I'm not a Java developer but I have created VERY simple authentication
for my oflaDemo webapp. I got the idea from reading the 'Programming
Flash
Communication Server' book (published by O'reilly), chaper 18 'Securing
Applications'.
1. Flash movie passes username and password to web server(via SSL
using AMFPHP)
2. Web server/application server returns a one-time ticket(through
two hashed strings, tid and ticket) to the flash movie
3. Flash movie connects to Red5 using the tid and ticket(instead of
username and password...)
4. Red5 checks the tid and ticket against a MySQL db and accepts or
rejects the connection
In step one I also create a timestamp representing the creation time,
and
a 'stale' datetime a couple minutes after the creation time. So my
simple
'tickets' table has five columns: tid, ticket, uid(linking the ticket
to a
user table), created(timestamp) and staleDateTime. The ticket is
only valid
if it is used between the creation time and stale time.
You'll need to install the MySQL JDBC driver and add it's jar to your
classpath. Here's my oflaDemo Application.java, but please remember
this
is temporary authentication... and VERY simple!!!
Hope this helps someone :-)
code follows...
package org.red5.server.webapp.oflaDemo;
import org.red5.server.adapter.ApplicationAdapter;
import org.red5.server.api.IConnection;
import org.red5.server.api.IScope;
import org.red5.server.api.stream.IServerStream;
import org.red5.server.api.stream.IStreamCapableConnection;
import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
//import sql classes
import java.sql.*;
public class Application extends ApplicationAdapter {
//logging
private static final Log log = LogFactory.getLog(Application.class);
private IScope appScope;
private IServerStream serverStream;
/** [EMAIL PROTECTED] <[EMAIL PROTECTED]>} */
@Override
public boolean appStart(IScope app) {
appScope = app;
return true;
}
/** [EMAIL PROTECTED] <[EMAIL PROTECTED]>} */
@Override
public boolean appConnect(IConnection conn, Object[] params) {
// Trigger calling of "onBWDone", required for some FLV players
measureBandwidth(conn);
if (conn instanceof IStreamCapableConnection) {
IStreamCapableConnection streamConn = (IStreamCapableConnection)
conn;
SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
sbc.setMaxBurst(8 * 1024 * 1024);
sbc.setBurst(8 * 1024 * 1024);
sbc.setOverallBandwidth(2 * 1024 * 1024);
streamConn.setBandwidthConfigure(sbc);
}
// if (appScope == conn.getScope()) {
// serverStream = StreamUtils.createServerStream(appScope, "live0");
// SimplePlayItem item = new SimplePlayItem();
// item.setStart(0);
// item.setLength(10000);
// item.setName("on2_flash8_w_audio");
// serverStream.addItem(item);
// item = new SimplePlayItem();
// item.setStart(20000);
// item.setLength(10000);
// item.setName("on2_flash8_w_audio");
// serverStream.addItem(item);
// serverStream.start();
// try {
// serverStream.saveAs("aaa", false);
// serverStream.saveAs("bbb", false);
// } catch (Exception e) {}
// }
//**START AUTHENTICATION CODE**
//here we go...
boolean authenticated = false;
authenticated = authenticate(params);
if(authenticated){
log.info("Come on in friend!");
return super.appConnect(conn, params);
}else{
log.info("Yikes! A LEACH!!");
}
rejectClient();
return false;
}
private boolean authenticate(Object[] params){
String authTicketID = (String)params[0];
String authTicket = (String)params[1];
//convert the third parameter from a string that represents a
timestamp, to a java timestamp data type
java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf
((String)params[2]);
//the connection paremeters...
log.info("authTicketID "+authTicketID);
log.info("authTicket "+authTicket);
log.info("authTimestamp "+authTimestamp);
ResultSet rs = null;
Connection conn = null;
PreparedStatement pstmt = null;
String dbTID = null;
String dbTicket = null;
java.sql.Timestamp dbCreated = null;
java.sql.Timestamp dbStaleDateTime = null;
try {
//connect to the DB
conn = getConnection();
//query string for prepared statement
String query = "SELECT tid, ticket, created, staleDateTime
FROM tickets WHERE tid = ? AND ticket = ?";
//prepared statement
pstmt = conn.prepareStatement(query); // create a statement
pstmt.setString(1, authTicketID); // set input parameters
pstmt.setString(2, authTicket);
//resultSet
rs = pstmt.executeQuery();
//move the resultSet cursor forward and grab the data
while(rs.next()){
dbTID = rs.getString(1);
dbTicket = rs.getString(2);
dbCreated = rs.getTimestamp(3);
dbStaleDateTime = rs.getTimestamp(4);
}
log.info("Database tid="+dbTID);
log.info("Database ticket="+dbTicket);
log.info("Database created="+dbCreated);
log.info("Database staleDateTime="+dbStaleDateTime);
//verify that the ticket has not expired
if((authTimestamp.equals(dbCreated) ||
authTimestamp.after(dbCreated))
&& authTimestamp.before(dbStaleDateTime)){
//check that authTicketID equals ticketID and authTicket
equals ticket
if(authTicketID.equals(dbTID) && authTicket.equals(dbTicket)){
return true;
}else{
log.info(authTicketID+" and "+authTicket+" do not match
"+dbTID+"
and "+dbTicket);
return false;
}
}else{
log.info("Ticket has expired!");
return false;
}
} catch (Exception e) {
e.printStackTrace();
return false;
} finally {
try {
rs.close();
pstmt.close();
conn.close();
} catch (SQLException sqle) {
sqle.printStackTrace();
return false;
}
}
}
public static Connection getConnection() throws Exception {
String driver = "com.mysql.jdbc.Driver";
String url = "jdbc:mysql://127.0.0.1/Red5DB";
String username = "Red5DBUsername";
String password = "Red5DBPassword";
Class.forName(driver);
Connection conn = DriverManager.getConnection(url, username,
password);
log.info("Authorize conn!");
return conn;
}
//**END AUTHENTICATION CODE**
/** [EMAIL PROTECTED] <[EMAIL PROTECTED]>} */
@Override
public void appDisconnect(IConnection conn) {
if (appScope == conn.getScope() && serverStream != null) {
serverStream.close();
}
super.appDisconnect(conn);
}
}
_______________________________________________
Red5 mailing list
Red5@osflash.org
http://osflash.org/mailman/listinfo/red5_osflash.org
