[Red5] One-time ticket authentication through MySQL
nomIad
nomiad at gmx.net
Fri Mar 2 06:00:12 EST 2007
No, we dont use the PHP Session, in fact, we could.
Its easier to work with you own Session ID. You can also use it as an
authentification Ticket.
For example the technique of .nET is good.
Just think about it. The Server use a AES cipher to crypt a Ticket. In
this ticket you can include everything, IDs, Specials Authentication
information. Then the Server stores it on the client as a cookie.
The client is NOT ABLE to decrypt it, recrypt or anything else, the code
is to big for purpose. The client sends the ticket back to the server
and the server can encrypt the stuff again with its secret key.
mfg nomIad
Dan Rossi schrieb:
> Db based session stuff ?
>
>
> nomIad wrote:
>
>> Just for information.
>>
>> We use another technique in our Project.
>> The problem is we have to provide a onetime logon for our customers.
>> So we work with PHP sessions and Authentification tickets.
>> To ensure that the user connects to the chat, we call an transaction
>> key from the Server (One time). And share it for all applications used.
>> The special thing is, that there is no matter how many browser window
>> the client has open.
>> Its a very fast and comfortable for the client. And the good thing,
>> its provide a good security.
>>
>> mfg nomIad
>>
>> Dan Rossi schrieb:
>>
>>> That sounds like a killa plan or just use AMF via the app. However
>>> our video servers are in one DC and sites in another, so thedb conns
>>> are over the wire. So an embedded db in red5 if there is an embedded
>>> java solution ? And connecting to the app via AMF3 ! thats the plan
>>> to test. I use mysql exclusively but on the php nix end. The video
>>> servers are on windows, so if someone has an embedded db suggestion
>>> let me know.
>>>
>>> Storm wrote:
>>>
>>>
>>>> Thanks for sharing, Jason. This piece could be useful for me in near
>>>> future
>>>> ;)
>>>>
>>>> Cheers
>>>>
>>>> On 2/28/07, Jason Jensen <flash_developer at comcast.net> wrote:
>>>>
>>>>
>>>>> I'm not a Java developer but I have created VERY simple
>>>>> authentication
>>>>> for my oflaDemo webapp. I got the idea from reading the
>>>>> 'Programming Flash
>>>>> Communication Server' book (published by O'reilly), chaper 18
>>>>> 'Securing
>>>>> Applications'.
>>>>>
>>>>> 1. Flash movie passes username and password to web server(via SSL
>>>>> using AMFPHP)
>>>>> 2. Web server/application server returns a one-time ticket(through
>>>>> two hashed strings, tid and ticket) to the flash movie
>>>>> 3. Flash movie connects to Red5 using the tid and ticket(instead of
>>>>> username and password...)
>>>>> 4. Red5 checks the tid and ticket against a MySQL db and accepts or
>>>>> rejects the connection
>>>>>
>>>>> In step one I also create a timestamp representing the creation
>>>>> time, and
>>>>> a 'stale' datetime a couple minutes after the creation time. So my
>>>>> simple
>>>>> 'tickets' table has five columns: tid, ticket, uid(linking the
>>>>> ticket to a
>>>>> user table), created(timestamp) and staleDateTime. The ticket is
>>>>> only valid
>>>>> if it is used between the creation time and stale time.
>>>>>
>>>>> You'll need to install the MySQL JDBC driver and add it's jar to your
>>>>> classpath. Here's my oflaDemo Application.java, but please
>>>>> remember this
>>>>> is temporary authentication... and VERY simple!!!
>>>>>
>>>>> Hope this helps someone :-)
>>>>>
>>>>> code follows...
>>>>> package org.red5.server.webapp.oflaDemo;
>>>>>
>>>>> import org.red5.server.adapter.ApplicationAdapter;
>>>>> import org.red5.server.api.IConnection;
>>>>> import org.red5.server.api.IScope;
>>>>> import org.red5.server.api.stream.IServerStream;
>>>>> import org.red5.server.api.stream.IStreamCapableConnection;
>>>>> import org.red5.server.api.stream.support.SimpleBandwidthConfigure;
>>>>> import org.apache.commons.logging.Log;
>>>>> import org.apache.commons.logging.LogFactory;
>>>>> //import sql classes
>>>>> import java.sql.*;
>>>>>
>>>>> public class Application extends ApplicationAdapter {
>>>>>
>>>>> //logging
>>>>> private static final Log log = LogFactory.getLog(Application.class);
>>>>>
>>>>> private IScope appScope;
>>>>>
>>>>> private IServerStream serverStream;
>>>>>
>>>>> /** {@inheritDoc <%7B at inheritDoc>} */
>>>>> @Override
>>>>> public boolean appStart(IScope app) {
>>>>> appScope = app;
>>>>> return true;
>>>>> }
>>>>>
>>>>> /** {@inheritDoc <%7B at inheritDoc>} */
>>>>> @Override
>>>>> public boolean appConnect(IConnection conn, Object[] params) {
>>>>>
>>>>> // Trigger calling of "onBWDone", required for some FLV players
>>>>> measureBandwidth(conn);
>>>>> if (conn instanceof IStreamCapableConnection) {
>>>>> IStreamCapableConnection streamConn = (IStreamCapableConnection)
>>>>> conn;
>>>>> SimpleBandwidthConfigure sbc = new SimpleBandwidthConfigure();
>>>>> sbc.setMaxBurst(8 * 1024 * 1024);
>>>>> sbc.setBurst(8 * 1024 * 1024);
>>>>> sbc.setOverallBandwidth(2 * 1024 * 1024);
>>>>> streamConn.setBandwidthConfigure(sbc);
>>>>> }
>>>>>
>>>>> // if (appScope == conn.getScope()) {
>>>>> // serverStream = StreamUtils.createServerStream(appScope, "live0");
>>>>> // SimplePlayItem item = new SimplePlayItem();
>>>>> // item.setStart(0);
>>>>> // item.setLength(10000);
>>>>> // item.setName("on2_flash8_w_audio");
>>>>> // serverStream.addItem(item);
>>>>> // item = new SimplePlayItem();
>>>>> // item.setStart(20000);
>>>>> // item.setLength(10000);
>>>>> // item.setName("on2_flash8_w_audio");
>>>>> // serverStream.addItem(item);
>>>>> // serverStream.start();
>>>>> // try {
>>>>> // serverStream.saveAs("aaa", false);
>>>>> // serverStream.saveAs("bbb", false);
>>>>> // } catch (Exception e) {}
>>>>> // }
>>>>> //**START AUTHENTICATION CODE**
>>>>>
>>>>> //here we go...
>>>>> boolean authenticated = false;
>>>>>
>>>>> authenticated = authenticate(params);
>>>>>
>>>>> if(authenticated){
>>>>> log.info("Come on in friend!");
>>>>> return super.appConnect(conn, params);
>>>>> }else{
>>>>> log.info("Yikes! A LEACH!!");
>>>>> }
>>>>> rejectClient();
>>>>> return false;
>>>>> }
>>>>>
>>>>> private boolean authenticate(Object[] params){
>>>>>
>>>>> String authTicketID = (String)params[0];
>>>>> String authTicket = (String)params[1];
>>>>> //convert the third parameter from a string that represents a
>>>>> timestamp, to a java timestamp data type
>>>>> java.sql.Timestamp authTimestamp = java.sql.Timestamp.valueOf
>>>>> ((String)params[2]);
>>>>>
>>>>> //the connection paremeters...
>>>>> log.info("authTicketID "+authTicketID);
>>>>> log.info("authTicket "+authTicket);
>>>>> log.info("authTimestamp "+authTimestamp);
>>>>>
>>>>> ResultSet rs = null;
>>>>> Connection conn = null;
>>>>> PreparedStatement pstmt = null;
>>>>> String dbTID = null;
>>>>> String dbTicket = null;
>>>>> java.sql.Timestamp dbCreated = null;
>>>>> java.sql.Timestamp dbStaleDateTime = null;
>>>>>
>>>>> try {
>>>>> //connect to the DB
>>>>> conn = getConnection();
>>>>> //query string for prepared statement
>>>>> String query = "SELECT tid, ticket, created, staleDateTime
>>>>> FROM tickets WHERE tid = ? AND ticket = ?";
>>>>>
>>>>> //prepared statement
>>>>> pstmt = conn.prepareStatement(query); // create a statement
>>>>> pstmt.setString(1, authTicketID); // set input parameters
>>>>> pstmt.setString(2, authTicket);
>>>>>
>>>>> //resultSet
>>>>> rs = pstmt.executeQuery();
>>>>>
>>>>> //move the resultSet cursor forward and grab the data
>>>>> while(rs.next()){
>>>>> dbTID = rs.getString(1);
>>>>> dbTicket = rs.getString(2);
>>>>> dbCreated = rs.getTimestamp(3);
>>>>> dbStaleDateTime = rs.getTimestamp(4);
>>>>> }
>>>>>
>>>>> log.info("Database tid="+dbTID);
>>>>> log.info("Database ticket="+dbTicket);
>>>>> log.info("Database created="+dbCreated);
>>>>> log.info("Database staleDateTime="+dbStaleDateTime);
>>>>>
>>>>> //verify that the ticket has not expired
>>>>> if((authTimestamp.equals(dbCreated) ||
>>>>> authTimestamp.after(dbCreated))
>>>>> && authTimestamp.before(dbStaleDateTime)){
>>>>> //check that authTicketID equals ticketID and authTicket
>>>>> equals ticket
>>>>> if(authTicketID.equals(dbTID) && authTicket.equals(dbTicket)){
>>>>> return true;
>>>>> }else{
>>>>> log.info(authTicketID+" and "+authTicket+" do not match
>>>>> "+dbTID+"
>>>>> and "+dbTicket);
>>>>> return false;
>>>>> }
>>>>> }else{
>>>>> log.info("Ticket has expired!");
>>>>> return false;
>>>>> }
>>>>>
>>>>> } catch (Exception e) {
>>>>> e.printStackTrace();
>>>>> return false;
>>>>> } finally {
>>>>> try {
>>>>> rs.close();
>>>>> pstmt.close();
>>>>> conn.close();
>>>>> } catch (SQLException sqle) {
>>>>> sqle.printStackTrace();
>>>>> return false;
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> public static Connection getConnection() throws Exception {
>>>>> String driver = "com.mysql.jdbc.Driver";
>>>>> String url = "jdbc:mysql://127.0.0.1/Red5DB";
>>>>> String username = "Red5DBUsername";
>>>>> String password = "Red5DBPassword";
>>>>> Class.forName(driver);
>>>>> Connection conn = DriverManager.getConnection(url, username,
>>>>> password);
>>>>> log.info("Authorize conn!");
>>>>> return conn;
>>>>> }
>>>>> //**END AUTHENTICATION CODE**
>>>>>
>>>>> /** {@inheritDoc <%7B at inheritDoc>} */
>>>>> @Override
>>>>> public void appDisconnect(IConnection conn) {
>>>>> if (appScope == conn.getScope() && serverStream != null) {
>>>>> serverStream.close();
>>>>> }
>>>>> super.appDisconnect(conn);
>>>>> }
>>>>> }
>>>>>
>>>>> _______________________________________________
>>>>> Red5 mailing list
>>>>> Red5 at osflash.org
>>>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> _______________________________________________
>>>> Red5 mailing list
>>>> Red5 at osflash.org
>>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>>
>>>>
>>> _______________________________________________
>>> Red5 mailing list
>>> Red5 at osflash.org
>>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>>
>>>
>>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Red5 mailing list
>> Red5 at osflash.org
>> http://osflash.org/mailman/listinfo/red5_osflash.org
>>
>>
>
>
> _______________________________________________
> Red5 mailing list
> Red5 at osflash.org
> http://osflash.org/mailman/listinfo/red5_osflash.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/red5_osflash.org/attachments/20070302/2583c12c/attachment-0001.htm
More information about the Red5
mailing list