12 Replies Latest reply on Mar 19, 2010 5:48 PM by rshin

    client authentication

    smarcus99 Level 1

      Is there any support for client authentication as described in


      http://help.adobe.com/en_US/FlashMediaServer/3.5_Deving/WS5b3ccc516d4fbf351e63e3d11a0773d3 7a-7feb.html


      Specifically,


      var sUsername = "someUsername"; 
      var sPassword = "somePassword"; 
       
      nc.connect("rtmp://server/secure1/", sUsername, sPassword);
      
      

      I believe that I have to pass a custom NetLoader to the VideoElement constructor, but it would be great to have more framework support for this common use case...

       

      thx

        • 1. Re: client authentication
          bringrags Level 4

          Currently there's no support for this type of authentication.  It might be possible to do this through a custom subclass of NetLoader, although that might involve more work than it should.

           

          Can you file an enhancement request in our bug app?

           

          https://bugs.adobe.com/jira/browse/FM

           

          Thanks,

          Brian

          1 person found this helpful
          • 2. Re: client authentication
            smarcus99 Level 1

            I've entered the issue at https://bugs.adobe.com/jira/browse/FM-157

             

            thx

            • 3. Re: client authentication
              David_RealEyes

               

              Wow that is not so good to hear.

              To properly use a NetNegotiator do you have to use a NetConnectionFactory?

              Is there by chance a sample showing the use of a custom negotiator somewhere or can you at least point me in the direction?

              • 4. Re: client authentication
                cgguy

                Hi David. The AkamaiBasicStreamingPlugin has a custom NetNegotiator. If you want to implement client authentication you should look at that example to get started. You'll need to pass the authentication data in as metadata facets. You can do a search in the forums for information on how the plugin metadata works.

                • 5. Re: client authentication
                  David_RealEyes Level 1

                  so i looked at the akamai plugin code.

                  From what I can see they are not passing any params. They are only using url vars as I thought.

                  I see the general flow though.

                   

                  - Extend NetConnectionFactory

                  - overrise createNetNegotiator() and create your custom negotiator

                  [OPT A]

                  - in your custom negotiator that extends the NetNegotiator you override the createNetConnection() if you want to use a custom NetConnection

                       - if done this way I could pass params via the create() of the NetConnectionFactory if I duplicate all the exisiting code and pass to the createNetNegotiator() call - then pass into the custom NC [MESSY]

                  [OPT B]

                  - otherwise i can try to do something like override connect() in the Negotiator and rewrite both initializeConnectionAttempts()  and tryToConnect() and then override the create method once again in the factory (duplicate all that code as well) and then pass along to the connect() of the negotiator

                   

                  Both of these are horrible and make what should be a simple task very difficult. This is a very common operation for custom and enterprise media solutions, and unless I am greatly mistaken (which of course I hope I am) this could be a detriment to the OSMF project.

                   

                  All in all I think this illustrates the importance of being able to support outside the framework connection management at least as an option.

                  • 6. Re: client authentication
                    bringrags Level 4

                    We're looking into a better way to handle cases like this, I'll post a proposal once it's ready.

                    • 7. Re: client authentication
                      bringrags Level 4

                      Ok, here's the proposal.  There are two problems we're trying to solve:

                       

                      #1: Injecting a live NetConnection (in case you've already got one laying around, or because you want to handle port-protocol negotiation and/or authentication yourself).

                       

                      #2: Doing client authentication, but leveraging OSMF's existing port-protocol negotiation and connection sharing support.

                       

                      Solution to #1

                       

                      Has two parts:

                       

                      A. Introduce NetConnectionFactoryBase, which the current NetConnectionFactory will extend.  The former is a barebones contract for asynchronously creating and connecting a NetConnection.  The latter bolts on connection sharing and port-protocol negotiation.  Here's the code for NetConnectionFactoryBase:

                       

                          /**
                           * Dispatched when the factory has successfully created and connected a NetConnection
                           *
                           * @eventType org.osmf.events.NetConnectionFactoryEvent.CREATED
                           */
                          [Event(name="created", type="org.osmf.events.NetConnectionFactoryEvent")]
                         
                          /**
                           * Dispatched when the factory has failed to create and connect a NetConnection
                           *
                           * @eventType org.osmf.events.NetConnectionFactoryEvent.CREATION_FAILED
                           */
                          [Event(name="creationfailed", type="org.osmf.events.NetConnectionFactoryEvent")]

                       

                          /**
                           * The NetConnectionFactoryBase is a base class for objects that need to
                           * create and connect a NetConnection.
                           */   
                          public class NetConnectionFactoryBase extends EventDispatcher
                          {
                              /**
                               * Constructor.
                               */
                              public function NetConnectionFactoryBase()
                              {
                                  super();
                              }

                       

                              /**
                               * Begins the process of creating a new NetConnection and establishing the connection.
                               * Because the connection process may be asynchronous, this method does not return a
                               * result.  Instead, once the NetConnection is created and the connection either
                               * succeeds or fails, a NetConnectionFactoryEvent will be dispatched.
                               *
                               * <p>Subclasses must override this method.</p>
                               *
                               * @param resource The URLResource that requires the NetConnection.
                               */
                              public function createNetConnection(resource:URLResource):void
                              {
                                  throw new IllegalOperationError(OSMFStrings.getString(OSMFStrings.FUNCTION_MUST_BE_OVERRIDDEN));
                              }
                          }

                       

                       

                      B. Modify NetLoader so that you can pass in a NetConnectionFactoryBase (instead of NetConnectionFactory).  By default, however, NetLoader will continue to use a NetConnectionFactory, since most clients will want the default connection sharing and port-protocol negotiation.

                       

                      Thus, to inject your own live NetConnection, you would create a subclass of NetConnectionFactoryBase as follows:

                       

                      public class MyNetConnectionFactory extends NetConnectionFactoryBase

                      {

                          public function MyNetConnectionFactory(liveNetConnection:NetConnection)

                          {

                              this.liveNetConnection = liveNetConnection;

                          }


                          override public function createNetConnection(urlResource:URLResource):void

                          {

                              dispatchEvent(new NetConnectionFactoryEvent(NetConnectionFactoryEvent.CREATED, false, false, liveNetConnection, urlResource));

                          }

                      }

                       

                      and then pass that into the NetLoader constructor:

                       

                      var liveNetConnection:NetConnection = ... // get this from somewhere else

                      var myNCF:MyNetConnectionFactory = new MyNetConnectionFactory(liveNetConnection);

                      var videoElement:VideoElement = new VideoElement(MY_URL_RESOURCE, new NetLoader(myNCF));

                       

                      (Of course, passing in the NetConnection to the factory is overly simplistic, more likely you'd have some other class which generates it.)

                       

                      Solution to #2

                       

                      Has two parts:

                       

                      A. Define a new metadata namespace which can hold NetConnection arguments.  Clients can assign this to the URLResource that is passed to VideoElement.  Alternatively, a NetConnectionFactoryBase subclass could assign them to the resource, and the client wouldn't have to know anything about NetConnection arguments.

                       

                      B. Modify NetNegotiator to look for this metadata namespace and pass the arguments to NetConnection.connect.

                       

                      Thus, the client code would look something like this (names not finalized yet);

                       

                      var resource:URLResource = new URLResource(new URL(REMOTE_STREAM));
                      var kvFacet:KeyValueFacet = new KeyValueFacet(MetadataNamespaces.NETCONNECTION_METADATA);
                      kvFacet.addValue(MetadataNamespaces.NETCONNECTION_CONNECT_USERNAME, "brian");

                      kvFacet.addValue(MetadataNamespaces.NETCONNECTION_CONNECT_PASSWORD, "secret");
                      resource.metadata.addFacet(kvFacet);

                      videoElement.resource = resource;

                       

                      Alternatively, we could support arbitrary NetConnection.connect arguments, not sure if that's necessary.

                       

                      Questions

                       

                      1. Do these solutions address each use case in a reasonable way?  Note, for example, that I'm reluctant to completely do away with subclassing NetConnectionFactoryBase and just allowing you to pass in a NetConnection to NetLoader, since that feels like too constraining a solution (i.e. there may be other use cases that a very generic NetConnectionFactoryBase will solve).

                      2. Does NetConnection.connect need to accept arbitrary arguments, or is it always a set of credentials?

                      3. Any suggested changes?  Remaining major problems with the NetLoader/NetConnectionFactory/NetNegotiator design?

                      • 8. Re: client authentication
                        David_RealEyes Level 1

                        So to answer your questions directly:

                         

                        1. Do these solutions address each use case in a reasonable way?  Note, for example, that I'm reluctant to completely do away with subclassing NetConnectionFactoryBase and just allowing you to pass in a NetConnection to NetLoader, since that feels like too constraining a solution (i.e. there may be other use cases that a very generic NetConnectionFactoryBase will solve).

                         

                        --- #1 looks great, #2 I have some concerns which I have expressed.

                         

                        2. Does NetConnection.connect need to accept arbitrary arguments, or is it always a set of credentials?

                         

                        --- arbitrary for certain

                         

                        3. Any suggested changes?  Remaining major problems with the NetLoader/NetConnectionFactory/NetNegotiator design?

                         

                        Aside from seeing the arbitrary parameters process it looks like a major improvement. Honestly #2 seems a little complex for what used to be a very simple operation as it currently stands, but I see the consistency of how OSMF is handling other such items and I understand that and its only a few lines of code so I wouldn’t complain and I'll ignore anyone who does

                        • 9. Re: client authentication
                          rajdeeprath Level 1

                          Putting all the heavy discussion aside let me ask the question in a simple way again ?

                          Ho can i pass parameters to a rtmp application when using OSMF (1.0). Below id the code how i passed parameters to RTMP application using what was prescribed. But i dont recieve my parameters on server end. i can confirm that.

                           

                          var vector:Vector.<Object> = new Vector.<Object>();
                          vector[0] = "rajdeep";
                          vector[1] = "xyz123";
                          
                          // TODO Auto-generated method stub
                          
                          mediaElement = new VideoElement(new StreamingURLResource(REMOTE_STREAMING,StreamType.LIVE_OR_RECORDED,NaN,NaN,vector),new NetLoader);
                          
                          // We need a DisplayObject for the video
                          container = new MediaContainer();; 
                          // feed the display object a media element
                          container.addMediaElement( mediaElement ); 
                          // Flex requires a DisplayObject to be wrapped in Flex Framework UI Abstraction
                          videoParent.addChild( container ); 
                          
                          // MediaPlayer is a virtual controller. Assign it a media element and it will autoplay the media by default.
                          mediaPlayer = new MediaPlayer(mediaElement);
                          mediaPlayer.addEventListener(MediaPlayerStateChangeEvent.MEDIA_PLAYER_STATE_CHANGE,onMediaPlayerState);
                          
                          container.width = 320;
                          container.height = 240;
                          

                           

                          can some one suggest something?

                          • 10. Re: client authentication
                            bringrags Level 4

                            What you're doing looks correct.  Note that this is being tracked as bug FM-157, which is marked as fixed but which hasn't been verified yet (so it's possible that the fix isn't complete).  I'd recommend you track that bug, as our QE should be regressing it in the coming days.

                            • 11. Re: client authentication
                              bringrags Level 4

                              Looks like there was a bug preventing the connection params from being passed through, but it should be fixed in public trunk (revision 14780).  Let us know whether that fixes your problem.

                              • 12. Re: client authentication
                                rshin Level 3

                                It was verified to work ok. Closed the bug and posted a simple case connecting to a FMS server application that has a simple logic to auth the connection.

                                Please reverify with the latest sync to OSMF. If it doesn't still work, it is likely in the server side script or web service, in which case it would be helpful to share what enviroment you are setting for server side (web service, db, server side script).

                                 

                                Ryan