Welcome!

Adobe Flex Authors: Matthew Lobas, PR.com Newswire, Shelly Palmer, Kevin Benedict

Related Topics: Adobe Flex

Adobe Flex: Article

A New Solution for Flash Remoting

Integrating Flash clients with server-side components

If you do Flash Remoting in .NET - read on. We at MXDJ began to hear about FlashORB and went straight to the source for an inside view of this alternative to Macromedia's Flash Remoting.

Everyone is talking about rich Internet applications. Some are experimenting; others are building real applications. Flash MX downloads are exceeding all expectations, and there is a general consensus that the Internet has evolved enough to take the user experience to the next level. With all the advancements on the client side, however, there has not been enough innovation on the server side. Macromedia has provided the initial set of the server-side technologies with Flash Remoting, but has not updated them since the initial release. The technology is still intrusive, noncohesive, and expensive. Many of these factors have influenced the creation of several alternatives to Flash Remoting. One of them, FlashORB, is reviewed in this article.

FlashORB is essentially a Flash Messaging server, consisting of three major subsystems: Flash Remoting, Web Services Gateway, and XML Socket Server. Available in two editions (Java and .NET), the software provides a new way to integrate Flash clients with the server-side components (Java/.NET objects, EJBs, Web services, business applications). Architecturally the product is positioned between the client Flash UI and the server-side application; as a result, FlashORB addresses the needs of both UI and server component developers. For example, facilities within FlashORB like Call Tracing in the Management Console and the ActionScript code generator aid the UI team, while custom serializers, activation modes, and object factories help server-side developers. FlashORB nicely separates the responsibilities of the UI and the sever-side development teams.

A Few Words About Flash Remoting
If you are new to the concept of Flash Remoting, it is worthwhile to get a brief overview of the technology before delving into the core of FlashORB. The primary purpose of Flash Remoting is to enable Flash clients to perform invocations on server-side services (Java/.NET objects, Web services, etc.). The technology consists of two primary parts: Flash Remoting Components and Flash Remoting Server. The Remoting components are a set of ActionScript programs that enable connectivity and messaging between Flash clients and the server side. The Flash Remoting Server is responsible for receiving client requests, dispatching invocations on the specified components, and serializing responses in the appropriate format. The format utilized in Flash Remoting is called AMF (Action Message Format); it is a binary format but is streamed over HTTP/HTTPS to ease firewall traversal. Code I and Code II demonstrate the server-side class and the client-side ActionScript invoking a method of the class.

The operation flow is very simple.

  1. Flash client creates a connection to a server running at "http://remoting server url" (line 3).
  2. It obtains a reference to a service identified by the full type (class) name. (line 4).
  3. The client invokes a method from the server class, as if it is present locally (line 5).
  4. Flash Remoting Server receives client request and performs method invocation on the designated type(class). The result from the method invocation is sent to the client.
  5. The response received from the server is dispatched into a function named as methodname_Result, where methodname is the invoked method (line 7).
Better Flash Remoting with .NET
Now let's take a look at FlashORB as a remoting solution focusing on the main features differentiating it from the competing alternatives available in the marketplace. Each feature will be demonstrated with an example to clarify its use with actual code. For the simplicity and clarity, all of the examples use FlashORB.NET - the edition of the product for the Microsoft.NET environment; all the features discussed are also available in the Java edition.

Type Adaptation
One of the major product differentiators is the type adaptation system. Driven by the design principle of nonintrusive integration, the type adaptation system allows automatic plug-and-play of FlashORB into user applications. To understand how type adaptation works consider the example in Code III and Code IV.

The Flash side sends an untyped object to the server (line 10). When FlashORB receives such an object it tries to convert it into the formal argument type of the invoked method. All the fields from the untyped object are matched against the fields in the formal argument type. This process of converting data received from Flash clients into formal argument types is called "type adaptation." Although the example shown is rather primitive, FlashORB can easily convert even the most complicated data structures. It also works well with the built-in collection and utility classes. For example, an instance of ActionScript Array can be adapted to System.Collections.ArrayList or System.Collections.Stack or any other data structure where data is organized in a linear fashion.

Security
The lack of any security is the Achilles heel of most Flash Remoting servers. A particularly egregious example in Code V demonstrates the severity of this omission. Since all public classes and their corresponding public methods are automatically exposed for Flash Remoting invocations, the code can shut down any Java VM or IIS application.

As you can see in Code V, without security restrictions in place it takes just a few lines of code to bring down the entire server. Therefore, securing Flash Remoting applications is of critical importance. Using FlashORB's configuration file or the management console, developers or administrators can restrict or grant access to the code identified by the package/namespace name or full class name. There are four types of restrictions that can be grouped together: restriction by role name, IP address, subnet address, or hostname. For example, to prevent the code above from working, FlashORB can be configured to reject access to java.lang.* for any requests arriving from clients whose IP addresses match the *.*.*.* pattern.

Remote References
The concept of remote references is not new in distributed computing. However, it is a novel in the area of Flash Remoting. FlashORB is the only server supporting remote references. If you're wondering what they are and how it works consider the example in Code VI.

Remote references are client-side proxies to server-side objects. On the server side a remote reference is created by developing a class that implements the Flashorb.IRemote (line 3) interface and providing a method that returns an instance of itself (line 9). The ActionScript code shown in Code VII demonstrates how to obtain a remote reference to an instance of the RemoteReferenceClass class and invoke its methods.

A Flash Remoting service invokes a method on a server-side object (line 5). Since the method on the server side returns an instance of Flashorb.IRemote, FlashORB serializes it as a remote reference. The client side receives and caches the reference (lines 7-9) and then performs a remote method invocation via the remote reference object (line 11).

This feature brings the UI and the server sides closer together and provides an extra level of sophistication for the client/server applications.

Management Console
The FlashORB management console is a Flash Remoting application designed to simplify the tasks of managing and configuring the product. Currently the console provides the following capabilities: display and/or configuration of the product runtime information, FlashORB security, logging categories, logging policies, handler chains, and object factories. Also, the console exposes the Call Trace feature described in greater detail later in the article. Image I is a screenshot of one of the modules in the management console.

XML Socket Server
FlashORB was designed to provide a rich framework for building interactive rich Internet applications. The requirements of the rich-client applications go far beyond Flash Remoting and demand support for various message exchange paradigms: point-to-point, broadcast, unicast, server event push, etc. FlashORB includes an XML Socket Server to address these needs. The socket server is very lightweight and is optimized for the maximum performance. As the name suggests, the primary usage of this feature is processing XML documents; it can, however, also process binary messages. It has a rich set of easy-to-use APIs to facilitate building interactive messaging applications with the features like chat, message broadcast, event notification, and asynchronous server-side updates. For example, FlashORB Management console uses XML Socket Server to receive a continuous stream of server "runtime stats" without resorting to a sluggish polling architecture.

Call Tracing
Call tracing is a concept slightly similar to what Flash developers know as the "NetConnection Debugger." If you are not familiar with this concept, NetDebug is a debugging facility that exposes detailed information about Flash Remoting calls. The biggest disadvantage of this, however, is that NetDebug works only in the development environment for calls that occur during the current execution of the application. It is impossible to inspect Remoting calls from previous application runs. Unlike its Macromedia counterpart, FlashORB call tracing is a server-side feature. As a result, it works regardless of whether the Remoting application was executed in a development environment, a standalone Flash player or in a browser. When the feature is enabled, the server efficiently persists the data about Flash Remoting calls. This allows the Call Trace subsystem to provide data about the invocations that occurred during the current session, or any previous session. Additionally a facility is provided to apply search filters onto the data in order to highlight specific invocations. For example, you can create a filter to search for all invocations where invocation time is greater than 500ms and method name contains verb "set."

The FlashORB management console provides a graphical Call Tracing module to make this information easily accessible to developers. The module allows observing invocations in real time as well as browsing and searching the call trace store. Each invocation displayed in the module can be inspected to get the details about method argument values and the return value. Image II is a screenshot showing the Call Tracing module from the console.

Conclusion
As application developers seek new ways to differentiate their software and to improve the end-user experience, the client/server development frameworks must be able to provide a new, rich set of features. Flash Remoting is a great client/server integration approach, but it must rapidly evolve to simplify the integration and shorten the gap between UI front ends and server-side components. FlashORB is an example of a quickly evolving, feature-rich development framework. A free evaluation copy is available at www.flashorb.com; try it out!

More Stories By Joe Orbman

With more than 15 years of software engineering practice and 8 years of distributed computing experience, Joe Orbman plays a key role in the day-to-day operations of Midnight Coders. With responsibilities renging from chief architect to product evangelist, Joe is responsible for product architecture, strategic positioning, and developers' communication.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in ...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
Rodrigo Coutinho is part of OutSystems' founders' team and currently the Head of Product Design. He provides a cross-functional role where he supports Product Management in defining the positioning and direction of the Agile Platform, while at the same time promoting model-based development and new techniques to deliver applications in the cloud.
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
LogRocket helps product teams develop better experiences for users by recording videos of user sessions with logs and network data. It identifies UX problems and reveals the root cause of every bug. LogRocket presents impactful errors on a website, and how to reproduce it. With LogRocket, users can replay problems.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secu...