WEBINAR:
On-Demand
Application Security Testing: An Integral Part of DevOps

n
part 1 of this series, I discussed various ways to connect a Flash application to a server. Why? Connecting Flash to a server allows for more robust, dynamic, and useful applications than is otherwise possible. More and more companies are replacing traditional Web applications on intranets, extranets and public sites with rich Internet apps, providing the interactivity and responsiveness of a client-server application with the fully distributed nature of an Internet application. To make this possible, it is necessary to integrate external data.

Introducing Flash Remoting
Flash Remoting allows data to be exchanged between a Flash Player and an application server using a format called AMF (ActionScript Messaging Format), which is a Macromedia proprietary binary format based on SOAP. On the client side, native Flash objects are sent by the Player to the Flash Remoting gateway using AMF. At the gateway, they are serialized into native objects for the application server and passed on to the appropriate server-side services.
Table 1 shows the serializations from Flash into .NET, Java, and ColdFusion data types, while Table 2 shows the serializations performed from the application server data types back into ActionScript.
Table 1. Serializing Data from Flash Objects
ActionScript
|
C#
|
Java
|
ColdFusion
|
Number
|
Double
|
Double
|
Number
|
Boolean
|
Boolean
|
Boolean
|
Boolean
|
String
|
String
|
String
|
String
|
Object
|
ICollection
|
java.util.map
|
Arguments Collection
|
Ordered Array
|
ArrayList
|
ArrayList
|
Array
|
Named Array
|
Hashtable
|
java.util.map
|
Structure
|
Date
|
DateTime
|
Date
|
Date
|
XML
|
XmlDocument
|
org.w3c.dom.Document
|
XML
|
Table 2. Serializing Data into Flash Objects
ActionScript
|
C#
|
Java
|
ColdFusion
|
Array
|
Array, ICollection
|
Object[], Array of primitive types, Collection, Map
|
Array
|
Boolean
|
Bool
|
Boolean
|
Boolean
|
Number
|
Int, float, double
|
Number
|
Numeric
|
String
|
String
|
Character
|
String
|
Date
|
DateTime
|
Date
|
Date
|
RecordSet
|
DataTable
|
java.sql.ResultSet,
flashgateway.sql.PageableResultSet
|
Query
|
Object
|
HashTable
|
Throwable, flashgateway.io.ASObject, Dictionary, Serializable
|
Structure
|
XML
|
XmlDocument
|
org.w3c.dom.Document, flashgateway.io.ASXMLString
|
XML
|
When results are returned, the gateway serializes them back into native Flash objects and sends them on to the Flash client via AMF. When the data arrives in Flash, it is already in native object format, so it can be used without any further translation. Further, all the data transfer between the client and server is done in AMF over HTTP, so there are no new firewall restrictions for Flash applications using Remoting.
There are two pieces needed to use Flash Remoting: The Flash Remoting gateway (also called the Remoting Server) and a Flash application into which the Flash Remoting components are compiled. In the next section, I'll discuss how each of these pieces work, as well as the basics of AMF, then, later, I'll try out Flash Remoting with a simple application.