Adding SecureToken protection to JW player

Thanks Charlie, I appreciate the hard work and support!

  • Riki

I think the instructions at the beginning of this post were written for a previous version of JW Player. All you should have to do is add your token to Player.as. That’s what I do anyway. You don’t have to modify RTMPModel.as for securetoken.

Richard

can you give a little instructions on what you did, will it works for jw 4.5 also?

Thanks (i am now trying to understand all this)

I downloaded version 4.5, and the instructions at the top of this thread still work, that’s how you should do it.

Richard

i am not seeing [wowza-pro-install-dir]/examples/SecureToken

i have 1.7.2

Does this work for EC2 as well? I think I’m on version 1.1.4

where’d you find the SecureToken example in the instance??

Hi there

I used the instructions at the beginning of this thread. I changed this portion of the RTMPModel file to

/** Receive NetStream status updates. **/
	private function statusHandler(evt:NetStatusEvent):void {
		if(evt.info.code == "NetConnection.Connect.Success") {
			if (evt.info.secureToken != undefined) {
				connection.call("secureTokenResponse",null,
					//TEA.decrypt(evt.info.secureToken,model.config['token']));
					TEA.decrypt(evt.info.secureToken,"#ed%h0#w@1"));
			}
			// connection.call("checkBandwidth",null);
			// For FMS3 bandwidth checking, uncomment the line above and comment the one below.
			setStream();
			// If you use Limelight/Akamai: comment the line above and uncomment the one below.
			// timeout = setInterval(subscribe,2000,model.playlist[model.config['item']]['file']);
		} else if(evt.info.code == "NetStream.Seek.Notify") {
			clearInterval(timeinterval);
			timeinterval = setInterval(timeHandler,100);
		} else if(evt.info.code == "NetStream.Play.StreamNotFound" || 
			evt.info.code == "NetConnection.Connect.Rejected" || 
			evt.info.code == "NetConnection.Connect.Failed") {
			stop();
			model.sendEvent(ModelEvent.ERROR,{message:"Stream not found: "+
				model.playlist[model.config['item']]['file']});
		} else { 
			model.sendEvent(ModelEvent.META,{info:evt.info.code});
		}
	};

but everytime I try to connect to the readmehtml page I get this error

TypeError: Error #1009: Cannot access a property or method of a null object reference.
	at com.jeroenwijering.utils::TEA$/::strToChars()
	at com.jeroenwijering.utils::TEA$/decrypt()
	at com.jeroenwijering.models::RTMPModel/::statusHandler()

This is how I embed the file into the page

	<script type="text/javascript" src="swfobject.js"></script>
	<script type="text/javascript">
		var s1 = new SWFObject("player.swf","ply","328","200","9","#FFFFFF");
		s1.addParam("allowfullscreen","true");
		s1.addParam("allowscriptaccess","always");
		s1.addParam("flashvars","fullscreen=true&streamer=rtmp://72.9.154.102/securetoken&file=Extremists.flv");
		s1.write("container");
	</script>

I used flash cs3 to generate a new player.swf file. Any ideas, please help! :smiley:

Hi guys,

I found a new player online which supports html, image, flash and flv ads in pre-post-mid rolls… i thinks its better…

Link – > www.hitasoft.com

Regards,

J

I implemented Secure Token with the JW Player, but it seems with Replay Media Catcher 3.01 the media is still downloaded. Am I doing something wrong or is the latest version of RMC immune to secure token in Wowza?

I also am getting the same problem. Whenever I open the readme file and click play, I get this error:

TypeError: Error #1009: Cannot access a property or method of a null object reference.

at com.meychi.ascript::TEA$/strToChars()

at com.meychi.ascript::TEA$/decrypt()

at com.jeroenwijering.models::RTMPModel/statusHandler()

Wowza reports:

INFO stream publish Stream1 -

INFO session connect-pending -

INFO server comment - SecureTokenTarget: create:true play:false publish:false

INFO session connect -

INFO session disconnect 667801055 -

Any ideas? I tried both 4.1 and 4.2

Edit: I am trying to do live broadcasting.

I am no longer getting the error message but now jwplayer says: “stream not found: Stream1.flv”

The stream is up and running. Am I supposed to edit the application.xml that’s in the live stream folder?

In my wowzainstalldir/livevideo/application.xml I have this:

<Streams>
			<StreamType>live</StreamType>
			<StorageDir>${com.wowza.wms.AppHome}/content</StorageDir>
			<Properties>
				<!-- Properties defined here will override any properties defined in conf/Streams.xml for any streams types loaded by this application -->
				<!--
				<Property>
					<Name></Name>
					<Value></Value>
				</Property>
				-->
			</Properties>
		</Streams>

Is something wrong? I don’t fully understand what’s going on.

Hi, Just a simple non technical question.

Will this thread provide me with the knowledge that I need to stream a flv that I have stored in a directory within my web root and prevent people from downloading the flv or hot linking to it? I am using Wowza Media Server Pro10 1.7.2 build12107 and the JW Player was downloaded Sept. 11 2009.

If the answer to the question above is “yes”, does anyone know why anyone would “not” want to protect their files from bandwidth / copyright thievery? Why is this so difficult to achieve? Seems like this should be a web standard. I will definitely use this solution if it achieves what I am trying to do as I have been spending a week of non stop reading trying to figure out how to prevent people from linking to / download my flv file.

Thanks, David

Where is this?

Download and install Wowza Pro 1.7.2 or greater

Install the Wowza Pro SecureToken example by double clicking on [wowza-pro-install-dir]/examples/SecureToken/install.sh (this will setup the Wowza Pro application securetoken with a secureTokenSharedSecret of #ed%h0#w@1)

I don’t see it in the install rpm I downloaded?

root@orion [/]# less WowzaMediaServerPro-1.7.2.noarch.rpm | grep -i securet
root@orion [/]#

Nope, but I just downloaded the MediaSecurity package mentioned in this thread.

I am doing to secure token only for on demand with jw player. Should I use this in the conf?

                       <Module>
                                <Name>ModuleSecureURLParams</Name>
                                <Description>ModuleSecureURLParams</Description>
                                <Class>com.wowza.wms.plugin.security.ModuleSecureURLParams</Class>
                        </Module>

or this?

                       <Module>
                                <Name>ModuleSecureURLParams</Name>
                                <Description>ModuleSecureURLParams</Description>
                                <Class>com.wowza.wms.plugin.security.ModuleSecureToken</Class>
                        </Module>

I have also noticed that the src for jw player 5 does not have the RTMPModel.as file. Do you happen to know of an updated tutorial for this? I have been looking out on the longtail site but no luck yet.

I built with flex per the instructions that came with jw player 5 and the resulting swf file is only 1 KB vs the 81 KB player.swf file that comes int he zip. Any idea what I am doing wrong?

Here’s the instructions I am following. I am not sure what step 4 means.

Instructions:

To compile with Flex and Ant, enter the following command:

ant -buildfile build\build.xml

If the build is successful, player.swf will appear in the “bin-release” folder.

Alternately, if you’re using Flex Builder or Flash Builder, you may use the following method to build the player:

  1. Create a new Actionscript project (you can give it any name except “Player”).

  2. Under “Project Contents”, choose the checkout tree (the folder where this README file lives).

  3. Click the “Finish” button

4. Alter your main application class to inherit from com.longtailvideo.jwplayer.player.Player.

  1. Under the “Project” menu, choose “Export Release Build”.

  2. The player will be compiled as bin-release/{Your Project Name}.swf.

Thanks for your prompt responses.

I tried that and it compiles, however the resultiing swf is still 1 KB. This doesn’t seem right.

Do you or someone else know of or possibly supply a detailed tutorial on how to compile the token into the new version 5 player? I apparently don’t have the foundation needed to peice this together myself.

I think that perhaps this thread should redirect to a more current thread for this new player?

Thanks, David

Yes, you’re right, I just found the parts about rebuilding the player out of date and confusing. This is my first time compiling a flash app.

I will be heading over to the longtail site and asking some questions too.

Thanks for all of your help.

I tried this with the new MediaSecurity package and its not working. Is there anything special that needs to be done to get a secure tolken to work with wowza 1.7 and jw player 4.4?

I think I may see the problem. I didnt read anywhere in the documentation for setting up a secure token only.

It told me to add this:

<Module>
<Name>ModuleSecureURLParams</Name>
<Description>ModuleSecureURLParams</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureURLParams</Class>
</Module>

Should I instead add something like this?

<Module>
<Name>ModuleSecureToken</Name>
<Description>ModuleSecureToken</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureToken</Class>
</Module>

Forgive me but Im still having problems. This seems so straightfoward and simple that I will just write down my steps and hopefully the error will reveal itself.

  1. in RTMPModel.as I replaced the code in line 181
from:
TEA.decrypt(evt.info.secureToken,model.config['token']));

to:
TEA.decrypt(evt.info.secureToken,"#ed%h0#w@1"));
  1. I installed the MediaSecurity package and created a new application called securestreaming and copied the default Application.xml into the new folder.

  2. I added a new Property value like this:

<Property>
<Name>secureTokenSharedSecret</Name>
<Value>#ed%h0#w@1</Value>
</Property>
  1. I then added a new Module like this:
<Module>
<Name>ModuleSecureToken</Name>
<Description>ModuleSecureToken</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureToken</Class>
</Module>
  1. I then point the jw flashvar to streamer=rtmp://[wowzapro-ip-address]/securestreaming

  2. Last I put the token #ed%h0#w@1 in the Player.as then re-publish

simplestreaming works fine for me, but the secure token doesnt. There is no error given, the video player just acts like its loading the video and never actually loads it. The loading circle just keeps spinning.

The error I get from the console is:

ERROR server comment - Error: SecureToken: Action before response received: kill connection

Thanks for the help