Accepting OpenPalace Connections

From OpenPalace

Jump to: navigation, search

In order to accept connections from OpenPalace users, you must install Adobe's Flash Socket Policy File Server and you must add the crossdomain.xml file to your http media server.

Contents

Background

The Palace uses a direct socket connection to communicate. However, the Flash Player has a security restriction that will prevent users from making a socket connection to any server that doesn't explicitly allow such connections. The way that this is accomplished is by running a Socket Policy File Server. This server must listen on port 843 on the same IP address as the palace server to which you want to connect.

Socket Policy Files

A Socket Policy File informs the Flash Player about which ports it is allowed to connect to on a given host. You must provide a socket policy file that allows access to every port on which a Palace Server is listening on your IP address.

Example Policy File

This is an example policy file that allows access to port 9998. 

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy> 
   <site-control permitted-cross-domain-policies="master-only"/>

   <!-- This will allow access only to the main palace port 9998 -->
   <!-- If you want to use one of the other options below, make
        sure to comment out or remove this line first -->
   <allow-access-from domain="*" to-ports="9998" />

   <!-- Uncomment the following line to enable access to all ports -->
   <!-- <allow-access-from domain="*" to-ports="*" /> -->
   
   <!-- Uncomment the following line to enable access to ports 9000-9999 -->
   <!-- <allow-access-from domain="*" to-ports="9000-9999" /> -->

   <!-- Uncomment the following line to enable access to ports
        9998 and 9996 -->
   <!-- <allow-access-from domain="*" to-ports="9996,9998" /> -->
    
</cross-domain-policy>

Installing the Socket Policy File Server

These instructions apply to Unix-based palace servers only.

Requirements

  • Python 2.5 or later
  • Root access to your server

Instructions

Adobe provides a sample implementation of the socket policy file server in an example here. However, I have created a bundle that you can use to simplify the process somewhat. Start by downloading my policy file server package here: flashpolicyd_openpalace.tar.gz

Download the package onto your server. 

wget http://www.openpalace.org/flashpolicyd_openpalace.tar.gz

Once you've downloaded the package, untar it. This will produce a directory called "flashpolicyd." 

tar -xzvf flashpolicyd_openpalace.tar.gz

Change to the flashpolicyd directory: 

cd flashpolicyd

If you only have a palace server listening on port 9998, you are ready to start the policy file server now. Keep in mind, the flash socket policy file server must be run as root. This is because it must listen on port 843, and on a unix system only the root user is allowed to run servers on ports at or below 1024. 

./start.sh

IMPORTANT: If you have more palace servers running on a variety of ports, you will need to edit the flashpolicy.xml file accordingly and then start/restart the flashpoliycd server. There are several examples listed in the file. Since this is an XML file, code comments use the same format as does HTML.

You will need to make sure this policy file server stays running at all times as long as you want OpenPalace users to be able to connect. Because of the wide variation in the startup process for different distributions of Linux, setting up the policy file server to start when your server boots up is left as an exercise for the reader.

Cross Domain Policy File

You will also need to provide a cross domain policy xml file called "crossdomain.xml" in the root directory of your http media server. For example, if you set your media server to http://www.openpalace.org/media then you would need to serve the crossdomain.xml file at the url: http://www.openpalace.org/crossdomain.xml

The crossdomain.xml file is required in order to be able to process the Transparency Index that you might have set on various hotspot images when creating rooms in your palace, and also to be able to discover and load png or jpg background images if available, instead of gif images. Without it, the Flash Player will not grant OpenPalace the permission it needs in order to access the raw bitmap data of your images and apply transparency to that color. If you do not serve a crossdomain.xml file, your palace will not function in a usable way with openpalace.

However, I strongly recommend that you not use the Transparency Index feature for handling image transparency. You may instead use native transparent gif files or transparent png files. These will work both faster and more reliably in OpenPalace.

Example crossdomain.xml file

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
  <allow-access-from domain="*" />
	<site-control permitted-cross-domain-policies="master-only"/>
  <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
Retrieved from "http://www.openpalace.org/wiki/Accepting_OpenPalace_Connections"
Personal tools