How to integrate Wowza user authentication with external authentication systems (ModuleRTMPAuthenticate)

This article describes how to use AuthenticateUsernamePasswordProviderBase with the ModuleRTMPAuthenticate module to intercept requests for username/password so that you can use a database instead of a password file to authenticate encoders.

Note: The ModuleRTMPAuthenticate module is built-in with Wowza Media Server™ 3.5. If you're using an earlier version of Wowza Media Server software, you must download the MediaSecurity Addon package to get the module. Download and unzip the MediaSecurity Addon package, copy the wms-plugin-security.jar file from the package /lib folder to the Wowza Media Server /lib folder, and then restart Wowza Media Server.

Configuration

  1. Open [install-dir]/conf/[application]/Application.xml in a text editor and add the following <Module> definition as the last entry in the <Modules> list:
    <Module>
    	<Name>ModuleRTMPAuthenticate</Name>
    	<Description>ModuleRTMPAuthenticate</Description>
    	<Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class>
    </Module>
    Note: If you're running Wowza Media Server 3.1.2 or earlier, add the following <Module> definition as the last entry in the <Modules> list instead:
    <Module>
         <Name>ModuleRTMPAuthenticate</Name>
         <Description>ModuleRTMPAuthenticate</Description>
         <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
    </Module>
  2. Download the JDBC driver for MySQL, and then copy the appropriate MySQL JDBC .jar file to the Wowza Media Server /lib folder.
     
  3. Use the Wowza IDE to build the following code:
    package com.wowza.wms.example.authenticate;
    
    import com.wowza.wms.authentication.*;
    import com.wowza.wms.logging.WMSLoggerFactory;
    import java.sql.*;
    
    public class AuthenticateUsernamePasswordProviderExample extends AuthenticateUsernamePasswordProviderBase
    {
    	public String getPassword(String username)
    	{
    		// return password for given username
    		String pwd = null;
    
    		WMSLoggerFactory.getLogger(null).info("Authenticate getPassword username: " + username);
    
    		Connection conn = null;
    		try
    		{
    			conn = DriverManager.getConnection("jdbc:mysql://localhost/wowza?user=root&password=mypassword");
    
    			Statement stmt = null;
    			ResultSet rs = null;
    
    			try
    			{
    				stmt = conn.createStatement();
    				rs = stmt.executeQuery("SELECT pwd FROM users where username = '"+username+"'");
    				while (rs.next())
    				{
    					pwd = rs.getString("pwd");
    				}
    
    			}
    			catch (SQLException sqlEx)
    			{
    				WMSLoggerFactory.getLogger(null).error("sqlexecuteException: " + sqlEx.toString());
    			}
    			finally
    			{
    				if (rs != null)
    				{
    					try
    					{
    						rs.close();
    					}
    					catch (SQLException sqlEx) 
    					{
    
    						rs = null;
    					}
    				}
    
    				if (stmt != null)
    				{
    					try
    					{
    						stmt.close();
    					}
    					catch (SQLException sqlEx)
    					{
    						stmt = null;
    					}
    				}
    			}
    
    			conn.close();
    		}
    		catch (SQLException ex)
    		{
    			// handle any errors
    			System.out.println("SQLException: " + ex.getMessage());
    			System.out.println("SQLState: " + ex.getSQLState());
    			System.out.println("VendorError: " + ex.getErrorCode());
    		}
    
    		return pwd;
    	}
    
    	public boolean userExists(String username)
    	{
    		// return true is user exists
    		return false;
    	}
    }
  4. Implementation:
     
    1. To intercept RTMP authentication, add the following property to the <Properties> container at the bottom of [install-dir]/conf/[application]/Application.xml (be sure to add the property to the correct <Properties> container - there are several in Application.xml).
      <Property>
      	<Name>usernamePasswordProviderClass</Name>
      	<Value>com.wowza.wms.example.authenticate.AuthenticateUsernamePasswordProviderExample</Value>
      </Property>
    2. To intercept RTP authentication, add the usernamePasswordProviderClass property to [install-dir]/conf/Authentication.xml /Digest Properties list (or to the /Basic Properties list if you're using basic authentication):
      <Method>
      	<Name>digest</Name>
      	<Description>Digest Authentication</Description>
      	<Class>com.wowza.wms.authentication.AuthenticateDigest</Class>
      	<Properties>
      		<Property>
      			<Name>passwordFile</Name
      			<Value>${com.wowza.wms.context.VHostConfigHome}/conf/publish.password</Value>
      		</Property>
      		<Property>
      			<Name>realm</Name>
      			<Value>Streaming Server</Value>
      		</Property>
      		<Property>
      			<Name>usernamePasswordProviderClass</Name>
      			<Value>com.wowza.wms.example.authenticate.AuthenticateUsernamePasswordProviderExample</Value>
      		</Property>
      	</Properties>
      </Method>
  5. Restart Wowza Media Server.

Originally Published: 02-24-2011.
Updated: For Wowza Media Server 3.5 on 12-03-2012.
 

If you're having problems or want to discuss this article, post in our forum.