Setting security policy

Similar Messages

• How to set security policy programatically

  I have a RMI application with front end as JSP. When I try to run the application, it can't connect to RMI server because I am not setting the security policy to the file that I want to set it to. So I tried programmatically using System.setproperty but it was unsuccessful.
  Please let me know how can I do it.
  Regards
  Nikhil

  Just a thought here. If you could set the security policy for a JVM programmatically, then you would be defeating the main purpose of "separating the application from the security system".

• "Security policy error" while setting up "Microsoft Exchange Hosted Services" Exchange Account (corporate user)

  I'm a corporate user with a very large company that is using Microsoft Hosted Exchange services actually hosted by Microsoft employees at their facilities.  I called Palm support and they were clueless and zero help.  The lady pointed me to some Palm KB article that I had already read and only remotely had anything to do with my problem.  I see nothing on this error message in the forums and google searches. Sprint has even replaced my palm pre due to other reasons and the same error occurs after I configure the exchange account. I'm also seeing the error when I configure my account on my wifes brand new pixi. Both our pre and pixi already have exchange accounts successfully configured on our phones that are hosted by sherweb. The sherweb exchange accounts work without issue. I have tried configuring this microsoft hosted exchange account 5-6 times with the same result. It accepts my configuration information and adds it to the list of available email accounts in the pre. However, it keeps popping up this message stating "Security policy error: "Exchange... Tap for details" (with a yellow exclamation mark). Then it says "Security Policy Error" The account Exchange (first part of my email address) is disabled because security policies cannot be set." "Leave it disabled" or "Remove Account". I know something is working because it enforced a Password or Pin policy on to my phone which is not required unless this account has been added. I can also see it in the "Mobile Devices" section of web outlook when I login. This is the place in web outlook where you can see the last time the device synced, where you can remote wipe the phone etc. If anyone has any idea how to resolve my issue please post. Any ideas? I'm fresh out of ideas on this problem and very frustrated with Palm Developers. Just another example of poor development and testing practices by Palm. I hope they correct this issue on subsequent releases but I am only marginally optimistic that they will ever get this exchange mail support to the level necessary to support large corporations. What I do know is that my Microsoft Hosted Exchange account works fine on a Windows Mobile phone and a iPhone 3GS (confirmed by other coworks who have configured their phones using our exchange services). As a result, I have no choice but to blame Palm for this problem instead of Microsoft. Palm please fully support microsoft exchange mail users!!!!
  Post relates to: Pre p100eww (Sprint)
  This question was solved.
  View Solution.

  From my understanding of EAS and PDA devices, if the server as a policy to enforce and the device cannot provide that policy then the server will not allow the device to connect. The KB I gave you has a listing of what policies the devices supports, if your server supports more than that then it could deny the connection. As for what the iPhone does and does not do we cannot answer that due to we are not iPhone.
  I did find an article that may explain a little better for PDA and exchange: http://www.infoworld.com/d/mobilize/how-avoid-smartphone-exchange-policy-lie-004

• Jini security policy setting

  hi,
  I am getting this exception in jini . Please give me solution. what steps is required to solve this problem. how to set ExecOptionPermission is existing policy.
  rmid: (WARNING) restart service throws:
  java.security.AccessControlException: access denied (com.sun.rmi.rmid.ExecOptionPermission -Djava.security.policy=c:\policy)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkPermission(Activation.java:1857)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkExecCommand(Activation.java:1747)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at sun.rmi.server.Activation.checkArgs(Activation.java:1369)
  at sun.rmi.server.Activation.access$400(Activation.java:118)
  at sun.rmi.server.Activation$GroupEntry.getInstantiator(Activation.java:1166)
  at sun.rmi.server.Activation$GroupEntry.activate(Activation.java:1090)
  at sun.rmi.server.Activation$GroupEntry.restartServices(Activation.java:800)
  at sun.rmi.server.Activation.init(Activation.java:251)
  at sun.rmi.server.Activation.startActivation(Activation.java:202)
  at sun.rmi.server.Activation.main(Activation.java:2040)
  rmid: (WARNING) restart service throws:
  java.security.AccessControlException: access denied (com.sun.rmi.rmid.ExecOptionPermission -Djava.security.policy=c:\policy)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkPermission(Activation.java:1857)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkExecCommand(Activation.java:1747)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at sun.rmi.server.Activation.checkArgs(Activation.java:1369)
  at sun.rmi.server.Activation.access$400(Activation.java:118)
  at sun.rmi.server.Activation$GroupEntry.getInstantiator(Activation.java:1166)
  at sun.rmi.server.Activation$GroupEntry.activate(Activation.java:1090)
  at sun.rmi.server.Activation$GroupEntry.restartServices(Activation.java:800)
  at sun.rmi.server.Activation.init(Activation.java:251)
  at sun.rmi.server.Activation.startActivation(Activation.java:202)
  at sun.rmi.server.Activation.main(Activation.java:2040)
  rmid: (WARNING) restart service throws:
  java.security.AccessControlException: access denied (com.sun.rmi.rmid.ExecOptionPermission -Djava.security.policy=c:\policy.all)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkPermission(Activation.java:1857)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkExecCommand(Activation.java:1747)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at sun.rmi.server.Activation.checkArgs(Activation.java:1369)
  at sun.rmi.server.Activation.access$400(Activation.java:118)
  at sun.rmi.server.Activation$GroupEntry.getInstantiator(Activation.java:1166)
  at sun.rmi.server.Activation$GroupEntry.activate(Activation.java:1090)
  at sun.rmi.server.Activation$GroupEntry.restartServices(Activation.java:800)
  at sun.rmi.server.Activation.init(Activation.java:251)
  at sun.rmi.server.Activation.startActivation(Activation.java:202)
  at sun.rmi.server.Activation.main(Activation.java:2040)
  rmid: (WARNING) restart service throws:
  java.security.AccessControlException: access denied (com.sun.rmi.rmid.ExecOptionPermission -Djava.security.policy=c:\policy.all)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkPermission(Activation.java:1857)
  at sun.rmi.server.Activation$DefaultExecPolicy.checkExecCommand(Activation.java:1747)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at sun.rmi.server.Activation.checkArgs(Activation.java:1369)
  at sun.rmi.server.Activation.access$400(Activation.java:118)
  at sun.rmi.server.Activation$GroupEntry.getInstantiator(Activation.java:1166)
  at sun.rmi.server.Activation$GroupEntry.activate(Activation.java:1090)
  at sun.rmi.server.Activation$GroupEntry.restartServices(Activation.java:800)
  at sun.rmi.server.Activation.init(Activation.java:251)
  at sun.rmi.server.Activation.startActivation(Activation.java:202)
  at sun.rmi.server.Activation.main(Activation.java:2040)

  that looks suspicious, should be like
  file://E/abc/policy
  or somehting like that but no : after file
  policy.url.3=file:/E:/abc/policy.for testing purpose, just put the policy file in a convenient place, one you know how to get to, eg the root,
  file=/policy
  not familiar with appletviewer, but the switch for the policy file is usually something like,
  -Djava.security.policy=/policy

• User gets locked in lesser attempts than security policy setting

  Hi
  I have written my customized login code to login a user to the
  portal and I user the following code:
  IUser myUser = UMFactory.getUserFactory().getUserByLogonAlias(username, null);
  IUserAccountFactory accountFactory = UMFactory.getUserAccountFactory();
  IUserAccount account = accountFactory.getUserAccountByLogonId(myUser.getUniqueName());
  ILogonAuthentication ILA = UMFactory.getLogonAuthenticator();
  req.setAttribute(JUSER,myUser.getUniqueName());
  req.setAttribute(JPASSWORD,password);
  ILA.logon(req,res,AUTHSCHDEFAULT);     
  I notice that whenever I try to logon using my code with a
  wrong password, the user gets locked in 3 attemps even though the security policy
  (at ABAP and in Portal UME Configuration) setting for number of failed attempts is set to 5.
  (Although, please note that my code works fine logging the
  user into the portal when he enters the correct password)
  I try to check if the same thing happens with the standard logon module - com.sap.portals.runtime.logon,
  and notice that it locks correctly after 5 attempts.
  Would I have to add anything else in my code to make it work
  correctly?
  Thanks
  oj

  Hi All
  I tried to check in the CUA table the incorrect logon attempts value, and noticed that for every time I login (using my above code) with the wrong password, it increments the count by 2!! And that's the reason it gets locked out by the third time.
  What am I doing wrong?
  Thanks
  OJ

• Allow anonymous SID/Name translation - Setting via registry instead of the Local Security Policy (or GPO)

  I have a Windows 2008 R2 server and I am building a script to set a bunch of security settings via the registry.
  I am stuck on one.
  I am trying to set: Network Access - Allow anonymous SID/Name translation to 'Disabled' via the registry, I know this can be done through the local security policy or via a GPO but that is not what I am interested in. I want to do it making
  changes to the registry.
  I found some people saying this can be done at:
  HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
  However, when I browse to the registry this TurnOffAnonymousBlock registry key does not exist. Even if I set the policy to enabled or disabled manually in the local security policy. The key doesn't exist. This leads me to believe this is not the correct
  registry key that controls this setting.
  Can anyone shed light what the appropriate key is in the registry?

  Hi,
  As others mentioned, we can change the value of registry key “HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock”
  to set Network Access - Allow anonymous SID/Name translation to ‘Disabled’.
  In your case, this registry key does not exist.
  Please try to add this registry key to your Windows 2008 R2 server, then find out if this registry key could solve your issue.
  Here are some links below could be helpful to you:
  Configure a Registry Item
  http://technet.microsoft.com/en-us/library/cc753092.aspx
  You may not be able to connect to an instance of SQL Server by using an anonymous login
  http://support.microsoft.com/kb/839569
  I hope this helps!
  Best Regards,
  Amy Wang

• How to set password policy for apps users

  Hi All,
  Can anyone please help me.
  I am working on apps 11i.
  How to set password policy for users
  Thanks

  Check Note: 189367.1 - Best Practices for Securing the E-Business Suite
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=189367.1

• 'Disable or enable software Secure Attention Sequence' GPO setting | Security Risk

  Hello,
  In implementing SCCM we discovered that the 'ctrl+alt+del' button for the SCCM Remote Control client, will not work, unless we enable the 'enable software Secure Attention Sequence' GPO setting with 'Services and Ease of Access Applications' set.
  Our info sec team is looking for some reassurance that this introducing a lot of risk to our orgnization. Does anyone have any guidance they can provide for this?
  Thanks

  Hi jh，
  As you mentioned In Configuration Manager 2012 does bring the 'ctrl+alt+del' back which required enable the 'enable software Secure Attention Sequence' GPO setting.
  by default, only Ease of Access applications running on the secure desktop can simulate the SAS. If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS.
  When services or other application simulate the SAS, since services or application which could launches at logon it takes risks.
  We suggest you refer to system center configuration manager forum because you might get more useful suggestion there
  https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenter2012configurationmanager
  Regards
  D. Wu

• Access denied security policy file

  All i a simple client which is trying to talk to a remote EJB. When i try and startup the client i get the following error.
  java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.System.setProperty(System.java:699)
       at com.db.abmonitor.client.Client.example(Client.java:51)And i am calling it like
  System.setProperty("java.security.policy", "client.policy");
         if (System.getSecurityManager() == null)
         System.setSecurityManager(new RMISecurityManager());  And i have defined a client.policy file in the src directory of the project under eclipse, with the following entries
  grant {
       permission java.security.AllPermission;
  };Anyone got any ideas ?

  Ah RMI headaches...
  here is what i blogged for my own self when i was starting with the RMI security stuff:
  Since i havent figured out how to do SecurityManager stuff properly, i can override 2 checkPermission methods in SecurityManager with empty method bodies, thats a quick and dirty fix.
  - Alternativly, you can set your policy file located in /lib/security/java.policy to: http://java.sun.com/docs/books/tutorial/rmi/example-1dot2/java.policy
  - or pass the property to the policy location: -Djava.security.policy=./policy.all
  maybe that will help...
  i think that maybe your policy file isnt being found where it should be

• How to specify the security policy "Allow access to everyone" for security role in Deployment descriptor

  Hi,
  I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
  security-role>
          <description>Authenticated</description>
          <role-name>Authenticated</role-name>
      </security-role>
  This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
  In weblogic, I have the following setting in weblogic.xml
  <wls:security-role-assignment>
          <wls:role-name>Authenticated</wls:role-name>
          <wls:externally-defined />
      </wls:security-role-assignment>
  And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
  I am wondering if this setting can be specified in  for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
  Thanks

  Hi,
  You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
  And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
  Hope this will solve your problem.
  Regards
  MuRam

• Forcing Users to set Security Questions

  Hi All,
  Currently when a user joins the organization, the user can go to IdM user interface, login and set security questions. But this is an option only if user wants to use self service in IdM. So, it has been found that users are not setting it and it becaomes a pain when they call help desk for password change and help desk is not able to verify the user's identity because security questions are not set.
  Please share your thoughts how other organizations are handling this situation.
  Is there any way that we can force a user to set security questions when the user logs in first time?
  Regards,
  Gaurav

  Hello,
  In our Organization we did the following.
  Under the Security tab there is a Policy tab.
  There you should find a policy called: Default Identity Manager Account Policy.
  Under Secondary Authentication Policy Options make sure "Enforce Answer Policy at Login" is checked.
  In page help states:
  Select this option to enforce the authentication question policy when the user logs in to this interface.
  This solution works however it did become problematic while we had pass-thru authentication configured.
  All the best
  -IDMxml

• JVM (from C++) won't recognize security policy

  I can't get the JVM to recognize a security policy file when the JVM is invoked from C++.
  Using the Invocation API of JNI from C++ (in W2K) I am creating a Java object which then sets
  an RMISecurityManager. I am passing the location of my security policy file in the JavaVMOption
  array :
       options[opidx++].optionString = "-Djava.security.policy=\"d:\\jini1_1\\policy\\policy.all\"";
  The JVM starts fine, and the object gets instantiated, but once the RMISecurityManager is set,
  the code no longer has permission to open files or sockets, etc etc. This would indicate that the security policy is not allowing permissions - but the policy file actually has the following:
  permission java.security.AllPermission "", "";
  (This "promiscuous" policy is just for testing.)
  My problem seems to be that in spite of the explicit security policy being passed to the JVM, it is being ignored. This only happens if the code is run from the C++ program. Using the same code and same command line argument for the policy file, everything works fine if it is run as a Java program separately.
  What is the special incantation required to get the JVM to recognize a security policy file when it is invoked using the JNI Invocation API?
  Thanks

  Fixed!
  The problem was the additional, inner set of quotes, which were cut and pasted from the batch file used to call the Java program from the command line.

• Set security preferences via GPO

  Hi
  Is there a way to set either security policy in Acrobat via GPO, so all a user would have to do is select:
  Tools > Protection > Encrypt > select premade security policy (password protected)
  Or a way to set the Adobe PDF printer preferences with Adobe PDF Security as 'Use the last known security preferences' with predefined settings via GPO.
  We need to set up security on 100 or so acrobats and I am struggling to find a way to do this.
  Thanks

  Well if you can point me to this registry key i would appreciate it.
  Applying the security settings via 'print to pdf' via gpo would be really handy right about now.
  I managed to find a security file (security-policy.acrodata) that contains the details of security policies, I managed to copy this to another pc and the policy was displayed in adobe. However it doesn't save the password and a password must be entered manually.
  Also I don't think the above would work for Acrobat 8 (we use both versions 8 and 10) and it doesn't make the security policy I create as the only favourited one as default.

• Cisco NAC web agent Network Security Policy

  I have a computer with an installed McAfee Antivirus that us up to date. However, each time try to access one of my client's server via VPN, I successfully connect to VPN using Cisco Anyconnnect but whenever I try to download the web agent and the device security check is being run, I get the feedback "Host is not compliant with network security policy". It also tells me a Remediation description of "please update your antivirus". (see attached screenshot)
  Please note that I already have my McAfee antivirus updated and I have done everything to keep my computer in good shape in terms of security.
  What is the possible cause for this?

  That means the CAM hasn't received an SNMP trap for that MAC address.  Double-check that the WLC is set up to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626
  You can see if the CAM's received a trap for a specific MAC by looking under OOB Management > Devices > Discovered Clients.

• Socket and Security Policy

  I've tried to set experiment with Socket communication in Flex, but I keep hitting problems. Approach 1: in a Flex web app, I load a crossdomain security policy from a server. I then open a socket and write a few bytes to the server. In my server, I do not get the expected output on the stream--in fact, I get nothing at all--until I close the Flex application, at which point I get a seemingly inifinite stream of the bytes '0xEFBFBF'. Here's a hexdump view of a fragment of the data Flash Player sends to the server after I close the Flex app:
  00000130  ef bf bf ef bf bf ef bf  bf ef bf bf ef bf bf ef  |................|
  00000140  bf bf ef bf bf ef bf bf  ef bf bf ef bf bf ef bf  |................|
  00000150  bf ef bf bf ef bf bf ef  bf bf ef bf bf ef bf bf  |................|
  Approach 2: I then tried it in air, but although the connection seems to initiate properly and I can go through the above trivial client-server interaction, after a few seconds, I get a SecurityErrorEvent. From what I've been able to follow of the docs, Air applications are trusted in this respect, and should not need to load security policy, right? I tried to add a call to Security.loadPolicy(), but it seems to be ignored. This is the message flow:
  Received [class Event] connect
  Received [class ProgressEvent] socketData
  Received [class Event] close
  Received [class SecurityErrorEvent] securityError
  Security error: Error #2048: Security sandbox violation: app:/main.swf cannot load data from localhost:5432.
  The Air version of my client code is below:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
  <mx:Script>
      <![CDATA[
          var str:Socket;
          private function handleClick(e:Event):void {
              Security.loadPolicyFile("xmlsocket://localhost:2525");           
              str = new Socket('localhost', 5555);
              var message:String = 'hello';
              for (var i:int = 0; i < message.length; i++) {
                  str.writeByte(message.charCodeAt(i));               
              str.writeByte(0);
              str.flush();
              str.addEventListener(Event.ACTIVATE, handleEvent);
              str.addEventListener(Event.CLOSE, handleEvent);
              str.addEventListener(Event.CONNECT, handleEvent);
              str.addEventListener(Event.DEACTIVATE, handleEvent);
              str.addEventListener(IOErrorEvent.IO_ERROR, handleEvent);
              str.addEventListener(ProgressEvent.SOCKET_DATA, handleEvent);
              str.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleEvent);           
          private function handleEvent(e:Event):void {
               trace("Received", Object(e).constructor, e.type);
               if (e is ProgressEvent) {
                   var strBytes:Array = [];
                   while(str.bytesAvailable > 0) {
                       var byte:int = str.readByte();
                       strBytes.push(byte);
                   trace(String.fromCharCode.apply(null, strBytes));
               } else if (e is SecurityErrorEvent) {
                   trace("Security error:", SecurityErrorEvent(e).text);
      ]]>
  </mx:Script>
  <mx:Button label="test" click="handleClick(event)"/>   
  </mx:WindowedApplication>
  The server is in Java and is as follows:
  import java.net.*;
  import java.io.*;
  public class DeadSimpleServer implements Runnable {
      public static void main(String[] args) throws Exception {
          if (args.length != 2) {
              throw new Exception("Usage: DeadSimpleServer policy-port service-port");
          int policyPort = Integer.parseInt(args[0]);
          int servicePort = Integer.parseInt(args[1]);
          new Thread(new DeadSimpleServer(policyPort,
                                          "<?xml version=\"1.0\"?>\n" +
                                          "<cross-domain-policy>\n" +
                                          "<allow-access-from domain=\"*\" to-ports=\"" + servicePort + "\"/>\n" +
                                          "</cross-domain-policy>\n"
                     ).start();
          new Thread(new DeadSimpleServer(servicePort, "world")).start();
          while (true) Thread.sleep(1000);
      private int port;
      private String response;
      public DeadSimpleServer(int port, String response) {
          this.port = port;
          this.response = response;
      public String getName() {
          return DeadSimpleServer.class.getName() + ":" + port;
      public void run() {
          try {
              ServerSocket ss = new ServerSocket(port);
              while (true) {
                  Socket s = ss.accept();
                  System.out.println(getName() + " accepting connection to " + s.toString());
                  OutputStream outStr = s.getOutputStream();
                  InputStream inStr = s.getInputStream();
                  int character;
                  System.out.print(getName() + " received request: ");
                  while ((character = inStr.read()) != 0) {
                      System.out.print((char) character);
                  System.out.println();
                  Writer out = new OutputStreamWriter(outStr);
                  out.write(response);
                  System.out.println(getName() + " sent response: ");
                  System.out.println(response);
                  System.out.println(getName() + " closing connection");
                  out.flush();
                  out.close();
                  s.close();
          } catch (Exception e) {
              System.out.println(e);
  Am I missing something? From what I understand, either of these approaches should work, but I'm stuck with both. I have Flash Player 10,0,15,3 and am working with Flex / Air 3.0.0 under Linux.

  So... apparently, with the Air approach, this is what I was missing: http://www.ultrashock.com/forums/770036-post10.html
  It'd be nice if FlashPlayer gave us a nicer error here.
  I'm still trying to figure out what the heck is going on in the web app (i.e., non-Air Flex) example. If anyone has any suggestions, that would be very helpful.