I found that I can secure the authentication by implementing WowUsernamePasswordProvider and use ModuleRTMPAuthenticate as additional module.
My problem is that my system is not saving the passwords of the users in the DB and therefore the interface that ask me to implement getPassword(String username) can't help me.
I want to send both the username and the password to my system to decide if the combination is valid or not.
I guess that I could do that if I had the source code of ModuleRTMPAuthenticate and could take what I need out of it, but I couldn't find it or decompile it properly.
Can you think of any solution?