← Back to ColdFusion Administrator Reference

Data & Services - Flex Integration

Configure Flash Remoting and Flex data services integration (Legacy)

Last updated: February 23, 20262 min read

Removed in ColdFusion 2025: Flex Integration and BlazeDS have been removed from ColdFusion 2025. This page is retained as a historical reference for teams migrating from older ColdFusion versions. Use REST APIs or WebSockets for new development.

Overview

The Flex Integration section configures Flash Remoting and Adobe Flex data services. This is a legacy feature from when Flash and Flex were prominent technologies. Modern ColdFusion applications typically use REST APIs or WebSockets instead of Flash Remoting.

Note: Adobe Flash Player reached end-of-life on December 31, 2020. Flex/Flash Remoting should not be used for new applications. This documentation is maintained for legacy application support only.

Flash Remoting Configuration

Flash Remoting allows Flash/Flex applications to invoke ColdFusion components (CFCs) using the Action Message Format (AMF) protocol.

Enable Flash Remoting

Purpose: Turn Flash Remoting on or off globally
Recommendation: Disable - Flash is end-of-life (December 31, 2020)

Only enable if maintaining legacy Flash applications. Migrate to REST APIs for new development.

AMF Gateway

Purpose: Configure the AMF gateway endpoint URL
Default: /flex2gateway/

Gateway endpoint for Action Message Format (AMF) communication between Flash/Flex clients and ColdFusion.

Messaging Configuration

Purpose: Define messaging channels and endpoints
Files: services-config.xml, remoting-config.xml

XML configuration files that define BlazeDS messaging channels, destinations, and adapters.

BlazeDS Integration

BlazeDS is the open-source version of Adobe LiveCycle Data Services (LCDS). It provides messaging, remoting, and data management services for Flex applications.

Remoting Service

Purpose: RPC calls from Flex to ColdFusion CFCs
Protocol: Action Message Format (AMF)

Allows Flash/Flex clients to invoke CFC methods remotely using binary AMF serialization.

Messaging Service

Purpose: Pub/sub messaging between client and server
Use Cases: Real-time updates, chat, notifications

Legacy messaging system. For new applications, use WebSockets or Server-Sent Events (SSE).

Proxy Service

Purpose: Proxy HTTP/SOAP requests through ColdFusion
Use Cases: Cross-domain requests, service aggregation

Allows Flex clients to access external services through ColdFusion to bypass cross-domain restrictions.

Migration Path

If you're still using Flash Remoting or Flex, consider migrating to modern alternatives:

Recommended Alternatives

REST APIs

Purpose: Replace Flash Remoting with RESTful services
Benefits: Standard HTTP, JSON format, wide client support

Use ColdFusion REST services for modern client-server communication with any front-end framework.

WebSockets

Purpose: Real-time bi-directional communication
Use Cases: Chat, notifications, live updates

Replace BlazeDS messaging with native WebSocket support for real-time features.

JSON APIs

Purpose: Lightweight data exchange format
Benefits: Human-readable, universal support

JSON replaces AMF for data serialization with better debugging and broader client support.

Modern Frameworks

Options: React, Vue, Angular, Svelte
Benefits: Active development, large ecosystems

Replace Flex UI with modern JavaScript frameworks for rich, responsive client applications.

Migration Steps

Step-by-Step Migration Process:

Audit: Identify all Flash/Flex components in your application
Map Endpoints: Map Flash Remoting calls to REST endpoints
Data Conversion: Convert AMF data structures to JSON
Rebuild UI: Rebuild user interface using modern HTML5/JavaScript frameworks
Test Thoroughly: Test all functionality before decommissioning Flash components
Incremental Rollout: Consider phased migration with both systems running in parallel

Security Considerations

If you must maintain Flash Remoting for legacy applications:

Critical Security Measures

Security Alert: Flash Player is end-of-life and no longer receives security updates. Any Flash-based applications are inherently insecure and should be migrated as soon as possible.

If You Must Maintain Legacy Flash Applications:

Network Security: Restrict access to Flash Remoting endpoints using firewall rules
Authentication: Implement authentication and authorization for all remote CFC methods
Input Validation: Validate all input from Flash clients (never trust client-side validation)
HTTPS Only: Use HTTPS for all Flash Remoting traffic to prevent man-in-the-middle attacks
Monitoring: Monitor for unauthorized access attempts and unusual AMF traffic patterns
Patching: Keep ColdFusion patched to address any Flash-related vulnerabilities
Isolation: Isolate Flash-based functionality from critical systems
Migration Plan: Develop and execute a plan to eliminate Flash dependencies

Related Resources

REST API HardeningModern alternative to Flash Remoting for secure client-server communication ColdFusion Administrator ReferenceComplete administrator guide and settings reference ColdFusion Migration PatternsModernization strategies for legacy applications WebSockets in ColdFusionReal-time communication alternative to BlazeDS messaging