Skip to end of metadata
Go to start of metadata

Stream playback security

Using IStreamPlaybackSecurity

Write a stream security handler that implements isPlaybackAllowed() method of IStreamPlaybackSecurity. It is unclear if we could use this to authorize or it can merely be used to limit certain streams to scopes.

Register the handler in the Red5 app, appStart() method

In case of VoV, we need to modify the appStart() method of the matterhorn-engage-streaming Red5 app

Authenticate using setScope()

The method described above is not ideal for authenticate in Red5 paradigm. Using setScope() we can authenticate individual user against each scope.

Authenticate from ActionScript

Client side. We could pass login credentials (unsafe) or a token to swf file.

Override method connect() or appConnect() in ApplicationAdapter

Additional conditions could be used to limit a particular user to a scope. More information on Authentication in Red5.

Security plugin for Red5

Secure connections

Red5 supports pure RTMPS. See Red5 documentation and Gregoire's blog.

Stream manipulations

Passing parameters directly to RTMP stream

Having params in RTMP stream request can be helpful as Red5 could directly use the params to authenticate / authorize the request. Most likely we'll want to pass a one-time token string to the stream so Red5 could validate it before streaming content out.

Red5 does not support reading params natively, but one could use a CustomFilenameGenerator and implement the generateFilename() method to manually handle the request. Note that Red5 attempts to add a file extension at the end if there is none.

Add the generator to /opt/matterhorn/contrib/matterhorn-engage-streaming/www/WEB-INF/red5-web.xml

Rebuild the app.

  • No labels