Wowza Streaming Engine user authentication
Wowza Streaming Engine user authentication
Wowza Streaming Engine user authentication with external systems
- By default, Wowza Streaming Engine media authenticates RTMP and RTSP source connections to applications. Wowza Streaming Engine keeps the publish.password file to authenticate all source connections to live applications on the server.
- Wowza provides Wowza Streaming Engine Java API to extend your server functionality.
- We can authenticate RTMP/RTSP publishing Wowza Streaming Engine with custom modules.
- Server-side modules are Java classes that load when a Wowza Streaming Engine media server software application starts. We can create custom functionality to control the streaming process.
You control whether and how the module is used by editing it on the Modules tab of the Wowza Streaming Engine Manager for the application.
Custom modules in Wowza Streaming Engine
- You can add your custom module classes using Wowza IDE.
- Here’s a sample custom module that uses the event method onAppStart.
- Wowza provides various event methods to handle the functionality on the streaming engine.
-
- onAppStart
- onConnect
- Publish
- onAppStop
- onConnectAccept
- onConnectReject
- onDisconnect
- Once you add your required functionality in the module classes, Compile it. Then convert it into .jar file.
- Now add the customeModule.jar file into it in the [install-dir]/lib folder. Then, Update it to an application by going to the application’s Module tab in Wowza Streaming Engine Manager.
Integrating Wowza streaming user authentication using an external authentication system
- Here we are going to use an external system database for the username and password authentication instead of the local password file to authenticate encoders.
- Use AuthenticateUsernamePasswordProviderBase with the ModuleRTMPAuthenticate module to intercept requests for username/password
Steps to create a custom module for the RTML authentication module to authenticate encoder.
-
-
-
- Add the following <Module> definition as the last entry in the <Modules> list inApplication.xml. You can find in [install-dir]/conf/[application]/Application.xml
<Module> <Name>ModuleRTMPAuthenticate</Name> <Description>ModuleRTMPAuthenticate</Description> <Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class> </Module>
- We need MySQL JDBC drivers to connect to an external system database. Download and copy suitable MySQL JDBC .jar file to the Wowza Streaming Engines /lib folder.
- Use Wowza IDE to create Wowza streaming Engine project. Then add New Wowza Streaming Engine Module Class and Enter the package and the class name while adding the class.
- Use the following code in the Module class :
package com.wowza.wms.plugin; import com.wowza.wms.application.*; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import com.wowza.wms.amf.*; import com.wowza.wms.client.*; import com.wowza.wms.module.*; import com.wowza.wms.request.*; public class UserAuthentication extends ModuleBase { public void onAppStart(IApplicationInstance AppInstance) { try { // Load the SQL drivers Class.forName("com.mysql.jdbc.Driver").newInstance(); getLogger().info("succesfully loaded: com.mysql.jdbc.Driver: "); } catch (Exception e) { // Throw error if exception generated getLogger().error("Error loading: com.mysql.jdbc.Driver: "+e.toString()); } } public void onConnect(IClient client, RequestFunction function, AMFDataList params) { boolean isAuthenticated = false; // Get the query parameters String queryString = client.getQueryStr(); if(queryString.indexOf('&') != -1) { String[] auth = client.getQueryStr().split("&", -1); if(auth.length == 2) { // Extract the query user name and password String username = auth[0]; String password = auth[1]; String dbPassword = ""; Connection connection = null; try { // Connect to the source database connection = DriverManager.getConnection("jdbc:mysql://localhost/wowza?user=root&password=mypassword"); Statement stmt = null; ResultSet rs = null; try { stmt = connection.createStatement(); // Fetch the password for the specified stream rs = stmt.executeQuery("SELECT pwd FROM users where username = '"+username+"'"); while (rs.next()) { dbPassword = rs.getString("pwd"); if (dbPassword != null) { if (dbPassword.equals(password)) { isAuthenticated = true; } else { isAuthenticated = false; } } else if (dbPassword == null && (password == "" || password == null)) { isAuthenticated = true; } } } catch (SQLException sqlEx) { getLogger().error("sqlexecuteException: " + sqlEx.toString()); } connection.close(); } catch (SQLException ex) { getLogger().info("onConnectAccept: SQL Error " + ex.getMessage()); } } } if (!isAuthenticated) { getLogger().info("onConnect: REJECT" + client.getClientId()); } else { getLogger().info("onConnect: ACCEPT" + client.getClientId()); client.acceptConnection(); } } }
- To obstruct RTMP authentication, add the following property to the Properties container in install-dir/conf/[application]/Application.xml. Make sure you put the property to the last property container of Application.xml. The classpath along with name will be the value of the property
<Property> <Name>usernamePasswordProviderClass</Name> <Value>com.wowza.wms.example.authenticate.UserAuthentication</Value> </Property>
- To obstruct RTP authentication, add the userAuthentication Class property to install_dir/conf/Authentication.xml /Digest Properties list
- Restart Wowza Streaming Engine. To load the module
- Add the following <Module> definition as the last entry in the <Modules> list inApplication.xml. You can find in [install-dir]/conf/[application]/Application.xml
-
-
Now the after restarting the Wowza Streaming Engine. The engine will load the custom module added in the lib and usernamePasswordClass. As defined in our custom module Engine will read the username and password from the encoder URL. In onConnect event, it connects to our external system database and authenticates the username and password. Further, it will accept the connection if the credentials are valid else it will reject the connection.