• How to do user authentication for Flash RTMP client using JDBC connection to MySQL database

    The following sample code shows how to restrict access to files on a Wowza media server to registered users by implementing a login module. This example uses a MySQL database to store the user details.

    Instructions

    1. Download the official JDBC driver for MySQL.

    2. Unzip the driver archive and copy the driver mysql-connector-java-5.0.5-bin.jar to the Wowza media server software installation folder [install-dir]/lib.

      The server-side Java code would look something like this:
      package com.mycompany.wms.dbtest;
      
      import java.sql.*;
      
      import com.wowza.wms.application.*;
      import com.wowza.wms.amf.*;
      import com.wowza.wms.client.*;
      import com.wowza.wms.module.*;
      import com.wowza.wms.request.*;
      
      public class DBTest extends ModuleBase 
      {
      	public void onAppStart(IApplicationInstance appInstance)
      	{
      		// preload the driver class
      		try 
      		{
      			Class.forName("com.mysql.jdbc.Driver").newInstance(); 
      		} 
      		catch (Exception e) 
      		{ 
      			getLogger().error("Error loading: com.mysql.jdbc.Driver: "+e.toString());
      		} 
      	}
      
      	public void onConnect(IClient client, RequestFunction function, AMFDataList params) 
      	{
      		
      		String userName = getParamString(params, PARAM1);
      		String password = getParamString(params, PARAM2);
      
      		
      		Connection conn = null;
      		try 
      		{
      			conn = DriverManager.getConnection("jdbc:mysql://localhost/test?user=monty&password=greatsqldb");
      
      			Statement stmt = null;
      			ResultSet rs = null;
      
      			try 
      			{
      				stmt = conn.createStatement();
      				rs = stmt.executeQuery("SELECT count(*) as userCount FROM users where username = '"+userName+"' and password = '"+password+"'");
      				if (rs.next() == true)
      				{
      				    if (rs.getInt("userCount") > 0)
      					{
      						client.acceptConnection();
      					}
      				}
      
      			} 
      			catch (SQLException sqlEx) 
      			{
      				getLogger().error("sqlexecuteException: " + sqlEx.toString());
      			} 
      			finally 
      			{
      				// it is a good idea to release
      				// resources in a finally{} block
      				// in reverse-order of their creation
      				// if they are no-longer needed
      
      				if (rs != null) 
      				{
      					try 
      					{
      						rs.close();
      					} 
      					catch (SQLException sqlEx) 
      					{
      
      						rs = null;
      					}
      				}
      
      				if (stmt != null) 
      				{
      					try 
      					{
      						stmt.close();
      					} 
      					catch (SQLException sqlEx) 
      					{
      						stmt = null;
      					}
      				}
      			}
      
      			conn.close();
      		} 
      		catch (SQLException ex) 
      		{
      			// handle any errors
      			System.out.println("SQLException: " + ex.getMessage());
      			System.out.println("SQLState: " + ex.getSQLState());
      			System.out.println("VendorError: " + ex.getErrorCode());
      		}
      
      		getLogger().info("onConnect: " + client.getClientId());
      	}
      
      	static public void onConnectAccept(IClient client) 
      	{
      		getLogger().info("onConnectAccept: " + client.getClientId());
      	}
      
      	static public void onConnectReject(IClient client) 
      	{
      		getLogger().info("onConnectReject: " + client.getClientId());
      	}
      
      	static public void onDisconnect(IClient client) 
      	{
      		getLogger().info("onDisconnect: " + client.getClientId());
      	}
      
      }
    3. Edit your Application.xml file to add a reference to this new module to the <Modules> section and then set Connections/AutoAccept to false.

    4. To help protect against download software that attaches to your RTMP streams, set Connections/AllowDomains to the domain name of your player SWF file. This will add a layer of protection to help prevent 3rd-party SWFs from connecting to your server.



    If you're having problems or want to discuss this article, post in our forum.