Results 1 to 3 of 3

Thread: FMLE Authentication from database

Threaded View

  1. #1
    Join Date
    Dec 2010
    Posts
    2

    Default FMLE Authentication from database

    Hi, I've been trying to implement some module that makes the following:

    1. Stream with FMLE and ask me for username and password, but the username and password are stored in an external database.

    My main limitation is that the passwords in the database are kind of encrypted by the MD5 + SHA1 hash methods (just one way), so there's no way I can decode them with functions written in a wowza java module.

    The only option I see is to read the password value given from FMLE, and make the process of hashing inside the module (encrypt it), and then compare it with the given field from database (encrypted)....

    But I don't know exactly how to override the class and function that compares the password given from FMLE with the "authorized one".

    What I did was installing the Media Security AddOn to get the FMLE authentication (it was successfull), then I used the following example where I'm supposed to get the password from database and return it to main function:

    Code:
    import com.wowza.wms.authentication.*;
    
    public class AuthenticateUsernamePasswordProviderExample extends AuthenticateUsernamePasswordProviderBase
    {
    
    	public String getPassword(String username)
    	{
    		// return password for given username
    	   try
    	   { 
                   //here I'm supposed to get the password from database, but I used a           known value for testing
    
    		return "dbebca499a1a30e0704f21362eb8555ded50eee0";
    
    	   }
    	   catch (Exception e)
    	   {
    	   //
    		   return null;
    	   }
    	}
    
    	public boolean userExists(String username)
    	{
    		// return true if user exists
    		return true;
    	}
    }
    It worked as well, but I had to put the encrypted value on the password field

    then I followed this post:
    http://www.wowzamedia.com/forums/sho...=6799#post6799

    And tried to implement my "code" on this part:

    Code:
    if (username != null && password != null)
    				{
    					String authPassword = filePtr.getPassword(username);
    					try
    					{
                                           /*the algorithm that encrypts the password given and compares to the authorized pw
                                           (the encrypted one I sent from database in function AuthenticateUsernamePasswordProviderExample)
    
                                            sha1 and md5 Algorithms are written on bottom
                                            */
    					if (authPassword.equals(sha1(md5(password)+"xkm3ty2a")))
    					{
    						isValid = true;
    						isAuthenticated = true;
    					}
    					}
    					catch (Exception ex)
    					{
    					//do nothing
    					}
    				}

    I modified the Authentication.xml and set the package of my custom class on Basic Authentication, and set publish method to basic on Application.xml but nothing happens. I suppose that's because of MediaSecurity AddOn works with its own digest authentication, or something.

    Any suggestions or hints?
    I would be very appreciate


    Laura
    Last edited by lauradgh; 12-10-2010 at 05:12 AM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •