7 Replies Latest reply on Feb 18, 2010 10:33 AM by Michael Thornburgh

    How to setup a group with autentication


      Hi, Every body,


      I am new in this forum, I found Stratus is a so exciting platform, now I need your help.


      I want to setup a group with posting autentication, in the group, some one has the posting right, others have not. I found the "groupspecWithAuthentication, groupspecWithoutAuthentication,  encodePostingAuthorization´╝îsetPostingPassword" etc. but I cant understand how to use them.


      I have dived in this forum and the reference of Stratus 2.0 beta( here) for several days, and I have tried the samples posted by Mike, and I have study almost all threads in this forum, but I still cant find the clue.


      Please help me out, thanks advanced,

        • 1. Re: How to setup a group with autentication
          Michael Thornburgh Adobe Employee

             var gs:GroupSpecifier = new GroupSpecifier("com.example.mygroup/authenticated-chat");

             gs.postingEnabled = true;

             gs.serverChannelEnabled = true;

             gs.setPostingPassword("password", netConnection.nearID); // password should be a real, unguessable password

             var groupspecForOthers:String = gs.groupspecWithoutAuthorizations();

             var groupspecForPoster:String = gs.groupspecWithAuthorizations();


          the easiest way to not divulge the password at all is to precompute these groupspecs and store them/retrieve them from a web server at run time.  or bake the groupspecs themselves into the swf (after generating them elsewhere).  perhaps have one swf for others and one swf for the poster, and get them via HTTPS (perhaps requiring web authentication to get the one for the poster).


          an alternate way to generate groupspecForPoster is:


             var groupspecForPoster:String = groupspecForOthers + GroupSpecifier.encodePostingAuthorization("password");


          then you could have one swf with groupspecForOthers baked in.  you could pop up a password dialog to get the password from the user (so the user would have to know it already).  you could then generate the groupspecForPoster as shown above.





          • 2. Re: How to setup a group with autentication
            moris351 Level 1

            Thank you, Mike, for your timely reply. Forgive me the delay, because now is our most important festival, I just back from a party.


            Now I understand, but I still wonder,


            1. if a group is in running, and a authorized user has joined. Now he misdoes, I want to withdraw the authentication, how can I? revise the password and recreate the group?


            2. How can I setup a group, just authorized users can join? I know I can use secret group name, but if authorized user divulge the group name, others without autentication can join the group too. ( because the swf easy to reverse, hacker can sniff the opaque groupspec string, revise the swf, impersonate authorized user, etc).


            3. How can I banishment a misdoer from my group?


            Thanks again for your time.

            • 3. Re: How to setup a group with autentication
              Michael Thornburgh Adobe Employee

              1. if you want to use group authorizations for that kind of access control, then yes, your only recourse is to revise the password, recreate the group, and have everyone in the old group join the new one.


              2. at the current time, anyone who knows the secret group name can join.  from an information leakage/participation point of view, there's no difference between an authorized user giving out the secret group name vs. an authorized user divulging the information they learn in the group, or of the authorized user injecting information into the group on behalf of the unauthorized one.  hackers can decompile the swf to find a baked in groupspec string, but you can store the groupspec string on an HTTPS web server and require authenticated access to that server to retrieve it.


              3. you can't force an existing member of a group to leave.



              • 4. Re: How to setup a group with autentication
                satheeshpallath12 Level 1



                I read all your replies.It really make to know more in about groupsprec.I also doing a video chat application using stratus(FP 10).what i want to know is that all who connected to stratus are grouped  using  NetGroup.I am using flex 3 with SDK 3.2,FP 10.Can i make use of Netgroup in my application?

                Can u send any  video tutorial or sample code available for the netgroup wth authentication and without authentication?



                • 5. Re: How to setup a group with autentication
                  Michael Thornburgh Adobe Employee

                  the new RTMFP Groups features, including NetGroup and group NetStreams, require Flash Player 10.1 or above.  Flash Player 10.1 is currently in beta prerelease.


                  i posted some samples from my MAX 2009 lab session back in november, illustrating using NetGroup for text chat using posting, group NetStreams for streaming video with P2P multicast, and Stratus server channel for automatic group bootstrap.  please see this thread:





                  • 6. Re: How to setup a group with autentication
                    moris351 Level 1

                    Hi, Mike, thanks for your reply.


                    I think if there is a super user with the rights of banishing a member from group, withdrawing the publishing authorization, interrupting others speech, and dissolving the group, the solution is perfect, otherwise if the group in disorder, nobody can rescue.


                    I found a method in NetGroup named addMemberHint, I guess it is for add a member to group, why there is not a removeMemberHint like method?


                    Hope I am not using your too much time.


                    Thanks again.



                    • 7. Re: How to setup a group with autentication
                      Michael Thornburgh Adobe Employee

                      NetGroup.addNeighbor() and .addMemberHint() are for assisting (or bootstrapping) the self-organizing topology system.  they don't have anything to do with access control, and the peers you give to those methods must already be joined to the group.


                      RTMFP groups are decentralized, cooperative, self-organizing systems.  if you need a central point of control, you can use a central server, like FMS.