On the terracotta note, how is this coming? Anything we can do to help at
this point?
nomIad wrote:
>
> hey Dan,
>
> Thats quite cool. Maybe you should post it on the wiki als further
> reference to my tutorial.
>
> mfg nomiad
>
> Dan Rossi schrieb:
>> Finally got somewhere, this example authenticates a scripted AMF client
>> using the simple login file. Need to work out now how to return
>> temporary session hashes from acegi to reauthenticate after via the
>> flash client which checks the session is valid. Requires including the
>> spring dao jar file which the example doesnt explain.
>>
>> import java.security.MessageDigest;
>> import java.security.NoSuchAlgorithmException;
>> import java.math.BigInteger;
>> import java.util.HashMap;
>> import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
>> import org.acegisecurity.providers.ProviderManager;
>> import org.acegisecurity.BadCredentialsException;
>> import org.red5.server.api.IScope;
>> import org.red5.server.api.Red5;
>>
>>
>> public class TokenService {
>>
>> private String saltKey = "thesaltpass";
>> private String hashword;
>> private String newhash;
>>
>> public Object getToken(Object[] token)
>> {
>> final HashMap m=(HashMap)token[0];
>>
>> UsernamePasswordAuthenticationToken t=new
>> UsernamePasswordAuthenticationToken(m.get("username"),m.get("password"));
>>
>> IScope connectionScope = Red5.getConnectionLocal().getScope();
>>
>> ProviderManager
>> mgr=(ProviderManager)connectionScope.getContext().getBean("authenticationManager");
>> try {
>> t=(UsernamePasswordAuthenticationToken)mgr.authenticate(t);
>>
>> }
>> catch(BadCredentialsException ex)
>> {
>> return "Wrong login information";
>> }
>>
>> if (t.isAuthenticated())
>> {
>> return t.hashCode();
>> }
>>
>> return "";
>>
>> }
>>
>> /*
>> public String getMessageDigest(String token) throws
>> NoSuchAlgorithmException
>> {
>> try {
>> MessageDigest md = MessageDigest.getInstance("MD5");
>> md.update(token.getBytes());
>> BigInteger hash = new BigInteger(1, md.digest());
>> hashword = hash.toString(16);
>> } catch (NoSuchAlgorithmException e) {
>>
>> }
>> return hashword;
>> }
>> */
>>
>> }
>>
>>
>> <?php
>> include 'SabreAMF/SSLClient.php';
>>
>> $client = new
>> SabreAMF_SSLClient('http://localhost:5080/feedVOD/gateway');
>> // $client->setSSLCert("/www/dev/red5server.cer");
>>
>> $data =
>> array('username'=>'admin','password'=>'secretpassword','clientID'=>'553','client_host'=>$_SERVER["SERVER_NAME"].$_SERVER['REQUEST_URI']);
>> $result = $client->sendRequest('feedService.getToken',array($data));
>>
>> var_dump($result);
>>
>> ?>
>>
>>
>>
>> Dan Rossi wrote:
>>
>>> Will get back to the spring soap stuff later this is kinda the idea to
>>> authenticate the page and the client
>>>
>>> <?php
>>> include 'SabreAMF/Client.php';
>>>
>>> $client = new
>>> SabreAMF_Client('https://localhost:5080/myapp/gateway');
>>>
>>>
>>> $data =
>>> array('username'=>'username','password'=>'2325e','clientID'=>'553','client_host'=>$_SERVER["SERVER_NAME"].$_SERVER['REQUEST_URI']);
>>> $result = $client->sendRequest('myService.getToken',array($data));
>>>
>>> var_dump($result);
>>>
>>> ?>
>>>
>>> public Object getToken(Object[] token)
>>> {
>>> final HashMap m = (HashMap)token[0];
>>> //check anon credentials from hibernate
>>> // do acegi stuff in here, send back temp token
>>> return m.get("username");
>>> }
>>>
>>>
>>> Dan Rossi wrote:
>>>
>>>
>>>> Just found an example here but its a soap service using WS4J is there a
>>>> soap impl in spring already ? So a php dynamic script is able to
>>>> securly
>>>> do a soap request to obtain a token.
>>>>
>>>> http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html
>>>>
>>>> This is waay over my head but exactly how a security system may work I
>>>> think.
>>>>
>>>> Dan Rossi wrote:
>>>>
>>>>
>>>>
>>>>> nomIad wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Hi Dan,
>>>>>>
>>>>>> Ive written the tutorial your according to.
>>>>>> Ive not used this on a clustered machine, but thats not that bad.
>>>>>>
>>>>>> There is a possibility to share sessions in Database. Its quite fast
>>>>>> an reduntant secure.
>>>>>>
>>>>>> On our cluster we run PHP, but we have NO clustered sessions. The
>>>>>> thing is that our loadbalancer distribute the clients in a same way
>>>>>> every time. So a client can make 1000 calls, they would all go on
>>>>>> Cluster 1.
>>>>>> Thats not redundant security, but for our needs its enough.
>>>>>> We dont need a REALLY HIGH AVAILABLE cluster for SESSIONS.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Ok, well currently we get 10K vod hits a day on each server maybe
>>>>> more,
>>>>> and im not really sure on the third party streams in windows media yet
>>>>> which we are porting to flash.
>>>>>
>>>>> The problem with protecting windows media when i looked into it, its
>>>>> fairly advanced for developing a token based authentication plugin in
>>>>> C#
>>>>> using the API, but the API is poorly documented and minimal resources
>>>>> and building the config management for it requires VC++. Im needing to
>>>>> build something similar for red5.
>>>>>
>>>>> I found, something on a description on exactly what I may need.
>>>>>
>>>>> http://eirikhoem.wordpress.com/2007/05/24/ageci-token-vs-php/
>>>>>
>>>>> IE its going to be impossible to store credential details within a
>>>>> client because the flash can be decompiled and sniffed. The only
>>>>> method
>>>>> I can come up with is using dynamic scripting which can connect to the
>>>>> AMF/RCP gateway, authenticate itself with credentials over ssl,
>>>>> obtain
>>>>> a token from acegi return the temporary token to the flash client
>>>>> which
>>>>> its also loading into the webpage, the flash client connects to red5,
>>>>> validates the token and returns a longer expiring session. If the
>>>>> session expires the validation happens again.
>>>>>
>>>>> Here was something I found about clustering acegi, however if red5
>>>>> happens to get terracotta implemented we may not need this ?
>>>>>
>>>>> http://altuure.blogspot.com/2007/04/clustering-acegi.html
>>>>>
>>>>> I'm liking the idea of an embedded db like hibernate or whatever
>>>>> rather
>>>>> than sql. Ie a bit overkill to run Ms Sql or oracle, and i'm not fond
>>>>> running mysql on windows servers, as we use them on linux and freebsd.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> cu nomIad
>>>>>>
>>>>>> Dan Rossi schrieb:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Dan Rossi wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Hi I found this link
>>>>>>>> http://jira.red5.org/confluence/display/docs/Red5+and+Acegi+Security
>>>>>>>> so
>>>>>>>> im trying to work out how to enable acegi security in our
>>>>>>>> application.
>>>>>>>>
>>>>>>>> However we kind of need to auto authorize clients rather than ask
>>>>>>>> for
>>>>>>>> logins. With this example how would it be possible to send some
>>>>>>>> information automatically, obtain a temporary session that the
>>>>>>>> client is
>>>>>>>> validated then relogin to obtain a proper expiring session.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Looking a bit further it seems we may need the sessions shared
>>>>>>> across
>>>>>>> all 3 of the clustered machines. Is this what we need also to use
>>>>>>> with it ?
>>>>>>>
>>>>>>> http://www.ja-sig.org/products/cas/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Red5 mailing list
>>>>>>> [email protected]
>>>>>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> Red5 mailing list
>>>>>> [email protected]
>>>>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Red5 mailing list
>>>>> [email protected]
>>>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Red5 mailing list
>>>> [email protected]
>>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>>
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Red5 mailing list
>>> [email protected]
>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Red5 mailing list
>> [email protected]
>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>
>>
>
>
> _______________________________________________
> Red5 mailing list
> [email protected]
> http://osflash.org/mailman/listinfo/red5_osflash.org
>
>
--
View this message in context:
http://www.nabble.com/acegi-support-in-red5-tf3882732.html#a11028350
Sent from the Red5 - English mailing list archive at Nabble.com.
_______________________________________________
Red5 mailing list
[email protected]
http://osflash.org/mailman/listinfo/red5_osflash.org
