To purpose of the article is the use the RTMP Authentication Module in wowza Engine . This will enable us to intercept a connect request with username and password to be checked from any outside source like – database , password file , third party token provider , third party oauth etc. Once the password provided by user is verified with the authentic password form external sources the user is allowed to connect and publish.
Step 1 : Create a new Wowza Media Server Project in Eclipse . It is assumed that user has already integrated WowzaIDE into eclipse .
File -> New -> Wowza Media Server Project
Step 2: Give any project name . I named it as “RTMPAuthSampleCode”.
Step 3 : Point the location to existing Wowza Engine installed in local environment .
It is usually in /usr/local/WowzaStreamingEngine/
Step 4 : Proceed with the creation , uncheck the event methods as we are not using them right now .
Step 5: Put the code in class.
The class RTMPAuthSampleCode extends AuthenticateUsernamePasswordProviderBase . Its mandatory to define getPassword(String username ) and userExists(String username). ModuleRTMPAuthenticate will invoke getPassword for connection request from users .
We can add any source of obtaining password for a given username which will be matched to the password supplied by user . If it matches he will be granted access otherwise we can return null or error message .
We may use various ways of obtaining user credentials like databse , password files , third part token provider etc . I will be discussing more ways to do RTMP authenticate esp using a third part token provider which using TEA.encrypt and shared secret in the next blog.
Step 6: Build the project and Run.
Project-> Build the Project
Run -> Run Configurations … -> WowzaMediaServer_RTMPAuthSampleCode
To modules in my ubuntu 64 bit version 14.04 system , I also need to provide
-Dcom.wowza.wms.native.base=”linux” inside of the VM Arguments . Its highlighted in figure below.
Step 7: Click Run to start the wowza Media Engine
Step 8 : Open the Manager Console of Wowza.
web based GUI interface of managing the application and checking for incoming streams . The manager script can be started with
The console can be opened at http://127.0.0.1:8088
Also you can see that RTMPAuthSampleCode.jar would have been copied to /usr/local/WowzaStreamingEngine/lib folder.
Step 9: Add module to applications
Add folder “RTMPAuthSampleCode” inside /usr/local/WowzaStreamingEngine/applications folder .
Step 10 : Add conf
Add folder “RTMPAuthSampleCode” inside /usr/local/WowzaStreamingEngine/conf folder .
Copy paste Application.xml from conf folder inside RTMPAuthSampleCode folder and make the following changes .
Add the ModuleRTMPAuthenticate module to Modules
<Name>ModuleRTMPAuthenticate</Name> <Description>ModuleRTMPAuthenticate</Description> <Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class> </Module>
and comment ModuleCoreSecurity
<!-- <Module> <Name>ModuleCoreSecurity</Name> <Description>Core Security Module for Applications</Description> <Class>com.wowza.wms.security.ModuleCoreSecurity</Class> </Module> -->
Step 11: Add property usernamePasswordProviderClass to Properties .
usualy present inside Application at the bootom of Application.xml file
Step 12 : Make Authentication.xml file inside /usr/local/WowzaStreamingEngine/conf folder.
Note that from wowza 4 and later versions the Authentiocation.xml has come bundled with wms-server.jar which is inside of lib folder . However for me , without giving a explicit Authentication.xml file the program froze and using my own simple authentication.xml gave problems with the digest . Hence follow the below process to get a working Authentication.xml file inside conf folder
Expand the archive and inside the extracted folder wms-server copy the file from location wms-server/com/wowza/wms/conf/Authentication.xml to /usr/local/WowzaStreamingEngine/conf.
Step 13 : Restart Wowza Media Engine .
Step 14 : Use any RTMP encoder as Adobe Live Media Encoder or Gocoder or your own app ( could not use this with ffmpeg ) and try to connect to application RTMPAuthSampleCode with username test and password 1234.
Step 15 : Observer the logs for incoming streams and traces from getpassword .
If you want the user test to have permission to publish stream to this application then return 1234 from getPassword else return null .
- Media security overview
- How to integrate Wowza user authentication with external authentication systems (ModuleRTMPAuthenticate)
- How to enable username/password authentication for RTMP and RTSP publishing
- configuration ref 4.2 http://www.wowza.com/resources/WowzaStreamingEngine_ConfigurationReference.pdf