The general approach to handling requests is to create a handler, parse the request, set the response data or error code, and close the handler.

The base class used to handle single request/response interaction is com.adobe.flashaccess.sdk.protocol.MessageHandlerBase. An instance of the HandlerConfiguration class is used to initialize the handler. HandlerConfiguration stores server configuration information, including transport credentials, timestamp tolerance, policy update lists, and revocation lists.The handler reads the request data and parses the request into an instance of RequestMessageBase. The caller can examine the information in the request and decide whether to return an error or a successful response (subclasses of RequestMessageBase provide a method for setting response data).

If the request is successful, set the response data; otherwise invoke RequestMessageBase.setErrorData() on failure. Always end the implementation by invoking the close() method (it is recommended that close() be called in the finally block of a try statement). See the MessageHandlerBase API reference documentation for an example of how to invoke the handler.


HTTP status code 200 (OK) should be sent in response to all requests processed by the handler. If the handler could not be created due to a server error, the server may respond with another status code, such as 500 (Internal Server Error).

The client uses the License Server URL specified at packaging time as the base URL for all requests sent to the license server. For example, if the server URL is specified as “https://licenseserver.com/path”, the client will send requests to “https://licenseserver.com/path/flashaccess/…”. See the following sections for details on the specific path used for each type of request. When implementing your license server, be sure the server responds to the paths required for each type of request.

A license request can contain an authentication token. If username/password authentication was used, the request may contain an AuthenticationToken generated by the AuthenticationHandler, and the SDK will ensure the token is valid before issuing a license.

On this page