在 AIR Security Sandbox 中执行远程 SWF
我尝试下载外部 SWF 并在 AIR 安全沙箱中运行它。
这是 AIR 应用程序的代码:
public class Downloader extends Sprite
{
private static const REMOTE_FILE:URLRequest = new URLRequest("http://myserver.com/downloadable.swf");
private var _main:NativeWindow;
public function Downloader()
{
var loader:URLLoader = new URLLoader(REMOTE_FILE);
loader.dataFormat = URLLoaderDataFormat.BINARY;
loader.addEventListener(Event.COMPLETE, downloadComplete);
}
private function downloadComplete(e:Event):void{
var ba:ByteArray = e.target.data;
var stream:FileStream = new FileStream();
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
stream.open(file, FileMode.WRITE);
stream.writeBytes(ba);
stream.close();
loadAndRunSwf();
}
private function loadAndRunSwf(){
this._main = new NativeWindow();
this._main.width = 1024;
this._main.height = 768;
////obsolete?
//var context:LoaderContext = new LoaderContext();
//context.allowLoadBytesCodeExecution = true;
//context.applicationDomain = ApplicationDomain.currentDomain;
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
var loader:Loader = new Loader();
loader.load(new URLRequest(file.url)/*,context*/);
this._main.stage.addChild(loader);
this._main.activate();
}
}
downloadable.swf 的代码:
public class Downloadable extends Sprite
{
private var _btn:Button = new Button();
private var _baseFolder:File = new File("app-storage:/");
public function downloadable_test()
{
this.addChild(_btn);
_btn.label = "access Harddisk";
...
}
}
所以现在,如果我运行 Downloader,它将下载 swf 并尝试运行它,但我会在 Downloadable 行中遇到异常,
private var _baseFolder:File = new File("app-storage:/");
错误如下:
SecurityError: file
at runtime::SecurityManager$/checkPrivilegeForCaller()
那么 - 我需要做什么来防止此类安全错误?我希望我的远程 SWF 被视为在与 AIR 代码相同的安全沙箱中运行的本机代码。
I try to download an external SWF and run it within the AIR security sandbox.
this is the code of the AIR application:
public class Downloader extends Sprite
{
private static const REMOTE_FILE:URLRequest = new URLRequest("http://myserver.com/downloadable.swf");
private var _main:NativeWindow;
public function Downloader()
{
var loader:URLLoader = new URLLoader(REMOTE_FILE);
loader.dataFormat = URLLoaderDataFormat.BINARY;
loader.addEventListener(Event.COMPLETE, downloadComplete);
}
private function downloadComplete(e:Event):void{
var ba:ByteArray = e.target.data;
var stream:FileStream = new FileStream();
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
stream.open(file, FileMode.WRITE);
stream.writeBytes(ba);
stream.close();
loadAndRunSwf();
}
private function loadAndRunSwf(){
this._main = new NativeWindow();
this._main.width = 1024;
this._main.height = 768;
////obsolete?
//var context:LoaderContext = new LoaderContext();
//context.allowLoadBytesCodeExecution = true;
//context.applicationDomain = ApplicationDomain.currentDomain;
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
var loader:Loader = new Loader();
loader.load(new URLRequest(file.url)/*,context*/);
this._main.stage.addChild(loader);
this._main.activate();
}
}
Code of the downloadable.swf:
public class Downloadable extends Sprite
{
private var _btn:Button = new Button();
private var _baseFolder:File = new File("app-storage:/");
public function downloadable_test()
{
this.addChild(_btn);
_btn.label = "access Harddisk";
...
}
}
so now, If I run Downloader, it will download the swf and try to run it, but i'll get an exception in Downloadable on the line
private var _baseFolder:File = new File("app-storage:/");
the error:
SecurityError: file
at runtime::SecurityManager$/checkPrivilegeForCaller()
So - what Do I need to do to prevent such security errors? I want my remote SWF to be treated as native code running in the same security sandbox as the AIR code.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不确定 Android,但对于常规网络播放器,您需要为加载器上下文的 securityDomain 指定 SecurityDomain.currentDomain,以便加载的代码在权限方面被视为等于加载器。另请注意,由于无法解释的原因,如果您在从 PC 上的文件系统加载时使用 SecurityDomain,Flash Player 会发出抱怨。
无论多么复杂,Flash Player 安全性通常都是一种默默无闻的安全性...因此,如果它不能按照您编码的方式工作,请尝试 Loader.loadBytes() “解决方法”。
I'm not sure about Android, but for the regular web player you would need to specify SecurityDomain.currentDomain for the securityDomain of the Loader's context for the loaded code to be considered equal to the loader in terms of permissions. Also note that for reasons impossible to explain, if you use SecurityDomain when loading from the file system on PC Flash Player will complain.
However complicated, the Flash Player security is often a security by obscurity... So, if it doesn't work the way you coded it, try Loader.loadBytes() "workaround".