How to do user authentication for Flash RTMP client using JDBC connection to MySQL database

The following example code shows how to restrict access to files on a Wowza media server to registered users by implementing a login module. This example uses a MySQL database to store the user details.

  1. Download the official JDBC driver for MySQL.
  2. Unzip the driver archive and copy the driver mysql-connector-java-5.0.5-bin.jar to the Wowza media server software installation folder [install-dir]/lib.

The server-side Java code looks something like this:

package com.mycompany.wms.dbtest;

import java.sql.*;

import com.wowza.wms.application.*;
import com.wowza.wms.amf.*;
import com.wowza.wms.client.*;
import com.wowza.wms.module.*;
import com.wowza.wms.request.*;

public class DBTest extends ModuleBase 
{
	public void onAppStart(IApplicationInstance appInstance)
	{
		// preload the driver class
		try
		{
			Class.forName("com.mysql.jdbc.Driver").newInstance();
		}
		catch (Exception e)
		{
			getLogger().error("Error loading: com.mysql.jdbc.Driver: "+e.toString());
		}
	}

	public void onConnect(IClient client, RequestFunction function, AMFDataList params)
	{

		String userName = getParamString(params, PARAM1);
		String password = getParamString(params, PARAM2);


		Connection conn = null;
		try
		{
			conn = DriverManager.getConnection("jdbc:mysql://localhost/test?user=monty&password=greatsqldb");

			Statement stmt = null;
			ResultSet rs = null;

			try
			{
				stmt = conn.createStatement();
				rs = stmt.executeQuery("SELECT count(*) as userCount FROM users where username = '"+userName+"' and password = '"+password+"'");
				if (rs.next() == true)
				{
				    if (rs.getInt("userCount") > 0)
					{
						client.acceptConnection();
					}
				}

			}
			catch (SQLException sqlEx)
			{
				getLogger().error("sqlexecuteException: " + sqlEx.toString());
			}
			finally
			{
				// it is a good idea to release
				// resources in a finally{} block
				// in reverse-order of their creation
				// if they are no-longer needed

				if (rs != null)
				{
					try
					{
						rs.close();
					}
					catch (SQLException sqlEx)
					{

						rs = null;
					}
				}

				if (stmt != null)
				{
					try
					{
						stmt.close();
					}
					catch (SQLException sqlEx) 
					{
						stmt = null;
					}
				}
			}

			conn.close();
		}
		catch (SQLException ex)
		{
			// handle any errors
			System.out.println("SQLException: " + ex.getMessage());
			System.out.println("SQLState: " + ex.getSQLState());
			System.out.println("VendorError: " + ex.getErrorCode());
		}

		getLogger().info("onConnect: " + client.getClientId());
	}

	static public void onConnectAccept(IClient client)
	{
		getLogger().info("onConnectAccept: " + client.getClientId());
	}

	static public void onConnectReject(IClient client)
	{
		getLogger().info("onConnectReject: " + client.getClientId());
	}

	static public void onDisconnect(IClient client)
	{
		getLogger().info("onDisconnect: " + client.getClientId());
	}

}
  1. Edit your Application.xml file to add a reference to this new module to the <Modules> section and then set Connections/AutoAccept to false.
     
  2. To help protect against download software that attaches to your RTMP streams, set Connections/AllowDomains to the domain name of your player SWF file. This will add a layer of protection to help prevent 3rd-party SWFs from connecting to your server.
 

Originally Published: 10-03-2010.

If you're having problems or want to discuss this article, post in our forum.