Re: [Red5] One-time ticket authentication through MySQL
Dan Rossi said the following: That sounds like a killa plan or just use AMF via the app. However our video servers are in one DC and sites in another, so thedb conns are over the wire. Derby. http://db.apache.org/derby So an embedded db in red5 if there is an embedded java solution ? And connecting to the app via AMF3 ! thats the plan to test. I use mysql exclusively but on the php nix end. The video servers are on windows, so if someone has an embedded db suggestion let me know. Storm wrote: Thanks for sharing, Jason. This piece could be useful for me in near future ;) Cheers On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote: I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1. Flash movie passes username and password to web server(via SSL using AMFPHP) 2. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //serverStream.saveAs(aaa, false); //serverStream.saveAs(bbb, false); // } catch (Exception e) {} // } //**START AUTHENTICATION CODE** //here we go... boolean authenticated = false; authenticated = authenticate(params); if(authenticated){ log.info(Come on in friend!); return super.appConnect(conn, params); }else{ log.info(Yikes! A LEACH!!); } rejectClient(); return false; } private boolean authenticate(Object[] params){ String authTicketID = (String)params[0]; String authTicket = (String)params[1]; //convert the third parameter from a string that represents a timestamp, to a java timestamp data type java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf ((String)params[2]); //the connection paremeters... log.info(authTicketID +authTicketID); log.info(authTicket +authTicket); log.info(authTimestamp +authTimestamp); ResultSet rs = null; Connection conn = null; PreparedStatement pstmt = null; String dbTID = null; String dbTicket = null; java.sql.Timestamp dbCreated = null; java.sql.Timestamp dbStaleDateTime = null; try {
Re: [Red5] One-time ticket authentication through MySQL
No, we dont use the PHP Session, in fact, we could. Its easier to work with you own Session ID. You can also use it as an authentification Ticket. For example the technique of .nET is good. Just think about it. The Server use a AES cipher to crypt a Ticket. In this ticket you can include everything, IDs, Specials Authentication information. Then the Server stores it on the client as a cookie. The client is NOT ABLE to decrypt it, recrypt or anything else, the code is to big for purpose. The client sends the ticket back to the server and the server can encrypt the stuff again with its secret key. mfg nomIad Dan Rossi schrieb: Db based session stuff ? nomIad wrote: Just for information. We use another technique in our Project. The problem is we have to provide a onetime logon for our customers. So we work with PHP sessions and Authentification tickets. To ensure that the user connects to the chat, we call an transaction key from the Server (One time). And share it for all applications used. The special thing is, that there is no matter how many browser window the client has open. Its a very fast and comfortable for the client. And the good thing, its provide a good security. mfg nomIad Dan Rossi schrieb: That sounds like a killa plan or just use AMF via the app. However our video servers are in one DC and sites in another, so thedb conns are over the wire. So an embedded db in red5 if there is an embedded java solution ? And connecting to the app via AMF3 ! thats the plan to test. I use mysql exclusively but on the php nix end. The video servers are on windows, so if someone has an embedded db suggestion let me know. Storm wrote: Thanks for sharing, Jason. This piece could be useful for me in near future ;) Cheers On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote: I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1. Flash movie passes username and password to web server(via SSL using AMFPHP) 2. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //
Re: [Red5] One-time ticket authentication through MySQL
Thanks for sharing, Jason. This piece could be useful for me in near future ;) Cheers On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote: I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1. Flash movie passes username and password to web server(via SSL using AMFPHP) 2. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //serverStream.saveAs(aaa, false); //serverStream.saveAs(bbb, false); // } catch (Exception e) {} // } //**START AUTHENTICATION CODE** //here we go... boolean authenticated = false; authenticated = authenticate(params); if(authenticated){ log.info(Come on in friend!); return super.appConnect(conn, params); }else{ log.info(Yikes! A LEACH!!); } rejectClient(); return false; } private boolean authenticate(Object[] params){ String authTicketID = (String)params[0]; String authTicket = (String)params[1]; //convert the third parameter from a string that represents a timestamp, to a java timestamp data type java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf ((String)params[2]); //the connection paremeters... log.info(authTicketID +authTicketID); log.info(authTicket +authTicket); log.info(authTimestamp +authTimestamp); ResultSet rs = null; Connection conn = null; PreparedStatement pstmt = null; String dbTID = null; String dbTicket = null; java.sql.Timestamp dbCreated = null; java.sql.Timestamp dbStaleDateTime = null; try { //connect to the DB conn = getConnection(); //query string for prepared statement String query = SELECT tid, ticket, created, staleDateTime FROM tickets WHERE tid = ? AND ticket = ?; //prepared statement pstmt = conn.prepareStatement(query); // create a statement pstmt.setString(1, authTicketID); // set input parameters pstmt.setString(2, authTicket); //resultSet rs = pstmt.executeQuery(); //move the resultSet cursor forward and grab the data
Re: [Red5] One-time ticket authentication through MySQL
That sounds like a killa plan or just use AMF via the app. However our video servers are in one DC and sites in another, so thedb conns are over the wire. So an embedded db in red5 if there is an embedded java solution ? And connecting to the app via AMF3 ! thats the plan to test. I use mysql exclusively but on the php nix end. The video servers are on windows, so if someone has an embedded db suggestion let me know. Storm wrote: Thanks for sharing, Jason. This piece could be useful for me in near future ;) Cheers On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote: I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1. Flash movie passes username and password to web server(via SSL using AMFPHP) 2. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //serverStream.saveAs(aaa, false); //serverStream.saveAs(bbb, false); // } catch (Exception e) {} // } //**START AUTHENTICATION CODE** //here we go... boolean authenticated = false; authenticated = authenticate(params); if(authenticated){ log.info(Come on in friend!); return super.appConnect(conn, params); }else{ log.info(Yikes! A LEACH!!); } rejectClient(); return false; } private boolean authenticate(Object[] params){ String authTicketID = (String)params[0]; String authTicket = (String)params[1]; //convert the third parameter from a string that represents a timestamp, to a java timestamp data type java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf ((String)params[2]); //the connection paremeters... log.info(authTicketID +authTicketID); log.info(authTicket +authTicket); log.info(authTimestamp +authTimestamp); ResultSet rs = null; Connection conn = null; PreparedStatement pstmt = null; String dbTID = null; String dbTicket = null; java.sql.Timestamp dbCreated = null; java.sql.Timestamp dbStaleDateTime =
Re: [Red5] One-time ticket authentication through MySQL
Just for information. We use another technique in our Project. The problem is we have to provide a onetime logon for our customers. So we work with PHP sessions and Authentification tickets. To ensure that the user connects to the chat, we call an transaction key from the Server (One time). And share it for all applications used. The special thing is, that there is no matter how many browser window the client has open. Its a very fast and comfortable for the client. And the good thing, its provide a good security. mfg nomIad Dan Rossi schrieb: That sounds like a killa plan or just use AMF via the app. However our video servers are in one DC and sites in another, so thedb conns are over the wire. So an embedded db in red5 if there is an embedded java solution ? And connecting to the app via AMF3 ! thats the plan to test. I use mysql exclusively but on the php nix end. The video servers are on windows, so if someone has an embedded db suggestion let me know. Storm wrote: Thanks for sharing, Jason. This piece could be useful for me in near future ;) Cheers On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote: I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1. Flash movie passes username and password to web server(via SSL using AMFPHP) 2. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //serverStream.saveAs(aaa, false); //serverStream.saveAs(bbb, false); // } catch (Exception e) {} // } //**START AUTHENTICATION CODE** //here we go... boolean authenticated = false; authenticated = authenticate(params); if(authenticated){ log.info(Come on in friend!); return super.appConnect(conn, params); }else{ log.info(Yikes! A LEACH!!); } rejectClient(); return false; } private boolean authenticate(Object[] params){ String authTicketID = (String)params[0]; String authTicket = (String)params[1]; //convert the third parameter from a string that represents a timestamp, to a java timestamp data type java.sql.Timestamp authTimestamp =
Re: [Red5] One-time ticket authentication through MySQL
Db based session stuff ? nomIad wrote: Just for information. We use another technique in our Project. The problem is we have to provide a onetime logon for our customers. So we work with PHP sessions and Authentification tickets. To ensure that the user connects to the chat, we call an transaction key from the Server (One time). And share it for all applications used. The special thing is, that there is no matter how many browser window the client has open. Its a very fast and comfortable for the client. And the good thing, its provide a good security. mfg nomIad Dan Rossi schrieb: That sounds like a killa plan or just use AMF via the app. However our video servers are in one DC and sites in another, so thedb conns are over the wire. So an embedded db in red5 if there is an embedded java solution ? And connecting to the app via AMF3 ! thats the plan to test. I use mysql exclusively but on the php nix end. The video servers are on windows, so if someone has an embedded db suggestion let me know. Storm wrote: Thanks for sharing, Jason. This piece could be useful for me in near future ;) Cheers On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote: I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1. Flash movie passes username and password to web server(via SSL using AMFPHP) 2. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] [EMAIL PROTECTED]} */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //serverStream.saveAs(aaa, false); //serverStream.saveAs(bbb, false); // } catch (Exception e) {} // } //**START AUTHENTICATION CODE** //here we go... boolean authenticated = false; authenticated = authenticate(params); if(authenticated){ log.info(Come on in friend!); return super.appConnect(conn, params); }else{ log.info(Yikes! A LEACH!!); } rejectClient(); return false; } private boolean authenticate(Object[] params){ String authTicketID = (String)params[0]; String authTicket = (String)params[1];
[Red5] One-time ticket authentication through MySQL
I'm not a Java developer but I have created VERY simple authentication for my oflaDemo webapp. I got the idea from reading the 'Programming Flash Communication Server' book (published by O'reilly), chaper 18 'Securing Applications'. 1.. Flash movie passes username and password to web server(via SSL using AMFPHP) 2.. Web server/application server returns a one-time ticket(through two hashed strings, tid and ticket) to the flash movie 3.. Flash movie connects to Red5 using the tid and ticket(instead of username and password...) 4.. Red5 checks the tid and ticket against a MySQL db and accepts or rejects the connection In step one I also create a timestamp representing the creation time, and a 'stale' datetime a couple minutes after the creation time. So my simple 'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user table), created(timestamp) and staleDateTime. The ticket is only valid if it is used between the creation time and stale time. You'll need to install the MySQL JDBC driver and add it's jar to your classpath. Here's my oflaDemo Application.java, but please remember this is temporary authentication... and VERY simple!!! Hope this helps someone :-) code follows... package org.red5.server.webapp.oflaDemo; import org.red5.server.adapter.ApplicationAdapter; import org.red5.server.api.IConnection; import org.red5.server.api.IScope; import org.red5.server.api.stream.IServerStream; import org.red5.server.api.stream.IStreamCapableConnection; import org.red5.server.api.stream.support.SimpleBandwidthConfigure; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; //import sql classes import java.sql.*; public class Application extends ApplicationAdapter { //logging private static final Log log = LogFactory.getLog(Application.class); private IScope appScope; private IServerStream serverStream; /** [EMAIL PROTECTED] */ @Override public boolean appStart(IScope app) { appScope = app; return true; } /** [EMAIL PROTECTED] */ @Override public boolean appConnect(IConnection conn, Object[] params) { // Trigger calling of onBWDone, required for some FLV players measureBandwidth(conn); if (conn instanceof IStreamCapableConnection) { IStreamCapableConnection streamConn = (IStreamCapableConnection) conn; SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure(); sbc.setMaxBurst(8 * 1024 * 1024); sbc.setBurst(8 * 1024 * 1024); sbc.setOverallBandwidth(2 * 1024 * 1024); streamConn.setBandwidthConfigure(sbc); } // if (appScope == conn.getScope()) { // serverStream = StreamUtils.createServerStream(appScope, live0); // SimplePlayItem item = new SimplePlayItem(); // item.setStart(0); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // item = new SimplePlayItem(); // item.setStart(2); // item.setLength(1); // item.setName(on2_flash8_w_audio); // serverStream.addItem(item); // serverStream.start(); // try { //serverStream.saveAs(aaa, false); //serverStream.saveAs(bbb, false); // } catch (Exception e) {} // } //**START AUTHENTICATION CODE** //here we go... boolean authenticated = false; authenticated = authenticate(params); if(authenticated){ log.info(Come on in friend!); return super.appConnect(conn, params); }else{ log.info(Yikes! A LEACH!!); } rejectClient(); return false; } private boolean authenticate(Object[] params){ String authTicketID = (String)params[0]; String authTicket = (String)params[1]; //convert the third parameter from a string that represents a timestamp, to a java timestamp data type java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf((String)params[2]); //the connection paremeters... log.info(authTicketID +authTicketID); log.info(authTicket +authTicket); log.info(authTimestamp +authTimestamp); ResultSet rs = null; Connection conn = null; PreparedStatement pstmt = null; String dbTID = null; String dbTicket = null; java.sql.Timestamp dbCreated = null; java.sql.Timestamp dbStaleDateTime = null; try { //connect to the DB conn = getConnection(); //query string for prepared statement String query = SELECT tid, ticket, created, staleDateTime FROM tickets WHERE tid = ? AND ticket = ?; //prepared statement pstmt = conn.prepareStatement(query); // create a statement pstmt.setString(1, authTicketID); // set input parameters pstmt.setString(2, authTicket); //resultSet rs = pstmt.executeQuery(); //move the resultSet cursor forward and grab the data while(rs.next()){ dbTID = rs.getString(1); dbTicket =