Flex Application Interaction with Loaded Flash SWFs

Question

Hi all,

First, the background:

I am creating a Flex application with a component that displays various dynamically loaded SWFs, one at a time (kind of like a kiosk). These loaded SWFs are created in Flash IDE, not Flex. They will not be created by us (we will provide a .fla template but that's it), so I am loading them into a separate SecurityDomain.

My Questions:

1. I want the application to be able to call methods inside the loaded SWF. To do this, would I just call Security.allowDomain("domain original app was loaded from") in the startup process for the loaded SWF?

2. I want the loaded SWF to be able to throw events that are caught by the application. Can I accomplish this through the SWFLoader.swfBridge property?

3. I am defining an interface for the methods inside the loaded SWF. But, I don't want to leave the implementation up to the customer. Instead, I want to provide another SWF that contains the interface implementation and have it be a constraint that the customer includes it in their SWF. I am not very familiar with the Flash authoring environment, how would it work so that the interface implementation SWF exposes its methods in such a way to be accessible to Flex? Is there a way to sign the SWF so that the Flex application knows that it is dealing with the original, not a spoof? How would the Flex code pass in arguments, since it is across SecurityDomain boundary -- is there marshalling involved (say if I want to pass in a Dictionary or some kind of object graph)?

4. The Flex application may load hundreds of these smaller other SWFs during its lifetime. How do I make sure it doesn't keep using up more memory? I plan on using SWFLoader.unloadAndStop() and clearing all references in the Flex object that refers to it. Is this enough? Will the AppDomain for the loaded SWF be torn down automatically so that the class definitions are no longer in memory?

Thanks,

Karthik

Answer 1

Some answers:

2) No. Well, you could try, but it would be a mess. You can look into some of the bootstrap loading documentation, but if you're not in complete control of the flash development, this is a lost cause and will end in headache for you.

Depending on your architecture, I would abstract everything out in such a way where communication is happening through javascript or through a localConnection. It might be a pain to use a localConnection to start (giving the serialization size constraints, etc.) but once you get everything hashed out, you won't need to fight with all the security sandbox restrictions. I understand that you want everything to be secure, but if you have control of the server and know where the swfs are being loaded from (and can add numerous layers of security that you invent [for example: having a loaded swf talk to a server when loaded]), you may be better off.

Random thoughts.... Good luck in any case.

Answer 2

Hi all,

Alex Harui from Adobe gave some extremely helpful answers on my post on the Adobe forums. Check them out if you are interested in this same question.

Karthik