• How to add SecureToken protection to LongTail JW Player 4


    Note: This article is for an older Wowza® product or technology that either has been updated or is no longer supported. For the current version of this article, see How to add SecureToken protection to JW Player.
    Instructions to add SecureToken protection to JW Player 4. As of JW Player 4.1, support for SecureToken is built-in with the player.

    Important: You must use the secure RTMPE protocol with SecureToken when connecting to Wowza Media Server to fully protect content from the latest "Leech" programs:
    Code:
    rtmpe://[wowza-ip-address]/[secureApplication]
    RTMPE network encryption security in Wowza Media Server 3.1.2 (and earlier) is provided as an AddOn for later Wowza server software versions. For more information, see How to get Wowza RTMPE AddOn.

    Note: Wowza Media Server® 2.0 or later is required.

    Related Articles




    About SecureToken



    SecureToken is a challenge/response-based security system that, when used in conjunction with RTMPE/RTMPTE, provides a high level of content protection against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret).

    The way SecureToken works is that when a client connects to Wowza Media Server, the provided custom module generates a unique key for the pending connection. The generated key is encrypted using a shared secret and is returned as part of the NetConnection.onStatus info object. The client decrypts the unique key using the same shared secret and sends the result back to the custom module. The server then compares this key to the originally generated key. The connection is aborted if the values don't match.

    Server Configuration



    1. Download and install Wowza Media Server.

    2. If you're running Wowza Media Server 3.1.2 or earlier, download the MediaSecurity Addon and copy the file wms-plugin-security.jar from the package /lib folder to the Wowza Media Server installation folder [install-dir]/lib. If you're running Wowza Media Server 3.5 or later, skip this step.

    3. Create a Wowza Media Server application to use with SecureToken [secureApplication]. For example, to name the application "vod", create the following folders:
      [install-dir]/applications/vod
      [install-dir]/conf/vod

    4. Copy [install-dir]/conf/Application.xml to [install-dir]/conf/vod.

    5. Open the newly copied [install-dir]/conf/vod/Application.xml file in a text editor and add the ModuleSecureToken module to the bottom of the <Modules> container. Make sure it's above the closing </Modules> tag.

      Wowza Media Server 3.5
      Code:
      <Module>
           <Name>ModuleSecureToken</Name>
           <Description>ModuleSecureToken</Description>
           <Class>com.wowza.wms.security.ModuleSecureToken</Class>
      </Module>
      Wowza Media Server 3.1.2 and earlier
      Code:
      <Module>
           <Name>ModuleSecureToken</Name>
           <Description>ModuleSecureToken</Description>
           <Class>com.wowza.wms.plugin.security.ModuleSecureToken</Class>
      </Module>
    6. Add the secureTokenSharedSecret property to the <Properties> container at the bottom of the Application.xml file.
      Code:
      <Property>
           <Name>secureTokenSharedSecret</Name>
           <Value>#ed%h0#w@1</Value>
      </Property>
      Where #ed%h0#w@1 is an example shared secret. Be sure to update this to your own value before putting your system into production. For more information, see Updating the Shared Secret.

    7. Restart Wowza Media Server.


    Player Configuration



    1. Download the JW Player 4.1 for Flash source code. JW Player is commercial software.

    2. Edit [jw-source-code]/com/jeroenwijering/models/RTMPModel.as to change the secure token value (around line 186):

      From:
      Code:
      TEA.decrypt(evt.info.secureToken,model.config['token']));
      To:
      Code:
      TEA.decrypt(evt.info.secureToken,"#ed%h0#w@1"));
    3. Open [jw-source-code]/player.fla in Adobe Flash CS3 and select File: Publish to generate a new [jw-source-code]/player.swf file.

    4. Edit [jw-source-code]/readme.html and change the flashvars param in the script section (around line 60):

      From:
      Code:
      <param name="flashvars" value="file=video.flv&image=preview.jpg" />
      To:
      Code:
      <param name="flashvars" value="streamer=RTMPE://[wowza-ip-address]/securetoken&file=sample.mp4"/>
      Where [wowza-ip-address] is the Wowza Media Server IP address. Note the usage of the RTMPE protocol.


    Updating the Shared Secret



    After you have the above working with the example shared secret, do the following to update the shared secret to your own value:

    1. Open [install-dir]/conf/vod/Application.xml in a text editor and change the secureTokenSharedSecret property to the new value.

    2. Restart Wowza Media Server.

    3. Edit [jw-source-code]/com/jeroenwijering/models/RTMPModel.as to change the string passed to the secureTokenResponse callback to the same value as above, and then use Flash CS3 to republish the player.swf file.