Just found an example here but its a soap service using WS4J is there a soap impl in spring already ? So a php dynamic script is able to securly do a soap request to obtain a token.
http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html This is waay over my head but exactly how a security system may work I think. Dan Rossi wrote: > nomIad wrote: > >> Hi Dan, >> >> Ive written the tutorial your according to. >> Ive not used this on a clustered machine, but thats not that bad. >> >> There is a possibility to share sessions in Database. Its quite fast >> an reduntant secure. >> >> On our cluster we run PHP, but we have NO clustered sessions. The >> thing is that our loadbalancer distribute the clients in a same way >> every time. So a client can make 1000 calls, they would all go on >> Cluster 1. >> Thats not redundant security, but for our needs its enough. >> We dont need a REALLY HIGH AVAILABLE cluster for SESSIONS. >> > Ok, well currently we get 10K vod hits a day on each server maybe more, > and im not really sure on the third party streams in windows media yet > which we are porting to flash. > > The problem with protecting windows media when i looked into it, its > fairly advanced for developing a token based authentication plugin in C# > using the API, but the API is poorly documented and minimal resources > and building the config management for it requires VC++. Im needing to > build something similar for red5. > > I found, something on a description on exactly what I may need. > > http://eirikhoem.wordpress.com/2007/05/24/ageci-token-vs-php/ > > IE its going to be impossible to store credential details within a > client because the flash can be decompiled and sniffed. The only method > I can come up with is using dynamic scripting which can connect to the > AMF/RCP gateway, authenticate itself with credentials over ssl, obtain > a token from acegi return the temporary token to the flash client which > its also loading into the webpage, the flash client connects to red5, > validates the token and returns a longer expiring session. If the > session expires the validation happens again. > > Here was something I found about clustering acegi, however if red5 > happens to get terracotta implemented we may not need this ? > > http://altuure.blogspot.com/2007/04/clustering-acegi.html > > I'm liking the idea of an embedded db like hibernate or whatever rather > than sql. Ie a bit overkill to run Ms Sql or oracle, and i'm not fond > running mysql on windows servers, as we use them on linux and freebsd. > > > > >> cu nomIad >> >> Dan Rossi schrieb: >> >>> Dan Rossi wrote: >>> >>> >>>> Hi I found this link >>>> http://jira.red5.org/confluence/display/docs/Red5+and+Acegi+Security so >>>> im trying to work out how to enable acegi security in our application. >>>> >>>> However we kind of need to auto authorize clients rather than ask for >>>> logins. With this example how would it be possible to send some >>>> information automatically, obtain a temporary session that the client is >>>> validated then relogin to obtain a proper expiring session. >>>> >>>> >>>> >>>> >>>> >>> Looking a bit further it seems we may need the sessions shared across >>> all 3 of the clustered machines. Is this what we need also to use with it ? >>> >>> http://www.ja-sig.org/products/cas/ >>> >>> >>> >>> >>> _______________________________________________ >>> Red5 mailing list >>> [email protected] >>> http://osflash.org/mailman/listinfo/red5_osflash.org >>> >>> >>> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Red5 mailing list >> [email protected] >> http://osflash.org/mailman/listinfo/red5_osflash.org >> >> > > > _______________________________________________ > Red5 mailing list > [email protected] > http://osflash.org/mailman/listinfo/red5_osflash.org > > _______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
