that a bug in Flex?
Am I wrong about the crossdomain.xml?
How could a JPG raise a Security Sandbox Violation?
Tips or tricks, anyone?

AIR has different security rules because it doesn't really have a "domain"
to compare against crossdomain.xml. The warnings are annoying and
misleading and usually indicate that some code is trying to access the
bitmap inside a try/catch block. Usually you can ignore any warning that
doesn't stop execution.

*** Security Sandbox Violation *** problem

Dear All,
I having the Security problem
My Scinarion
I have an Exe (With SWISH Studio) / Swf file which is on Local Machine calles a swf file which on Server and that Swf file call a XML file which is on a Same Server
While Compiling the SWF file gives the following error message of
*** Security Sandbox Violation ***
SecurityDomain 'http://www.mydomain.com/folder/swfname.swf?mathrand=Wed Apr 8 19:39:27 GMT+0530 2009' tried to access incompatible context 'file:///D|/folder/swfname.swf'
I have already tried for
System.security.allowDomain("*"); and crossdomain.xml
But it dosen't worked for me
I will appriciate if any one can give me a ray of hope to solve this problem
Please give me some solution
Regards
Raj

Dear Kglad,
Thanks for your instant reply as I have already mention I have tried with crossdomain.xml
If you want to check the crossdomain and the fla files then I will mail u the details please provide me the email address
Once again thanks
Regards
Raj

Rollback fault thrown while invoking a Proxy Service

Hi,
I am getting strange problem while invoking a proxy service.
the operation on the service takes a list of customer numbers in the input.
When the number of customer numbers is 10-20 it works fine but when I increase the customer numbers in the list to 200 it starts failing with the below error.
*<<BaseCubeSessionBean::logError > Error while invoking bean "cube delivery": Rollback fault thrown.
The current JTA transaction is aborting due to an user rollback fault being thrown from the BPEL code.
This exception was caused by a bpelx:rollback fault being thrown. The user had directed the BPEL engine to roll back the current JTA transaction.
There is no action recommended.
ORABPEL-02180
Rollback fault thrown.
The current JTA transaction is aborting due to an user rollback fault being thrown from the BPEL code.
This exception was caused by a bpelx:rollback fault being thrown. The user had directed the BPEL engine to roll back the current JTA transaction.
There is no action recommended.*
The cause for this error is as below
javax.ejb.EJBException: Transaction Rolledback.: weblogic.transaction.internal.TimedOutException: Transaction timed out after 302 seconds
I am clueless why the service is behaving different in both the cases.
the endpoint of the webservice is the same in both the case and below is the sample request which I am sending.
<v001:CustomerRequest>
<v0011:CustomerNumberList>
<v0011:CustomerNumber>12802582</v0011:CustomerNumber>
<v0011:CustomerNumber>612391615</v0011:CustomerNumber>
<v0011:CustomerNumber>189322879</v0011:CustomerNumber>
<v0011:CustomerNumber>251524232</v0011:CustomerNumber>
<v0011:CustomerNumber>208522415</v0011:CustomerNumber>
<v0011:CustomerNumber>812603453</v0011:CustomerNumber>
<v0011:CustomerNumber>12068921</v0011:CustomerNumber>
<v0011:CustomerNumber>252053284</v0011:CustomerNumber>
<v0011:CustomerNumber>191672097</v0011:CustomerNumber>
<v0011:CustomerNumber>248131656</v0011:CustomerNumber>
<v0011:CustomerNumber>8513869</v0011:CustomerNumber>
</v0011:CustomerNumberList>

<v001:SynchToA>false</v001:SynchToA>

<v001:SynchToB>false</v001:SynchToB>

<v001:SynchToC>false</v001:SynchToC>

<v001:SynchToR>true</v001:SynchToR>
</v001:CustomerRequest>
Can anybody provide any pointers please... :|

Hi-
Can you try by increasing your JTA time out parameter, it seems to be a time out exception not sure if this could fix the issue. Anyways give a try and let us know the result.
To increase the JTA parameter login to console --> Home --> Click on Domain under Domain Configuration -- > JTA and set the parameter Timeout Seconds to 1000 and then give a try.
Let us know the result

Error 2142 - security sandbox violation

Hi,
I have a problem when I try to compile my player, I get the following error:
SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property. file:///C|/development/Flash/Pathe%20ads/New%20cmpt%20sample%20code/AS3ComponentDemoCode% 5Fv2.1/DemoPlayer3Component.swf was attempting to load http://objects.tremormedia.com/embed/swf/acudeo.swf?rand=949275459.
What's odd is that:
1. I have used Security.allowDomain("http://objects.tremormedia.com/"); in the source code
2. This was working fine the day before last!
I have tried adding a crossdomain.xml file in the folder where I build the player, still no joy.
Can anyone help me with this? I tried throughout yesterday to fix it to no avail. I've even tried installing and building the player on a different machine to double check there wasn't something wrong on my PC.
Any help would be great - I'm tearing my hair out!

Hi,
If you're still having issues, feel free to reach out to us directly. [email protected] or me personally at [email protected]
Thanks,
Andrew Baisley
Sr Solutions Engineer
Tremor Media

Flex == Socklet Policy == Security sandbox violation ?!?!?!?!

Please help me with this problem. I'v had this problem for
over a month
I'm trying to connect to my C# server through my Flex client.
Flex client in running on IIS (c:/inetpub/wwwroot)
the policy file in on the root folder of IIS
<?xml
version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" secure="false"
/>
</cross-domain-policy>
1: I tried to use the loadPolicy method before i connect
through sockets
Security.loadPolicyFile("h ttp://localhost/crossdomain.xml");
(space does not exist in real code)
2: flex sends this message to server side while connecting
("<policy-file-request/>") so as soon as i get this message
on server side i read the policy text from crossdomain.xml and i
send ti back to the client.
eventhough i get a security error the client is still able to
connect to the server and send messages but it cannot receive any
message
I get the following security error:
[SecurityErrorEvent
type="securityError" bubbles=false cancelable=false eventPhase=2
text="Error #2048: Security sandbox violation:
file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
load data from 10.0.0.3:8000."]Error #2048: Security sandbox
violation:
file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
load data from 10.0.0.3:8000.
y am i still getting this error???????????
some people suggested to read the log files: but i followed
all adobe tutorials to turn os loggin, but couldn't get it to work.
mm.cfg does not exist, log folder for flash player does not exist,
log.txt for flash player does not exists.

Hi,
In the move from Flash Player 9 to 10, Adobe increased the security constraints on sockets. If you are using sockets to connect to an "un-trusted" server, then you will still need a Cross-Domain Policy file, however that policy file must also be served up through sockets (not through HTTP).
You will need to run a socket server on the server you are connecting to in order to serve up the appropriate XML document through port 843 (by default). This socket server can be implemented in any number of ways, but I use a Java socket server that Thomas over at LessRain has posted on their blog. You can find it here: http://www.blog.lessrain.com/as3-java-socket-connections-to-ports-below-1024/
Good luck,
Taylor
4Point Solutions Ltd.
http://blogs.4point.com/taylor.bastien/

Security Sandbox Violation when calling a remote service from a worker

From my application, I make calls to a BlazeDS server, that works fine.
I added a worker that calls the same services on the same server. But then, only for the calls from the worker, I have a Security Sandbox Violation error. I launch the application from FB in debug mode.
This is the message :
Error: [strict] Ignoring policy file at http://xxxxxxxxxxxx/crossdomain.xml due to incorrect syntax. See http://www.adobe.com/go/strict_policy_files to fix this problem.
*** Security Sandbox Violation ***
Connection to http://xxxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling halted - not permitted from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf
Error: Request for resource at http://xxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling by requestor from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf is denied due to lack of policy file permissions.
What should I do to allow the worker to make remote calls ?

I made some progress on this. There are two different cases :
1) The service you want to access has a crossdomain.xml file
All the workers can access the service without a problem.
2) The service you want to access doesn't have a crossdomain.xml file
Whether you launch from FB in debug mode or you put your application on the same server you are trying to access, only the primordial worker will access the service, the other workers will encounter a security error.
I believe this is a bug. Shouldn't a worker have the same access privileges as the primordial worker ?

Security Sandbox violation bitmapData.draw() cant access null

very strange. I am testing with two different HD streams. One an akamai stream and another one of our clients not on akamai and using an F4M manifest file. I have tried allowing the domain and they have a crossdomain.xml file on their side but i still get this error.
SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: http://web.mobilerider.com/flash/osmflive/OSMF_Live.swf?mediaID=190&vendorID=513&extras=vs :1,skin:osmf_live,muteOn:0,autoplay:1,live:1,showArchive:1,&serviceID=2&jsID=1316213568052 cannot access null. No policy files granted access.
any help would be very appreciated, thanks

Hello!
This seems to be relevant:
http://forums.adobe.com/message/3759490#3759490

BitmapData.draw() SecurityError: Security sandbox violation

i am loading and playing a local video file with appendBytes() and when i call a bitmapData.draw() function
below exception comes up.
SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
cannot access null. No policy files granted access.
what should i do???....

Sir i already mention in my last message i test it with both relative and absolute.
Yes i khow relative paths works fine when i do some thing like this
<mx:VideoDisplay x="0" y="0" width="516" height="379" source="../user_data/uploads/cd73502828457d15655bbd7a63fb0bc8/v/1345023450-Action_.flv"/>
bitmap.draw works fine in above case but my scenario is different i am loading a complete video as bytearray before playing and play video from that bytes
private function fileLoaderComplete(event:Event):void
     //Pass the loaded bytes to player
       player.AddVideo(urlLoader.data);
//This is Add video Function in Player.mxml
public function AddVideo(VideobyteArray:ByteArray):void
                if(ns == null)
                    var nc:NetConnection = new NetConnection();
                    nc.connect(null);
                    ns = new NetStream(nc);
                   // ns.checkPolicyFile = true;
                    ns.soundTransform = new SoundTransform(0.0);
                    ns.client = this;
                    ns.addEventListener(NetStatusEvent.NET_STATUS, nsStatus);
                videoData = VideobyteArray;
                GetTags(videoData);
                ns.play(null);
                ns.appendBytesAction(NetStreamAppendBytesAction.RESET_BEGIN);
                ns.appendBytes(VideobyteArray);
                video.attachNetStream(ns);
                playBar.TogglePlay(true);
i think its a bug in flash sdk 4.6 (Flash Player 11)
bitmap.draw function somehow conflicts with the appendBytesAction or appendBytes
this question is posted on ActionScript 3.0 forum before
http://forums.adobe.com/message/4650890#4650890
http://flash.bigresource.com/flash-use-BitmapData-draw-with-NetStream-appendBytes--iTNz6LV JM.html
http://stackoverflow.com/questions/5607047/how-can-i-use-bitmapdata-draw-with-netstream-ap pendbytes

SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: cannot access

When we try to print the Google Map API for Flash component, it is throwing the Security Sandbox Violation
SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1 cannot access http://mt1.google.com/vt/lyrs=m@171000000&hl=en&src=api&x=1&y=1&z=1&s=Gali&flc=x3t. No policy files granted access.
at flash.display::BitmapData/draw()
To avoid this error we tried to use the alternate API provided by library. But that also causing cross domain issue as it loading some 3d library internally which is not able to access our application.
SecurityError: Error #2121: Security sandbox violation: BitmapData.draw: http://maps.googleapis.com/mapfiles/lib/map_1_20_10_3d.swf cannot access http://ps6143.persistent.co.in:8080/dv/SiteOptimizer/SiteOptimizer.swf/%5b%5bDYNAMIC%5d%5d /1http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1. This may be worked around by calling Security.allowDomain.
at flash.display::BitmapData/draw()
Please help us in resolving this issue.
Thanks & Regrds,
Ravi Darji

There is no redirect... Charles is a web proxy so it will look completely legitimate to the browser.
According to the help, it's getting the access request from the SWF itself and not the crossdomain.xml file:
In the case of a source object other than a loaded bitmap, the source object and (in the case of a Sprite or MovieClip object) all of its child objects must come from the same domain as the object calling the draw() method, or they must be in a SWF file that is accessible to the caller by having called the Security.allowDomain()method.
http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9 b90204-7d1b.html#WS5b3ccc516d4fbf351e63e3d118a9b90204-7c4a
So the default state accessing a SWF on a different domain is protected, unless that SWF allows some or all domains to access it via the Security.allowDomain() method.

Air app, Rest service, Security sandbox violation

Hi All,
I wrote an app a couple of years ago using flex 3 that connects to a number of remote web services and does various things.
This worked fine.
Now I have been asked by the customer to update the app as it stopped working at some point.
I am trying to use the resthttpservice library to do a PUT operation, but I am getting the following error when I try and create a socket to the remote server:
Error #2048: Security sandbox violation: app:/main.swf cannot load data from http://my.host:8182
Now, it's been a while since I've done anything with flex so I am rusty. But this error is usually fixed by having a crossdomains.xml file on the remote server. But it was my understanding that this was only required when one's app was running from within the browser and that desktop applications are not effected.
Can anyone clarify this for me? It seems that there were changes made to the flash player in version 10 that might have changed this.
I am very puzzled at this point!
thanks for any help!

These articles discuss security changes between FP 9 and 10:
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html
What is impacted?
This change can potentially affect any SWF file accessing cross-domain content. This change affects SWF files of all versions played in Flash Player 10 and later. This change affects all non-app content in Adobe AIR (however, AIR app content itself is unaffected).
What do I need to do?
Read the article: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html

Tween and sandbox violation

hi,
my problem is as follows:
i have one swf file - player.swf located under one domain - www.mediandb.com (it contains a flvPlayback component)
i have another swf file - BSSmartBar.swf - located under other domain - file.mediandb.com
the first line of code in the player.swf is 'System.security.allowDomain("files.mediandb.com");'
the first line of code in the BSSmartBar.swf is 'System.security.allowDomain("www.mediandb.com");'
the html containing the player.swf has the line 'allowScriptAccess=always'
player.swf loads BSSmartBar.swf.
everything works fine, until...
until a tween inside the BSSmartBar takes place. at that point i get a Security Sandbox Violation warning message in the flash tracer window saying
SecurityDomain 'http://files.mediandb.com/SmartBar/BSSmartBar.swf' tried to access incompatible context 'http://www.mediandb.com/demos/beautifulstranger/player.html'
the weird thing is when i used adobe's built-in tween class, i got this warning right when the BSSmartbar loaded. it took me a while to find out that only declaring a Tween type var caused it (without having any tween aciton at all), so i tried switching to a custom tween class (i'm now using the GreenSock's TweenLite class) - and as i mentioned i get this warning when the tween takes place.
the thing is when i test it, besides that warning all works well, however apparently it causes some problems for my client.
any idea anybody?
thanks in advance,
eRez

Yes, I had put in on creationComplete.
Seems like Security.loadPolicyFile is not work.
I tried putting it in the root like you said and it worked..
Thanks a lot.

SandBox Violation while invoking remoteObject on different war

Similar Messages

Maybe you are looking for