← Back to ColdFusion Administrator Reference

Data & Services - Flex Integration

Configure Flash Remoting and Flex data services integration (Legacy)

Last updated: October 27, 20252 min read

Overview

The Flex Integration section configures Flash Remoting and Adobe Flex data services. This is a legacy feature from when Flash and Flex were prominent technologies. Modern ColdFusion applications typically use REST APIs or WebSockets instead of Flash Remoting.

Note: Adobe Flash Player reached end-of-life on December 31, 2020. Flex/Flash Remoting should not be used for new applications. This documentation is maintained for legacy application support only.

Flash Remoting Configuration

Flash Remoting allows Flash/Flex applications to invoke ColdFusion components (CFCs) using the Action Message Format (AMF) protocol.

Enable Flash Remoting

Purpose: Turn Flash Remoting on or off globally
Recommendation: Disable - Flash is end-of-life (December 31, 2020)

Only enable if maintaining legacy Flash applications. Migrate to REST APIs for new development.

AMF Gateway

Purpose: Configure the AMF gateway endpoint URL
Default: /flex2gateway/

Gateway endpoint for Action Message Format (AMF) communication between Flash/Flex clients and ColdFusion.

Messaging Configuration

Purpose: Define messaging channels and endpoints
Files: services-config.xml, remoting-config.xml

XML configuration files that define BlazeDS messaging channels, destinations, and adapters.

BlazeDS Integration

BlazeDS is the open-source version of Adobe LiveCycle Data Services (LCDS). It provides messaging, remoting, and data management services for Flex applications.

Remoting Service

Purpose: RPC calls from Flex to ColdFusion CFCs
Protocol: Action Message Format (AMF)

Allows Flash/Flex clients to invoke CFC methods remotely using binary AMF serialization.

Messaging Service

Purpose: Pub/sub messaging between client and server
Use Cases: Real-time updates, chat, notifications

Legacy messaging system. For new applications, use WebSockets or Server-Sent Events (SSE).

Proxy Service

Purpose: Proxy HTTP/SOAP requests through ColdFusion
Use Cases: Cross-domain requests, service aggregation

Allows Flex clients to access external services through ColdFusion to bypass cross-domain restrictions.

Migration Path

If you're still using Flash Remoting or Flex, consider migrating to modern alternatives:

Recommended Alternatives

REST APIs

Purpose: Replace Flash Remoting with RESTful services
Benefits: Standard HTTP, JSON format, wide client support

Use ColdFusion REST services for modern client-server communication with any front-end framework.

WebSockets

Purpose: Real-time bi-directional communication
Use Cases: Chat, notifications, live updates

Replace BlazeDS messaging with native WebSocket support for real-time features.

JSON APIs

Purpose: Lightweight data exchange format
Benefits: Human-readable, universal support

JSON replaces AMF for data serialization with better debugging and broader client support.

Modern Frameworks

Options: React, Vue, Angular, Svelte
Benefits: Active development, large ecosystems

Replace Flex UI with modern JavaScript frameworks for rich, responsive client applications.

Migration Steps

Step-by-Step Migration Process:

Audit: Identify all Flash/Flex components in your application
Map Endpoints: Map Flash Remoting calls to REST endpoints
Data Conversion: Convert AMF data structures to JSON
Rebuild UI: Rebuild user interface using modern HTML5/JavaScript frameworks
Test Thoroughly: Test all functionality before decommissioning Flash components
Incremental Rollout: Consider phased migration with both systems running in parallel

Security Considerations

If you must maintain Flash Remoting for legacy applications:

Critical Security Measures

Security Alert: Flash Player is end-of-life and no longer receives security updates. Any Flash-based applications are inherently insecure and should be migrated as soon as possible.

If You Must Maintain Legacy Flash Applications:

Network Security: Restrict access to Flash Remoting endpoints using firewall rules
Authentication: Implement authentication and authorization for all remote CFC methods
Input Validation: Validate all input from Flash clients (never trust client-side validation)
HTTPS Only: Use HTTPS for all Flash Remoting traffic to prevent man-in-the-middle attacks
Monitoring: Monitor for unauthorized access attempts and unusual AMF traffic patterns
Patching: Keep ColdFusion patched to address any Flash-related vulnerabilities
Isolation: Isolate Flash-based functionality from critical systems
Migration Plan: Develop and execute a plan to eliminate Flash dependencies

Related Resources

REST API HardeningModern alternative to Flash Remoting for secure client-server communication ColdFusion Administrator ReferenceComplete administrator guide and settings reference ColdFusion Migration PatternsModernization strategies for legacy applications WebSockets in ColdFusionReal-time communication alternative to BlazeDS messaging