• How to integrate Wowza user authentication with external authentication systems (ModuleRTMPAuthenticate)

    This article describes how to use AuthenticateUsernamePasswordProviderBase with the ModuleRTMPAuthenticate module to intercept requests for username/password so that you can use a database instead of a password file to authenticate encoders.

    Note: The ModuleRTMPAuthenticate module is built-in with Wowza Media Server™ 3.5. If you're using an earlier version of Wowza Media Server software, you must download the MediaSecurity Addon package to get the module. Download and unzip the MediaSecurity Addon package, copy the wms-plugin-security.jar file from the package /lib folder to the Wowza Media Server /lib folder, and then restart Wowza Media Server.

    Configuration

    1. Open [install-dir]/conf/[application]/Application.xml in a text editor and add the following <Module> definition as the last entry in the <Modules> list:
      <Module>
      	<Name>ModuleRTMPAuthenticate</Name>
      	<Description>ModuleRTMPAuthenticate</Description>
      	<Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class>
      </Module>
      Note: If you're running Wowza Media Server 3.1.2 or earlier, add the following <Module> definition as the last entry in the <Modules> list instead:
      <Module>
           <Name>ModuleRTMPAuthenticate</Name>
           <Description>ModuleRTMPAuthenticate</Description>
           <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
      </Module>
    2. Download the JDBC driver for MySQL, and then copy the appropriate MySQL JDBC .jar file to the Wowza Media Server /lib folder.

    3. Use the Wowza IDE to build the following code:
      package com.wowza.wms.example.authenticate;
      
      import com.wowza.wms.authentication.*;
      import com.wowza.wms.logging.WMSLoggerFactory; 
      import java.sql.*;
      
      public class AuthenticateUsernamePasswordProviderExample extends AuthenticateUsernamePasswordProviderBase
      {
      	public String getPassword(String username)
      	{
      		// return password for given username		
      		String pwd = null;
      		
      		WMSLoggerFactory.getLogger(null).info("Authenticate getPassword username: " + username);
      		
      		Connection conn = null;
      		try 
      		{
      			conn = DriverManager.getConnection("jdbc:mysql://localhost/wowza?user=root&password=mypassword");
      
      			Statement stmt = null;
      			ResultSet rs = null;
      
      			try 
      			{
      				stmt = conn.createStatement();
      				rs = stmt.executeQuery("SELECT pwd FROM users where username = '"+username+"'");
      				while (rs.next())
      				{
      					pwd = rs.getString("pwd");
      				}
      
      			} 
      			catch (SQLException sqlEx) 
      			{
      				WMSLoggerFactory.getLogger(null).error("sqlexecuteException: " + sqlEx.toString());
      			} 
      			finally 
      			{
      				if (rs != null) 
      				{
      					try 
      					{
      						rs.close();
      					} 
      					catch (SQLException sqlEx) 
      					{
      
      						rs = null;
      					}
      				}
      
      				if (stmt != null) 
      				{
      					try 
      					{
      						stmt.close();
      					} 
      					catch (SQLException sqlEx) 
      					{
      						stmt = null;
      					}
      				}
      			}
      
      			conn.close();
      		} 
      		catch (SQLException ex) 
      		{
      			// handle any errors
      			System.out.println("SQLException: " + ex.getMessage());
      			System.out.println("SQLState: " + ex.getSQLState());
      			System.out.println("VendorError: " + ex.getErrorCode());
      		}
      		
      		return pwd;
      	}
      	
      	public boolean userExists(String username)
      	{
      		// return true is user exists
      		return false;
      	}
      }
    4. Implementation:

      1. To intercept RTMP authentication, add the following property to the <Properties> container at the bottom of [install-dir]/conf/[application]/Application.xml (be sure to add the property to the correct <Properties> container - there are several in Application.xml).
        <Property>
        	<Name>usernamePasswordProviderClass</Name>
        	<Value>com.wowza.wms.example.authenticate.AuthenticateUsernamePasswordProviderExample</Value>
        </Property>
      2. To intercept RTP authentication, add the usernamePasswordProviderClass property to [install-dir]/conf/Authentication.xml /Digest Properties list (or to the /Basic Properties list if you're using basic authentication):
        <Method>
        	<Name>digest</Name>
        	<Description>Digest Authentication</Description>
        	<Class>com.wowza.wms.authentication.AuthenticateDigest</Class>
        	<Properties>
        		<Property>
        			<Name>passwordFile</Name
        			<Value>${com.wowza.wms.context.VHostConfigHome}/conf/publish.password</Value>
        		</Property>
        		<Property>
        			<Name>realm</Name>
        			<Value>Streaming Server</Value>
        		</Property>
        		<Property>
        			<Name>usernamePasswordProviderClass</Name>
        			<Value>com.wowza.wms.example.authenticate.AuthenticateUsernamePasswordProviderExample</Value>
        		</Property>
        	</Properties>
        </Method>

    5. Restart Wowza Media Server.

    Originally Published: 02-24-2011.
    Updated: For Wowza Media Server 3.5 on 12-03-2012.

    If you're having problems or want to discuss this article, post in our forum.