Per live stream authentication

Hi,

We’re testing out Wowza for live streaming and I’m working on a database authentication module with MySQL based on the tutorials which are on the site. What I’m trying to do is assign one user to one publishing stream. As-is I can either have no authentication and anyone can publish streams or have authentication, but anyone with a login can publish to any stream name.

I was hoping there was a way to get the stream name from within the getPassword method as I could then use it as an extra parameter in my database lookup. Please can someone tell me if this is possible and if not how would I go about doing it?

For example:

rs = stmt.executeQuery("SELECT password FROM streams where user_name = '"+username+"'");

would become:

rs = stmt.executeQuery("SELECT password FROM streams where user_name = '"+username+"' and stream_name='"+ streamName + "'");

Thanks

There is a simple solution not involving a database: Segregate by application by having per application .password files. That is covered in this article:

https://www.wowza.com/docs/how-to-enable-username-password-authentication-for-rtmp-and-rtsp-publishing

So you can make an application for each user. Does that work for your requirements?

You are extending ModuleRTMPAuthenticate using this technique:

https://www.wowza.com/docs/how-to-integrate-wowza-user-authentication-with-external-authentication-systems-modulertmpauthenticate

You can’t get streamname from getPassword using the above.

Richard

No, of course you can have many live streams to one application. The suggestion was for your purpose, but not adequate I see.

Thinking about this, I realize that stream name could not be available at that time because this corresponds with a new NetConnection from the RTMP encoder. The encoder has not yet published a stream. So there is not a way to make that work even with Wowza update.

The soonest you will know the stream name from a live RTMP encoder is in the publish command.

https://www.wowza.com/docs/how-to-override-publish-to-remap-a-stream-name

You can do your db lookup here, and if you don’t like the stream name you can shutdown the client like this:

cllient.setShutDownClient(true);

However, big note: some RTMP live encoders will keep trying to re-connect.

Richard

Ben,

Also, if it is useful, you can get user name (that was authenticated by ModuleRTMPAuthenticate) in the publish override with the “connectapp” Property of the IClient. Like this:

 
public void publish(IClient client, RequestFunction function,
        AMFDataList params) {
	getLogger().info("Overriding Publish");
		
	WMSProperties props = client.getProperties();
	
	String connectApp = props.getPropertyStr("connectapp");
	
	getLogger().info("connectApp: " + connectApp);
	
	invokePrevious(client, function, params);
}

That will print something like:

INFO server comment - connectApp: live?authmod=adobe&user=richard&challenge=djwAAA==&response=rOQRje4ydpzCSOp1Fuu4AA==&opaque=bVFGCA==

Richard

Hi Richard, thanks for your help. The thing is the users will be created/deleted from an existing web app (PHP/MySQL) so using .password files isn’t really much use. Are different applications necessary for each stream? They’ll all have the same setup just with different stream names and authentication details.

Is there anywhere that the stream name and username are accessible before the stream is published?

Thanks Richard, I will give this a try.

Thanks for the suggestion. I went with getting the username from client.getQueryStr() which seems to do the same job. :slight_smile: