AS3 + Java: Socket connections to ports below 1024

December 11th, 2006 by Thomas

Since people started to experiment with the new Socket class in AS3 I've often read that it wouldn't be possible to connect to any port below 1024 with it. While that's true if you want to connect to any server on the web, it is possible to connect to servers that run a special socket server returning cross domain policy information to the Flash Player. It's similar to putting a cross-domain-policy file on your web server - it just requires a little more effort.

Connecting to ports below 1024 opens some interesting possibilities, like tunneling multiuser apps through port 80 to avoid being blocked by strict firewalls, writing your own mail-client, ftp-client - any network client for that matter (that doesn't need the ability to listen for incoming connections, so forget about p2p in Flash). Joa Ebert for example has written an IRC client in Flash. You could also write a Proxy on your own server to forward access to any port on any server...

This is how you can allow the AS3 Socket and XMLSocket to connect to a low port number, for example to a web server's port 80.

AS3 commands

Whenever you call the connect method of a Socket class in AS3:

  1. socket = new Socket();
  2. socket.connect("localhost", 80);

... the Flash Player implicitly opens a socket - in the example above to port 80 - and sends the following character sequence:

  1. <policy-file-request/>

If the server responds with a string formatted as a common policy xml file, Flash Player will open the real socket and will fire the Event.CONNECT event. If no policy string is returned the connection will fail.

  1. <?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" to-ports="80" /></cross-domain-policy>

Now you probably don't want to modify the source code of your preferred open source webserver to make it answer to Flash Player's policy requests. Luckily there is an AS3 command to make Flash connect to another port when looking for the policy:

  1. Security.loadPolicyFile("xmlsocket://localhost:1008");

This will cause the Flash Player to open a socket to port 1008, send the policy-request and read the policy file. If access is allowed it'll open the desired Socket connection to port 80 without further delay.

It is important to know that only policy-files read from a port below 1024 can grant access to ports below 1024. If your policy file is served from a port, say 8008, access below 1024 is blocked even though the policy file might say differently.

Curious - Adobe's DTD defining the structure of a policy file doesn't mention the to-ports attribute, but the Flash Player definitely reads it.

Java socket server

I wrote a little Java-class that, when started, runs as a policy server. By default it listens on port 1008, allowing connections to any port. Which is good for testing but should be changed when running it publicly!

You can download the source code here, or a runnable jar-file here. Just install the Java-Runtime-Environment (you probably already have it) and on the command line type java -jar policyserver.jar.

Flex example client

I've also written a little example AS3/Flex application that connects to the localhost web-server, sends an HTTP GET command and reads the response including HTTP headers from the webserver. You could call it a browser ;) - unfortunately it only let's you connect to servers that have the policy server running.

You can download the source code here (just import it into a Flex project and mark as the Default Application).

Or view an example here - enter a path starting with "/" and click on connect and see what it reads from our blog webserver...

36 Responses to “AS3 + Java: Socket connections to ports below 1024”

  1. Arc Says:

    Hi Thomas,
    I don’t know what I am doing wrong but the example don’t work for me :(( After I click the connect button nothing happens

  2. Roberto Aguilar Says:

    Im looking forward to deploy an ftp client (request from the boss) in flex obviously (running on the web), but im requested to be able to connect to any ftp server. The million dollar question, is there any work around that dumb security policy of flash?

    I was thinking in something like a proxy?, lets say connect to and this will connect me to does it make any sense?

  3. civet Says:

    Thanks for shareing~ your policyserver works perfect!

  4. cksachdev Says:

    Is it possible to run policy server as an application on client end and the swf loaded from browser communicate with the localhost.

  5. flepstudio Says:

    Re: as3 ed i socket.

  6. Fassa Says:

    Hello i have encountered such problem and i dont really know how to fix it .
    I want to use ASQL but i have problems with it you can see details here i think this could help many ppl ….

  7. charlie Says:

    Hi thomas,
    My goal is connect Flash with Openframeworks with AS3 (thread)socket TCP or UDP , I’m little beginner with flash sockets. There are any base example? Thanks.

    Best regards

  8. AimZ » Adobe Flash Sockets Says:

    […] This entry was written by stefan and posted on 9. Juni 2008 at 16:43 and filed under Flash, Netzwerk. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. « XFree86 Modelines Video Timings […]

  9. markus Says:

    I have an xmlsocket connecting (on port 6000) to a Java server. I get the from Flash but when I respond with:
    String policy_response = “”; nothing happens.
    I know it tries port 843 and then the port you’re trying to connect to….is there any difference where you have the policy file?
    I’d rather have it on the same server (port 6000) as the rest of the app.
    Is there anything wrong with my xml here or could the problem be somewhere else?

    Big thanks in advance!

  10. RichSad Says:

    When I click on the example link above, I get the form but pressing the connect button does nothing. How come?

  11. Thomas Says:

    sorry, the policyserver wasn’t running anymore, i restarted it, the example should work again!

    @Roberto Aguilar
    if you want to write an ftp client it’s probably better to use a proxy, the socket server only provides a solution for connecting servers that are under your control. however it has the advantage of not creating a bottleneck as a proxy server would be. as far as i know there’s no way around the policy mechansim.

    not sure i understand the question… you need to reply with a valid policy xml string. the policyserver can be on the same host but obviously on a different port number. if you want it on the same port you’l have to integrate the programming into your application, which is not very flexible…

    i guess it would be possible to connect to localhost, just like any other server on the net. havent tried it though…

  12. Flex Monkey Patches » Blog Archive » Policy file changes in Flash Player Says:

    […] This one shows how to make and use a simple java socket server to act as a policy file server: AS3 + Java: Socket connections to ports below 1024 […]

  13. jradical Says:

    Great work!
    If you can’t get this to work; your stupid go cut your fingers off!

    Thanks again for the java policy server!

  14. sven Says:

    I have made a modified version to read a crossdomain.xml and deliver it to Port 843.
    I will send it to you, in case you like to pulish it.

  15. Luis L Says:

    Nice!! but I want to know if I need another socket server besides the policy server to communicate with the client. And I have some problems while I tried to write the socket buffer to send a response to the client in the server , I guess it throws an exception but theres nothing sent….I don’t know what I’m doing wrong.
    (The server read what the client SWF send perfectly)

  16. Thomas Says:

    @Luis L
    the socket server only handles the policy file request and closes the connection immediately afterwards. it is not a multiuser socket server. sorry, can’t tell you what you’re doing wrong…

  17. Luis L Says:

    I don’t know why the flash client inside a web app is not working when I run it from another place of the network and it gets this error

    Security error[SecurityErrorEvent type=”securityError” bubbles=false cancelable=false eventPhase=2 text=”Error #2048″]

    It do work when I run it from the server where the policy server is.

  18. stella856 Says:

    thank you for your java socket ! I tried everything with crossdomain.xml file on my server, but nothing works… your socket worked at the first time ! thank you !

  19. fusion Says:

    Hi im trying to create a new jar file for the java policy server, but the when i try to run say incorrect jar file. Im new in java so i dont know nothing about it. Im triying to put custom ips for the policy server, can some 1 tech me how to edit and create the jar file please.

  20. Stuart Page Says:

    Hey I have implemented what you have said but it wont work. Flash will never reconnect and fire the connect event.
    Im using this string:

    String policy = “”;

    and then i do this
    do i need to somehow end with a null byte? Is my string syntax wrong? do i need to reprogram my flash program with something other than just the new socket? Should this work and the error must be somewhere else?

    More details at my blog at

  21. Stuart Page Says:

    ok nvm for some reason i cant post the string… nor can i delete my previous comment.

  22. Derek Says:

    Have you tested this using Adobe Air? I have created a policy file server similar to yours but have not been able to see the come through. Any help here would be appreciated.

  23. Thomas Says:

    I haven’t tested in AIR, but do you have asocket-server running that returns the policy file? A file served by your web server won’t help, it has to come through a socket.

  24. kikko Says:

    Hey thanks Thomas, that post just helped a lot

  25. Michael Brown Says:

    IMPORTANT INFO: For me, I wrote my own socket server and it was not working when I sent the proper policy file after receiving the xml policy request. The response HAS to be null terminated! After sticking the ol’ char in at the end, the flash app worked.

  26. alex Says:

    Hey dude… Your solution worked for me, i spent the whole day trying to make that socket connection but I found your post and i did it.

    pd. I implemented your solution on my c# server, i didn’t use java.

    Thank you.

  27. walber Says:

    what solution for connections with proxy (squid)?

  28. Fighterlegend Says:

    I have a problem.

    The server times out almost 10 seconds right after I connect to it.

    Is this right? It’s not being cool with me >=(

    I’m going to try some other stuff, but please reply to me.

  29. Thomas Says:

    @Fighterlegend and @all - the policy server in our example currently doesn’t work because we moved servers. we’ll try to fix it as soon as we can. sorry about that..

  30. Gewy Says:

    This post is very interesting as, may be, you could give me the answer I am waiting for…
    I spent a lot of time to refactor my server application so it can serve HTTP and my proprietary binary protocol on the same port, and the policy-file-request as well. So I don’t need to deploy an HTTP server and all the connections are made on port 80, the default HTTP port, which is generally not blocked by firewall.
    Unfortunatly at the end of my work I realized that the flash socket component has some limitation on using port 80.
    I thaught it was a bug (I made a bug report
    But without any success…
    CONNECT event is fire every time but in fact there is no connection. Packet sniffing doesn’t show any packet sent by Flash application. I am quite sure of what I found. So either you are able to make it working, and I am really very stupid, or…. I hope you have an answer.

  31. Thomas Says:

    @Gewy not sure I can help with anything else than what I describe in this post.. is the Flash app requesting the policy file as described above? In my example (which is currently not working) I do in fact connect to port 80 and get a successful connection to Apache. So it should work with the policy server.

  32. Gewy Says:

    Well, finally I am able to explain the problem. I don’t really know if it is a bug or not…
    I confirm that connections on port 80 are processed in a special way because the CONNECT event is dispatched nevertheless no TCP packet are sent to the server. The situation is that client appears to be connected but server don’t have any connection for this client.
    Anyway when you write data on this socket a real connection is established and data are correctly processed.
    But there is one thing that is not working with port 80 : serving the policy file request on the same port than the connection.
    I am using a multiplexer server which serves various protocols on the same port. So it is why my connection on port 80 never works, because the policy file request was not processed.
    If I set a policy file server on port 843 (default port used by Flash Player) I can use port 80 for my binary protocol.
    Quite strange, anyway…

  33. Pradip Jadhav Says:


    I am facing a big problem right now. I am developing FLEX application having PHP as server technology. And this application is connected with another java application.

    There is one java web services which is used to check user’s account details while login into system.

    Now what i want to do is i want to call that web service from my flex application.

    But while calling that services network’s security error is coming. I am not getting how to resolve this.

    I tried using cross domain service but didn’t solve that issue :(

    So will you please help me to solve out this problem?

    Thanks in advance.

    Pradip Jadhav

  34. Flash Socket crossdomain.xml « true lies Says:

    […]…-below-1024/ […]

  35. saurabh Says:

    i have made an application using java as backend and flash as3 frontend.
    There is an issue of not being shown the second last connection to last user.

    Ex- We make the three connection consecutive and it is working well. When, we make the fourth connection, the third connection is not being shown to the last connection while other two connection is being shown well to him, even, the last connection is being shown well to all users… I don’t know what is the reason while I have checked every code and there is not any checks of it.

    Please help to fix this issue………


  36. Mit XMLSocket auf lokalen Port zugreifen - Flashforum Says:

    […] mit Hilfe von lessrain blog Blog Archive AS3 + Java: Socket connections to ports below 1024 und seinem Policy Server bin ich jetzt soweit, dass ich eine Verbindung zwischen dem Policy server […]

Leave a Reply