unity

Unity Technote 00003: Configuring Unity to serve a socket master policy file

This technote describes how to configure Unity Multiuser Server to serve a socket master policy file in order to address Flash Player security restrictions introduced by Adobe in April 2008.

Note: on Unix and Linux-based systems, the following procedure typically requires root-level system access. Customers that do not have root access should serve regular socket policy files instead of a master policy file.

1. If you are not already running Unity Multiuser Server version 2.0.3, first update your software.
2. In the Unity server root directory, edit policy.xml.
3. Replace the entire contents of policy.xml with the following code. Change example.com to the domain on which Unity Multiuser Server is running. Change 9100,9101 to your desired list of authorized ports. Note:
   • If you wish to allow connections from foreign hosts, list them in separate <allow-access-from> tags.
   • If you want Flash Player to ignore regular socket policy files, change all to master-only.

   <cross-domain-policy>
     <site-control permitted-cross-domain-policies="all"/>
     <allow-access-from domain="*.example.com" to-ports="9100,9101" />
   </cross-domain-policy>
   

4. In the Unity server root directory, edit uconfig.xml.
5. Locate the <SERVICE> tag containing the <ID>PolicyFileService</ID> tag. Inside that <SERVICE> tag, change <PORT>9102</PORT> to <PORT>843</PORT>. For example:

   <SERVICE>
     <ID>PolicyFileService</ID>
     <CLASSNAME>org.moock.unity.opt.policyserver.PolicyServer</CLASSNAME>
     <ATTRIBUTES>
       <PORT>843</PORT>
       <POLICY_FILE>policy.xml</POLICY_FILE>
     </ATTRIBUTES>
   </SERVICE>

6. If you run Unity on Unix or Linux, log in as root.
7. Restart Unity Multiuser Server.

Revision history

April 5, 2008: Posted