Re: [Red5] One-time ticket authentication through MySQL
Dan Rossi said the following:
That sounds like a killa plan or just use AMF via the app. However our
video servers are in one DC and sites in another, so thedb conns are
over the wire.
Derby.
http://db.apache.org/derby
So an embedded db in red5 if there is an embedded java
solution ?
And connecting to the app via AMF3 ! thats the plan to test.
I use mysql exclusively but on the php nix end. The video servers are
on windows, so if someone has an embedded db suggestion let me know.
Storm wrote:
Thanks for sharing, Jason. This piece could be useful for me in near
future
;)
Cheers
On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote:
I'm not a Java developer but I have created VERY simple authentication
for my oflaDemo webapp. I got the idea from reading the 'Programming
Flash
Communication Server' book (published by O'reilly), chaper 18 'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation time,
and
a 'stale' datetime a couple minutes after the creation time. So my
simple
'tickets' table has five columns: tid, ticket, uid(linking the ticket
to a
user table), created(timestamp) and staleDateTime. The ticket is
only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please remember
this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection)
conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//serverStream.saveAs(aaa, false);
//serverStream.saveAs(bbb, false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info(Come on in friend!);
return super.appConnect(conn, params);
}else{
log.info(Yikes! A LEACH!!);
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
//convert the third parameter from a string that represents a
timestamp, to a java timestamp data type
java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf
((String)params[2]);
//the connection paremeters...
log.info(authTicketID +authTicketID);
log.info(authTicket +authTicket);
log.info(authTimestamp +authTimestamp);
ResultSet rs = null;
Connection conn = null;
PreparedStatement pstmt = null;
String dbTID = null;
String dbTicket = null;
java.sql.Timestamp dbCreated = null;
java.sql.Timestamp dbStaleDateTime = null;
try {
Re: [Red5] One-time ticket authentication through MySQL
No, we dont use the PHP Session, in fact, we could.
Its easier to work with you own Session ID. You can also use it as an
authentification Ticket.
For example the technique of .nET is good.
Just think about it. The Server use a AES cipher to crypt a Ticket. In
this ticket you can include everything, IDs, Specials Authentication
information. Then the Server stores it on the client as a cookie.
The client is NOT ABLE to decrypt it, recrypt or anything else, the code
is to big for purpose. The client sends the ticket back to the server
and the server can encrypt the stuff again with its secret key.
mfg nomIad
Dan Rossi schrieb:
Db based session stuff ?
nomIad wrote:
Just for information.
We use another technique in our Project.
The problem is we have to provide a onetime logon for our customers.
So we work with PHP sessions and Authentification tickets.
To ensure that the user connects to the chat, we call an transaction
key from the Server (One time). And share it for all applications used.
The special thing is, that there is no matter how many browser window
the client has open.
Its a very fast and comfortable for the client. And the good thing,
its provide a good security.
mfg nomIad
Dan Rossi schrieb:
That sounds like a killa plan or just use AMF via the app. However
our video servers are in one DC and sites in another, so thedb conns
are over the wire. So an embedded db in red5 if there is an embedded
java solution ? And connecting to the app via AMF3 ! thats the plan
to test. I use mysql exclusively but on the php nix end. The video
servers are on windows, so if someone has an embedded db suggestion
let me know.
Storm wrote:
Thanks for sharing, Jason. This piece could be useful for me in near
future
;)
Cheers
On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote:
I'm not a Java developer but I have created VERY simple
authentication
for my oflaDemo webapp. I got the idea from reading the
'Programming Flash
Communication Server' book (published by O'reilly), chaper 18
'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation
time, and
a 'stale' datetime a couple minutes after the creation time. So my
simple
'tickets' table has five columns: tid, ticket, uid(linking the
ticket to a
user table), created(timestamp) and staleDateTime. The ticket is
only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please
remember this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection)
conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//
Re: [Red5] One-time ticket authentication through MySQL
Thanks for sharing, Jason. This piece could be useful for me in near future
;)
Cheers
On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote:
I'm not a Java developer but I have created VERY simple authentication
for my oflaDemo webapp. I got the idea from reading the 'Programming Flash
Communication Server' book (published by O'reilly), chaper 18 'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation time, and
a 'stale' datetime a couple minutes after the creation time. So my simple
'tickets' table has five columns: tid, ticket, uid(linking the ticket to a
user table), created(timestamp) and staleDateTime. The ticket is only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please remember this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection) conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//serverStream.saveAs(aaa, false);
//serverStream.saveAs(bbb, false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info(Come on in friend!);
return super.appConnect(conn, params);
}else{
log.info(Yikes! A LEACH!!);
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
//convert the third parameter from a string that represents a
timestamp, to a java timestamp data type
java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf
((String)params[2]);
//the connection paremeters...
log.info(authTicketID +authTicketID);
log.info(authTicket +authTicket);
log.info(authTimestamp +authTimestamp);
ResultSet rs = null;
Connection conn = null;
PreparedStatement pstmt = null;
String dbTID = null;
String dbTicket = null;
java.sql.Timestamp dbCreated = null;
java.sql.Timestamp dbStaleDateTime = null;
try {
//connect to the DB
conn = getConnection();
//query string for prepared statement
String query = SELECT tid, ticket, created, staleDateTime
FROM tickets WHERE tid = ? AND ticket = ?;
//prepared statement
pstmt = conn.prepareStatement(query); // create a statement
pstmt.setString(1, authTicketID); // set input parameters
pstmt.setString(2, authTicket);
//resultSet
rs = pstmt.executeQuery();
//move the resultSet cursor forward and grab the data
Re: [Red5] One-time ticket authentication through MySQL
That sounds like a killa plan or just use AMF via the app. However our
video servers are in one DC and sites in another, so thedb conns are
over the wire. So an embedded db in red5 if there is an embedded java
solution ? And connecting to the app via AMF3 ! thats the plan to test.
I use mysql exclusively but on the php nix end. The video servers are
on windows, so if someone has an embedded db suggestion let me know.
Storm wrote:
Thanks for sharing, Jason. This piece could be useful for me in near
future
;)
Cheers
On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote:
I'm not a Java developer but I have created VERY simple authentication
for my oflaDemo webapp. I got the idea from reading the 'Programming
Flash
Communication Server' book (published by O'reilly), chaper 18 'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation time,
and
a 'stale' datetime a couple minutes after the creation time. So my
simple
'tickets' table has five columns: tid, ticket, uid(linking the ticket
to a
user table), created(timestamp) and staleDateTime. The ticket is
only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please remember
this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection)
conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//serverStream.saveAs(aaa, false);
//serverStream.saveAs(bbb, false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info(Come on in friend!);
return super.appConnect(conn, params);
}else{
log.info(Yikes! A LEACH!!);
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
//convert the third parameter from a string that represents a
timestamp, to a java timestamp data type
java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf
((String)params[2]);
//the connection paremeters...
log.info(authTicketID +authTicketID);
log.info(authTicket +authTicket);
log.info(authTimestamp +authTimestamp);
ResultSet rs = null;
Connection conn = null;
PreparedStatement pstmt = null;
String dbTID = null;
String dbTicket = null;
java.sql.Timestamp dbCreated = null;
java.sql.Timestamp dbStaleDateTime =
Re: [Red5] One-time ticket authentication through MySQL
Just for information.
We use another technique in our Project.
The problem is we have to provide a onetime logon for our customers. So
we work with PHP sessions and Authentification tickets.
To ensure that the user connects to the chat, we call an transaction key
from the Server (One time). And share it for all applications used.
The special thing is, that there is no matter how many browser window
the client has open.
Its a very fast and comfortable for the client. And the good thing, its
provide a good security.
mfg nomIad
Dan Rossi schrieb:
That sounds like a killa plan or just use AMF via the app. However our
video servers are in one DC and sites in another, so thedb conns are
over the wire. So an embedded db in red5 if there is an embedded java
solution ? And connecting to the app via AMF3 ! thats the plan to test.
I use mysql exclusively but on the php nix end. The video servers are
on windows, so if someone has an embedded db suggestion let me know.
Storm wrote:
Thanks for sharing, Jason. This piece could be useful for me in near
future
;)
Cheers
On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote:
I'm not a Java developer but I have created VERY simple authentication
for my oflaDemo webapp. I got the idea from reading the 'Programming
Flash
Communication Server' book (published by O'reilly), chaper 18 'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation time,
and
a 'stale' datetime a couple minutes after the creation time. So my
simple
'tickets' table has five columns: tid, ticket, uid(linking the ticket
to a
user table), created(timestamp) and staleDateTime. The ticket is
only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please remember
this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection)
conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//serverStream.saveAs(aaa, false);
//serverStream.saveAs(bbb, false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info(Come on in friend!);
return super.appConnect(conn, params);
}else{
log.info(Yikes! A LEACH!!);
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
//convert the third parameter from a string that represents a
timestamp, to a java timestamp data type
java.sql.Timestamp authTimestamp =
Re: [Red5] One-time ticket authentication through MySQL
Db based session stuff ?
nomIad wrote:
Just for information.
We use another technique in our Project.
The problem is we have to provide a onetime logon for our customers.
So we work with PHP sessions and Authentification tickets.
To ensure that the user connects to the chat, we call an transaction
key from the Server (One time). And share it for all applications used.
The special thing is, that there is no matter how many browser window
the client has open.
Its a very fast and comfortable for the client. And the good thing,
its provide a good security.
mfg nomIad
Dan Rossi schrieb:
That sounds like a killa plan or just use AMF via the app. However
our video servers are in one DC and sites in another, so thedb conns
are over the wire. So an embedded db in red5 if there is an embedded
java solution ? And connecting to the app via AMF3 ! thats the plan
to test. I use mysql exclusively but on the php nix end. The video
servers are on windows, so if someone has an embedded db suggestion
let me know.
Storm wrote:
Thanks for sharing, Jason. This piece could be useful for me in near
future
;)
Cheers
On 2/28/07, Jason Jensen [EMAIL PROTECTED] wrote:
I'm not a Java developer but I have created VERY simple
authentication
for my oflaDemo webapp. I got the idea from reading the
'Programming Flash
Communication Server' book (published by O'reilly), chaper 18
'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation
time, and
a 'stale' datetime a couple minutes after the creation time. So my
simple
'tickets' table has five columns: tid, ticket, uid(linking the
ticket to a
user table), created(timestamp) and staleDateTime. The ticket is
only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please
remember this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] [EMAIL PROTECTED]} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection)
conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//serverStream.saveAs(aaa, false);
//serverStream.saveAs(bbb, false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info(Come on in friend!);
return super.appConnect(conn, params);
}else{
log.info(Yikes! A LEACH!!);
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
[Red5] One-time ticket authentication through MySQL
I'm not a Java developer but I have created VERY simple authentication for my
oflaDemo webapp. I got the idea from reading the 'Programming Flash
Communication Server' book (published by O'reilly), chaper 18 'Securing
Applications'.
1.. Flash movie passes username and password to web server(via SSL using
AMFPHP)
2.. Web server/application server returns a one-time ticket(through two
hashed strings, tid and ticket) to the flash movie
3.. Flash movie connects to Red5 using the tid and ticket(instead of username
and password...)
4.. Red5 checks the tid and ticket against a MySQL db and accepts or rejects
the connection
In step one I also create a timestamp representing the creation time, and a
'stale' datetime a couple minutes after the creation time. So my simple
'tickets' table has five columns: tid, ticket, uid(linking the ticket to a user
table), created(timestamp) and staleDateTime. The ticket is only valid if it
is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please remember this is
temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of onBWDone, required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection) conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, live0);
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(2);
// item.setLength(1);
// item.setName(on2_flash8_w_audio);
// serverStream.addItem(item);
// serverStream.start();
// try {
//serverStream.saveAs(aaa, false);
//serverStream.saveAs(bbb, false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info(Come on in friend!);
return super.appConnect(conn, params);
}else{
log.info(Yikes! A LEACH!!);
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
//convert the third parameter from a string that represents a timestamp,
to a java timestamp data type
java.sql.Timestamp authTimestamp =
java.sql.Timestamp.valueOf((String)params[2]);
//the connection paremeters...
log.info(authTicketID +authTicketID);
log.info(authTicket +authTicket);
log.info(authTimestamp +authTimestamp);
ResultSet rs = null;
Connection conn = null;
PreparedStatement pstmt = null;
String dbTID = null;
String dbTicket = null;
java.sql.Timestamp dbCreated = null;
java.sql.Timestamp dbStaleDateTime = null;
try {
//connect to the DB
conn = getConnection();
//query string for prepared statement
String query = SELECT tid, ticket, created, staleDateTime FROM
tickets WHERE tid = ? AND ticket = ?;
//prepared statement
pstmt = conn.prepareStatement(query); // create a statement
pstmt.setString(1, authTicketID); // set input parameters
pstmt.setString(2, authTicket);
//resultSet
rs = pstmt.executeQuery();
//move the resultSet cursor forward and grab the data
while(rs.next()){
dbTID = rs.getString(1);
dbTicket =
