This sucker literally sucked up waaaay too many man hrs between my partner and myself trying to debug this issues, so I hope it saves someone else — for the short read, if you’ve used the Network Monitor in Flash Builder in a project make sure you open up .actionScriptProperties and set the property includeNetmonSwc = false.

includeNetmonSwc=”false”

For more of an explanation read the following — here’s the scenario:

We created an app that loads services.xml from within the same Java container as our SWF, so there’s no need for a crossdomain.xml file. The xml file was relative to the SWF and the HTML container for the SWF as such:

* main.html
* main.swf
* assets/service-locator/services.xml

In our local dev environments we have a Flex app that publishes itself to a Java app on Tomcat running in Eclipse with BlazeDS + Spring + Hibernate. Running locally, everything worked fine. When we deployed the WAR to a client’s remote Tomcat instance logged in via their VPN, my partner and I were able to hit the app and the XML file loaded fine. When the client tried, it failed and they received the following HTTPService Fault:

• faultCode = Channel.Security.Error
• faultDetail = Destination: DefaultHTTP
• faultString = Security error accessing url

This honestly baffled us for some time…why could we hit get the SWF to load the XML file when VPN’d in while the client received an error on their own network? After trying every security thing under the sun with the Flash Player, we simply created a new Flex project, put in a simple XML load via an HTTPService, and deployed it to the same WAR (as above with BlazeDS + Spring + Hibernate) and it worked for both us and them. Then we put the exact same Flex code from our original app into the test Flex app and again it worked for both us and out client…huh?

While it did work and we could just move on and fist pump the day away with out newfound success, we were obviously worried that something greater was at play and might come back to bite us in the ass. At this point we knew it was client code and not server code, so we decided to check the build properties and compiler options, etc, but it was all the same.

Finally we decided to do a compare on the project property files from the original project and the new one starting with .actionScriptProperties — and there it was, a simple flag difference of the property:

includeNetmonSwc=”true”

…and WHAM, it smacked me in the face.

Waaaaay back when we started this project I decided to play with the new Network Monitor (NM) integrated into Flash Builder. I used it maybe for 30 mins and said, ok, great…next. Well, this little flag apparently creates some settings (maybe opens ports or something) on dev machines that allows the NM to work like an HTTP Proxy/Sniffer similar to Charles or ServiceCapture…when this SWF is deployed to a server where these settings haven’t been set…well…you’re efffed. No dice. And you get the security error mentioned above.

Bottom line, make sure you either set the value to false:

includeNetmonSwc=”false”

or remove this sucker entirely. I really hope that helps someone as it cost us a ton of time. Thank you Adobe.

Tweet This Post