views:

1764

answers:

6

Hello,

I'm currently experimenting with loading external SWF files from both an standard AS3 application, and an AIR application. It seems that the AIR application doesn't act the same way a standard SWF run by the Flash Player does.

According to the documentation, the applicationDomain property of LoaderContext is usable in an AIR application too, but it just seems to be not working.

I have the following code :

package {
 import flash.display.Loader;
 import flash.display.LoaderInfo;
 import flash.display.Sprite;
 import flash.events.Event;
 import flash.net.URLRequest;
 import flash.system.ApplicationDomain;
 import flash.system.LoaderContext;

 public class Invoker extends Sprite
 {
  private var _ldr : Loader;

  public function Invoker()
  {
   _ldr = new Loader();
   _ldr.contentLoaderInfo.addEventListener(Event.COMPLETE, onChildOneComplete);

   var ldrC : LoaderContext = new LoaderContext(false,
    new ApplicationDomain(ApplicationDomain.currentDomain)
   );

   _ldr.load(new URLRequest("otherSwf.swf"), ldrC);
  }

  private function onChildOneComplete(e : Event) : void
  {
   var c1ad : ApplicationDomain = (e.target as LoaderInfo).applicationDomain;
   var inad : ApplicationDomain = ApplicationDomain.currentDomain;

   trace("Child One parentDomain : " + c1ad.parentDomain);
   trace("Invoker parentDomain   : " + inad.parentDomain);

   trace("Child One has Invoker  : " + c1ad.hasDefinition("Invoker"));
   trace("Invoker has Invoker    : " + inad.hasDefinition("Invoker"));
  }
 }
}

Compiling this code as an SWF file and launching it with the Flash Player does this output, which seems right :

Child One parentDomain : [object ApplicationDomain]
Invoker parentDomain   : null
Child One has Invoker  : true
Invoker has Invoker    : true

But the same code as an AIR application does a different output :

Child One parentDomain : null
Invoker parentDomain   : null
Child One has Invoker  : false
Invoker has Invoker    : true

According to the documentation, the first output (using a SWF with Flash Player, and not an AIR application) is the right one. Also, playing around with this snippet and changing the application domain to others possible configurations (like new ApplicationDomain(null), or ApplicationDomain.currentDomain) does exaclty what the documentation says with the SWF, but does not change the output of the AIR application.

Any clue why AIR is simply ignoring the application domain passed to the loader context ? Any documentation about this particular issue ?

Thank you very much.

+5  A: 

Got it.

The issue was caused by a different behaviour in the SecurityDomain system within an AIR application. When a SWF file is loaded within an AIR application, it always depend to a different sandbox. Thus, AIR creates a new SecurityDomain for this SWF.

Since a SecurityDomain is a group of one or more ApplicationDomains, this behaviour forced the creation of a new ApplicationDomain (within the new SecurityDomain), ignoring the specified one (which belong to the 'main' SecurityDomain).

There is a workaround using URLLoader. When loaded from bytecode (using Loader.loadBytes), a SWF is loaded within the same SecurityDomain. This is why you have to put the allowLoadBytesCodeExecution to true, since it can be unsafe. So loading the SWF indirectly, first though an URLLoader, and then with Loader.loadBytes, solve this issue.

Here's the snippet :

package {
 import flash.display.Loader;
 import flash.display.LoaderInfo;
 import flash.display.Sprite;
 import flash.events.Event;
 import flash.net.URLLoader;
 import flash.net.URLLoaderDataFormat;
 import flash.net.URLRequest;
 import flash.system.ApplicationDomain;
 import flash.system.LoaderContext;
 import flash.utils.ByteArray;

 public class Invoker extends Sprite
 {
  public function Invoker()
  {
   var uldr : URLLoader = new URLLoader();
   uldr.dataFormat = URLLoaderDataFormat.BINARY;
   uldr.addEventListener(Event.COMPLETE, onBytesComplete);

   uldr.load(new URLRequest("otherSwf.swf"));
  }

  private function onBytesComplete(e : Event) : void
  {
   var bytes : ByteArray = (e.target as URLLoader).data;

   var ldr : Loader = new Loader();
   ldr.contentLoaderInfo.addEventListener(Event.COMPLETE, onChildComplete);

   var ldrC : LoaderContext = new LoaderContext();
   ldrC.allowLoadBytesCodeExecution = true;

   ldr.loadBytes(bytes, ldrC);
  }

  private function onChildComplete(e : Event) : void
  {
   var c1ad : ApplicationDomain = (e.target as LoaderInfo).applicationDomain;
   var inad : ApplicationDomain = ApplicationDomain.currentDomain;

   trace("Child One parentDomain : " + c1ad.parentDomain);
   trace("Invoker parentDomain   : " + inad.parentDomain);

   trace("Child One has Invoker  : " + c1ad.hasDefinition("Invoker"));
   trace("Invoker has Invoker    : " + inad.hasDefinition("Invoker"));
  }
 }
}

Hope this helps.

Tyn
A: 

Really it helps me a lot. Thanks for your great help.

A: 

Thanks! You saved me a lot of anguish in wrestling with this!

Spencer Grey
A: 

Hi guys - I could do with some help in how to implement this - can anyone advise?

Zaid Crowe
A: 

Tyn, you RULE -- this saved my life! Would have been nice if the docs pointed out this as a workaround to AIR security sandbox limitations...

Rob B
A: 

Thank you! This was really helpful.

Boris