AS3 + Java: Socket connections to ports below 1024
December 11th, 2006 by ThomasSince people started to experiment with the new Socket class in AS3 I've often read that it wouldn't be possible to connect to any port below 1024 with it. While that's true if you want to connect to any server on the web, it is possible to connect to servers that run a special socket server returning cross domain policy information to the Flash Player. It's similar to putting a cross-domain-policy file on your web server - it just requires a little more effort.
Connecting to ports below 1024 opens some interesting possibilities, like tunneling multiuser apps through port 80 to avoid being blocked by strict firewalls, writing your own mail-client, ftp-client - any network client for that matter (that doesn't need the ability to listen for incoming connections, so forget about p2p in Flash). Joa Ebert for example has written an IRC client in Flash. You could also write a Proxy on your own server to forward access to any port on any server...
This is how you can allow the AS3 Socket and XMLSocket to connect to a low port number, for example to a web server's port 80.
AS3 commands
Whenever you call the connect method of a Socket class in AS3:
- socket = new Socket();
- socket.connect("localhost", 80);
... the Flash Player implicitly opens a socket - in the example above to port 80 - and sends the following character sequence:
- <policy-file-request/>
If the server responds with a string formatted as a common policy xml file, Flash Player will open the real socket and will fire the Event.CONNECT event. If no policy string is returned the connection will fail.
- <?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" to-ports="80" /></cross-domain-policy>
Now you probably don't want to modify the source code of your preferred open source webserver to make it answer to Flash Player's policy requests. Luckily there is an AS3 command to make Flash connect to another port when looking for the policy:
- Security.loadPolicyFile("xmlsocket://localhost:1008");
This will cause the Flash Player to open a socket to port 1008, send the policy-request and read the policy file. If access is allowed it'll open the desired Socket connection to port 80 without further delay.
It is important to know that only policy-files read from a port below 1024 can grant access to ports below 1024. If your policy file is served from a port, say 8008, access below 1024 is blocked even though the policy file might say differently.
Curious - Adobe's DTD defining the structure of a policy file doesn't mention the to-ports attribute, but the Flash Player definitely reads it.
Java socket server
I wrote a little Java-class that, when started, runs as a policy server. By default it listens on port 1008, allowing connections to any port. Which is good for testing but should be changed when running it publicly!
You can download the source code here, or a runnable jar-file here.
Just install the Java-Runtime-Environment (you probably already have it) and on the command line type
java -jar policyserver.jar.
Flex example client
I've also written a little example AS3/Flex application that connects to the localhost web-server, sends an HTTP GET command and reads the response including HTTP headers from the webserver. You could call it a browser ;) - unfortunately it only let's you connect to servers that have the policy server running.
You can download the source code here (just import it into a Flex project and mark WebReader.as as the Default Application).
Or view an example here - enter a path starting with "/" and click on connect and see what it reads from our blog webserver...
April 19th, 2007 at 7:39 pm
Hi Thomas,
I don’t know what I am doing wrong but the example don’t work for me :(( After I click the connect button nothing happens
June 1st, 2007 at 5:58 pm
Im looking forward to deploy an ftp client (request from the boss) in flex obviously (running on the web), but im requested to be able to connect to any ftp server. The million dollar question, is there any work around that dumb security policy of flash?
I was thinking in something like a proxy?, lets say connect to mydomain.com and this will connect me to myotherdomain.com does it make any sense?
July 6th, 2007 at 12:10 pm
Thanks for shareing~ your policyserver works perfect!
September 13th, 2007 at 4:10 pm
Is it possible to run policy server as an application on client end and the swf loaded from browser communicate with the localhost.
November 9th, 2007 at 12:00 pm
Re: as3 ed i socket.
December 19th, 2007 at 3:12 pm
Hello i have encountered such problem and i dont really know how to fix it .
I want to use ASQL but i have problems with it you can see details here i think this could help many ppl …. http://mooska.pl/forum/viewtopic.php?t=189
January 17th, 2008 at 6:14 pm
Hi thomas,
My goal is connect Flash with Openframeworks with AS3 (thread)socket TCP or UDP , I’m little beginner with flash sockets. There are any base example? Thanks.
Best regards
June 9th, 2008 at 4:43 pm
[…] http://www.blog.lessrain.com/?p=512 This entry was written by stefan and posted on 9. Juni 2008 at 16:43 and filed under Flash, Netzwerk. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. « XFree86 Modelines Video Timings […]
June 22nd, 2008 at 1:44 am
I have an xmlsocket connecting (on port 6000) to a Java server. I get the from Flash but when I respond with:
String policy_response = “”; nothing happens.
I know it tries port 843 and then the port you’re trying to connect to….is there any difference where you have the policy file?
I’d rather have it on the same server (port 6000) as the rest of the app.
Is there anything wrong with my xml here or could the problem be somewhere else?
Big thanks in advance!
July 17th, 2008 at 3:05 pm
When I click on the example link above, I get the form but pressing the connect button does nothing. How come?
July 20th, 2008 at 2:20 pm
sorry, the policyserver wasn’t running anymore, i restarted it, the example should work again!
@Roberto Aguilar
if you want to write an ftp client it’s probably better to use a proxy, the socket server only provides a solution for connecting servers that are under your control. however it has the advantage of not creating a bottleneck as a proxy server would be. as far as i know there’s no way around the policy mechansim.
@markus
not sure i understand the question… you need to reply with a valid policy xml string. the policyserver can be on the same host but obviously on a different port number. if you want it on the same port you’l have to integrate the programming into your application, which is not very flexible…
@cksachdev
i guess it would be possible to connect to localhost, just like any other server on the net. havent tried it though…
July 21st, 2008 at 9:02 pm
[…] This one shows how to make and use a simple java socket server to act as a policy file server: AS3 + Java: Socket connections to ports below 1024 […]
August 18th, 2008 at 8:49 pm
Great work!
If you can’t get this to work; your stupid go cut your fingers off!
Thanks again for the java policy server!