Stream playback security
Write a stream security handler that implements
isPlaybackAllowed() method of
IStreamPlaybackSecurity. It is unclear if we could use this to authorize or it can merely be used to limit certain streams to scopes.
Register the handler in the Red5 app,
In case of VoV, we need to modify the
appStart() method of the matterhorn-engage-streaming Red5 app
The method described above is not ideal for authenticate in Red5 paradigm. Using
setScope() we can authenticate individual user against each scope.
Authenticate from ActionScript
Client side. We could pass login credentials (unsafe) or a token to swf file.
Additional conditions could be used to limit a particular user to a scope. More information on Authentication in Red5.
Passing parameters directly to RTMP stream
Having params in RTMP stream request can be helpful as Red5 could directly use the params to authenticate / authorize the request. Most likely we'll want to pass a one-time token string to the stream so Red5 could validate it before streaming content out.
Red5 does not support reading params natively, but one could use a CustomFilenameGenerator and implement the
generateFilename() method to manually handle the request. Note that Red5 attempts to add a file extension at the end if there is none.
Add the generator to
Rebuild the app.