Websphere Flex CrossDomain.xml file location

I need to make a webservice request from Flex to a web service running  under Websphere Application Server Express (on an iSeries if that matters...).    I cannot quite figure out where to put the crossdomain.xml file to allow the security to work.

It seemed that it should go under the context-root which would be a path like this on iSeries:

/QIBM/UserData/WebSphere/AppServer/V61/Express/profiles/WASPROFILENAME/installed Apps/TheServer_WASPROFILENAME/ServiceNameNameEAR.ear/ServiceName.war/WEB-INF

Because in the EAR file (well, the subordinate WAR file actually) the equivalent to a standard HTTP server /www root is  "/WEB-INF".

However, having the crossdomain.xml file there still results in a security error.  I have also tried moving it to several other locations and of course, stopping and restarting the Websphere server each time.

I also found another post someone else had made on Adobe a couple years ago (http://forums.adobe.com/thread/81443)  about this problem and they never got a response there so I'm hoping I get a solution here.

Can anyone help me with this?

Thanks in advance!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Do you have a web server in front of your application server? If so, it should go in the context root bound to you application.

You can check that the crossdomain.xml file is accessible by opening a browser and surfing to:


Remember: anything after the .war in the path (like WEB-INF) is not accessible to any web clients including flex applications.

Also double check that your crossdomain.xml file is correct.

Hope this helps.

TURBOSHANAuthor Commented:
Thanks.  Tried putting crossdomain.xml into the HTTP server that fronts the Web Application Server.

So...the HTTP Server name is FLEXHTTP.

I put the crossdomain policy file at this location:

/www/FLEXHTTP/htdocs/    because that is the root.

Still get the following error:


Security error access url.

I KNOW! that it is finding the WSDL because if I try to use an invalid input parameter that does not exist in the WSDL,  it tells me:

Encoding Error
Required parameter 'inputData' not found in input arguments.

FYI - the actual parameter name in the WSDL is called inputData.

Thanks for any help anyone can provide!

Can you access the crossdomain file by pointing a browser to:


If so, the crossdomain file is not the problem. Can you post the contents of the crossdomain,xml file?


TURBOSHANAuthor Commented:
Yes, I can get to it that way.  

This is what it looks like:

  <?xml version="1.0" ?>
  <!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
  <allow-access-from domain="*" secure="true" />
TURBOSHANAuthor Commented:
OK.  I figured this out!  Woo-hoo!

Because of security "enhancements" in the Flash player with version or later....you now have to include the following line in your crossdomain.xml file:

 <allow-http-request-headers-from domain="*" headers="*" />

Once I added that,  I was able to access the web service without problems.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Editors IDEs

From novice to tech pro — start learning today.