Java :: Flash - Rewriting Inbound Server Authorization Headers Prior To Authentication?
Feb 16, 2011
Authentication is performed with Basic auth over SSL (although the password inside the basic auth is SHA-2'ed). The issue is that using basic authentication for the Flash client is causing the standard browser log-in box to appear because of "WWW-Authentication: Basic" in the header. Flash is unable to bypass this by manually setting the Authorization header prior to the request.Other clients need to be able to authenticate via the existing mechanisms, so rewriting the authentication logic would not be ideal.
I have the idea that the authorization headers sent to and received from flash client could be dynamically rewritten to use another name for Basic auth which would cause the browser not to understand the auth mechanism and not present the dialog box. Authentication headers to and from Tomcat could be rewritten from "WWW-Authenticate: Basic" to "WWW-Authenticate: PretendBasic" but ideally the built in container security could still handle the basic auth after the rewrite.
I wrote a filter to rewrite inbound headers as "WWW-Authenticate: PretendBasic" as "WWW-Authenticate: Basic" hoping the next filter chain would be auth and the request would be handled as normal. Unfortunately the Servlet specification states that a filter cannot be inserted prior to authentication. I think the only possibility of this working is to create a stackable JAAS authentication module that would first perform a header rewrite on requests if coming from the Flash client, and then pass authentication through to the existing container managed security systems.
View 2 Replies
Similar Posts:
Sep 25, 2010
Are there any differences implementing Flex application security in a clustered Java environment (such as Oracle Application Server/OC4J or a JBoss cluster) vs a single application server environment? (And/or does it depend on the specific environment software?)
What considerations are there in a situation where you need to authenticate with LDAP (AD) and store user access information in a database (ex. USER table containing username + permissions/roles info)? Any differences between Blaze DS and Granite DS?
View 1 Replies
Nov 17, 2011
I have to connect to a third party tool for getting authorization, the tool is called superman which my client uses. Not sure whether this is inhouse or bought. I am using Spring security for authenticating, getting user is done by providing the query externally to JDBC service. When authorization query specific to this tool is executed, I get the following error:
[Code]...
View 1 Replies
Jul 9, 2011
I have an application that is coded using Flex 3 on UI side and java @ the service layer, along with BlazeDS. Now we need to authorize the users accessing the system based on the roles that are defined for them in the database, e.g. : say a user with role guest should not be able to access Admin tab on ui and also should not be able to do any operations other than viewing the data displayed on dashboard. Also the point to note here is that roles can be created dynamically by Super users from UI. I came across this link which describes how to perform Role Based Authentication & Authorization. With this approach I need to define the roles in service-config.xml but since my roles are not pre-defined I cannot go with this.
View 1 Replies
Aug 5, 2011
So we're trying to come up with a way to automatically assess the "quality" of streams published to an FMS. So far, I've come down to 3 different statistics:
* Round-trip ping time to client (using the Client.ping() method and Client.getStats().ping_rtt.
* A home-grown jitter calculation that compares the deviation between wallclock and media time for an inbound stream, e.g., I get N+/-M seconds of media over a period of N seconds of wallclock time. How big is M on average? (uses Stream.time and Date.getTime()).
* How much packet loss are we getting?
For this third metric, I have the client sending up period reports containing tuples of <media_time, cum_bytes_sent>, where media_time is provided by NetStream.time and cum_bytes_sent is provided by NetStreamInfo.byteCount. I'm then comparing these samples to a similar set of samples obtained on the server via Stream.time and Client.getStats().bytes_in. Unfortunately, these two data sources do not seem to be measuring exactly the same thing. While they are close to each other, the received bandwidth (e.g., measured by the server) always seems to exceed the sent bandwidth (measured by the client) by a small amount (e.g., 0.5% to 2%) on a clean network.
The goal of this whole exercise is to enable to server to automatically detect when a client is having problems (either network or local CPU). Among other things, this will trigger us to tell the client to try sending a lower-bitrate stream.
So, my questions:
* Is there a method for me to reliably calculate (or obtain) a packet loss factor? With something like RTP, I could simply look for holes in sequence numbers, but I don't see any APIs that would give me that sort of information via FMS (our inbound streams are usually RTMFP).
* If there isn't a way for me to get a clean packet loss factor, is there another quality metric I should be looking at?
View 12 Replies
Sep 6, 2010
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files.
Below is the SOAP envelop required by the service.
[Code]...
View 1 Replies
May 8, 2010
Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples.I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based).Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.
View 3 Replies
Feb 4, 2011
Some background: I have a Flex app embedded in an HTML page and am using Flex to send a soap request to my Java backend that does some authentication depending on the username and password entered in the Flex form. If I enter the correct login everything works fine and the Flex app can continue making further requests. But with an incorrect username/password, an "Authentication Required" dialog box pops up in my Browser and my Flex app won't respond with its proper handler until I click cancel. I'd like to get rid of the dialog box somehow,
View 2 Replies
Dec 29, 2009
We're using :
JBoss 5
Flex SDK 3.5
BlazeDS 3, with integrated authentication (through JAAS and JBossSX)
Failed login are always indicated to the flex client by the same fault code : Client.Authentication
However, the underlying JAAS LoginModule throws a specific javax.security.auth.login.LoginException subclass.
How can we propagate the failed login reason to the flex client ?
View 1 Replies
Mar 31, 2010
have been searching throughout forums looking for an easy effecitve way to set up authenication between Flash media interactive server and flash media live encoder such that we dont have any rogue publishers. I see alot of people talking about the fact that it can be done but have yet to find a document or post that outlines the modules needed and procudures to make work. Does anyone have a good link that outlines this or document
View 2 Replies
Jul 29, 2010
is it possible for me to build a server in java so that i can let my different flash clients communicate with each other?
View 3 Replies
Apr 28, 2010
I have a windows server(2003) with FMS 3.01 and already installed Authentication Add-in (3)... Already open' up a command prompt and added users using users.exe ($ROOT/conf) and checking them after, but when i go and publish something with FMLE 3, it still doesn't promp for a user and pass login. Restarted the server and everything else, and nothing seems to work!
View 16 Replies
Aug 4, 2011
I'm building a Facebook multiplayer game where the client side is in FLEX and the server side is in Java and I wanted to know if there is a guide on how to build the server clients managing system. When I say server clients managing system, I mean a server which many clients will connect to and will be able to choose between tables to join and play or to create their own table, same way as in texas holdem poker.
View 1 Replies
Feb 22, 2010
I'm using FMS 3.5.3 Developer edition and trying some VOD solution before I can proceed to purchase FMIS 3.5. Basically, I need to have a mechanism for certain sets of flash movies to be secured by user authentication.
Now, for Apache, I can secure a directory of webpages by using .htaccess; whilst for IIS or Windows Media Service, I can use NTFS ACL at directory level. My question is: How can I setup a VOD subdirectory that every video files inside need to be authenticated before streaming to client. The authentication authority can be either Active Directory or LDAP.
I've read the developer guide and notice that such authentication requires both client-side and server-side ActionScript. But I'm not a Flash author and I don't have Adobe Flash CSx installed. Can't this simple authentication be done at configuration level?
View 5 Replies
Jul 21, 2010
when i enter the following commend users add -u username -p password it returned the following error users: invalid option -- u
View 7 Replies
Jun 23, 2011
The FMS_auth_addin_win_v3.msi insists to put the files into C:Program Files (x86)AdobeFlash Media Server 4conf but the server is installed in C:Program FilesAdobeFlash Media Server 4. I nuked all the Abobe content in the 32 bit area, but it keeps re-installing it there. The server used to run 32-bit FMS 3.5, but since we upgraded, I can't get the authentication addin to work. Can I just copy the thing over?
View 11 Replies
Mar 30, 2011
I have installed the Authentication Add-In on a FMS 3.5.5 Development version, running Windows 2008 Server.I can easily get to the users.exe command prompt and add users with no problem.BUT, when I open the Flash Media Live Encoder and go to enter a username/password when connecting to the server, I keep getting "User Not Found".I've went back several times using users.exe and tested for my user credentials and it always states that the user is there.
View 1 Replies
Jul 21, 2009
I was pretty confused while stetting up a FMS and reading the docs. Live Streaming is by default enabled for everyone without password. Then I discovered and installed the authentication module. But this does not work and is not well documented. Also the download page states that it will work with FMS but some lines below it is stated that: "the Flash Media Server Authentication Add-In is only available for the Flash Media Interactive Server and the Flash Media Developer Server. This Add-In does not work with the Flash Media Streaming Server." hmmm. Confusing. How can I prevent that everyone is using my server for live streaming?
View 16 Replies
Jun 24, 2011
I use Ubuntu server 10.4 64bit and have Flash streaming server 3.5.5 working fine For security reason I also installed Authentication Addin on FMS and was able to add user using command /opt/adobe/fms/conf/users add -u FlashSAC -p pass. I verified and the user FlashSAC was added to the User.dat located opt/adobe/fms/conf. However when I used Live Encoder 3.1 to send a live stream to FMS, it worked without prompting for username and password at all. I tested Authentication Addin with Flash streaming server 3.5.5 on Windows XP and it prompted for username and password.
View 6 Replies
Feb 21, 2012
I am working on creating an FMS application which does an authentication on server side too. I hvae gone through a number of tutorials and the developer guide but not able to find a correct way to start working on this. I have been able to create a sample application which authenticates few parameters on the server side using the main.asc file with code for authentication on onConnect method. My main doubt right now is how do I set up an application which streams videos depending on this authentication. I am confused on how to setup a new application, how to setup the application.XML, which folder to store the files etc. Can some one guide me on this or give me reference to an application which actually does. A sample/tutorial which actually setups a custom FMS application for simple video streaming from scratch step-by-step would also do.
View 3 Replies
Mar 20, 2012
Is there any way to perform client authentication in FMS 4.5.1 (username/password/session id) for live/livepgkr application? As without it anyone will be able to discover RTMP/HLS URL and access to live streams without any limitation.
View 6 Replies
Jan 8, 2010
I'm testing out Adobe Flash Media Server and Wowza Flash Server and am trying to accomplish the following... Web server and Flash server are on different computers... Flash server is configured to stream vod files (.flv) from a remote file share (UNC path) on a separate Windows domain server.
I was able to get both servers configured and working. The final piece is to move both Flash servers to the DMZ segment of our firewall and test from outside our network. On the DMZ, the Wowza Server is able to connect to the remote file share and stream video as it's apparently leveraging the credentials I entered when I mapped a network drive to the file share and supplied valid domain credentials. The Adobe Flash Server is not able to connect to the remote file share and stream video because it seems that the connection method that the Adobe Flash Server uses is reliant upon the Adobe Flash Server Windows service account being a domain account... and when the server is on the DMZ it cannot access our domain controllers to authenticate.
Does anybody have any experience with this type of situation.? Or know if there's a way for Adobe Flash Server to leverage drive mapping credentials as opposed to the credentials that it starts the Windows service with?
View 2 Replies
Feb 23, 2012
I am sometimes (sporadically) facing the problem, that I cannot connect to FMS server with FMLE, using username and password.When I then restart FMS everything is working correct again. A customer discribed that he was not able to reconnect to the fms, as soon as he closed the FMLE without stopping encoding process?I am using the default authentication plug-in in FMS 3.5.6 on a 64-bit Debian.Everything else is working correct, only reconnecting with encoding-software (like FMLE) is not working.Is there any possibility to get the authentication working again, without restarting the whole fms process?
View 8 Replies
Jan 25, 2010
we would like to purchase Flash Media Interactive Server 3.5 to solve the following problem
1.Broadcast network internet lectures on a paid subscription,with the possibility user authentication.
2. Broadcast video and audio.
3. Broadcasting from several sources (1 camera, 2 camera, TV tuner, etc.)within a single stream with the possibility of the user to choose the viewing source, other sources at this time, you can view the preview.
4. The intended audience for 10 000 users and more. 5. Estimated flow rate of 1 megabit per second.
1. Is it possible for broadcasters to use a single server, or they need more? What configuration? 2. Does Flash Media Interactive Server 3.5 multicast? 3. How to make the system user authorization? Additional software, plug-ins? 4. How many users can simultaneously connect to the broadcast Flash Media Interactive Server 3.5 and how we calculate the bandwidth and outbound traffic?
View 1 Replies
Apr 6, 2011
I want to use fmscheck to monitor my server. When i try the command ( on the FMS server itself, running linux debian)
[Code]...
View 4 Replies
Apr 13, 2010
What technology are better (robust, stable, speed) for rich web app with flash movies, chat, etc. Somebody said that Red5 will drop down if more that 50 users try to suck video stream from it. Is there people who use Java on server side and Flash for client side?
View 1 Replies
Mar 14, 2011
I'm having trouble with a XMLSocket script in AS3. I have a java server and i'm trying to send a XML data, but the server isn't recieving anything. The most suprising is that my script worked very well a month ago, and now my IOError listener returns me.[code]
View 2 Replies
Jun 1, 2011
For example, Flash records voice and sends it to the server where Java or C# apps can proccess it and return back some data (or write it to db). How this communication possible, which protocols sould be used and etc.
View 2 Replies
Oct 6, 2011
We are building a Flash application for client use but will need to do server side processing of images. All our expertise and application code is in Java, but I've been told Dot Net has better Flash support. This is general but we will be modifying large (up to 50MB) image files. The idea is that what we could do in Flash should be duplicated, automated and extended on the server side.
View 2 Replies
Mar 11, 2012
I made a very minimal javascript bookmarklet (~1 KB minified) that lets me play videos inside a distraction-free lightbox. In my script, I clone the <embed> element containing the movie and wrap a lightbox div around it, so even in those cases where the "Turn Lights Off" chrome extension fails, mine works. Only problem is that since I clone the <embed>, I lose any buffering I had done previously. This is a major turnoff as I'm on a slow connection and I don't always remember to load the bookmarklet before hitting play — the UX is downright horrible.Is there a way to improve the script so I can isolate the <embed> in a lightbox without losing any buffering done prior?
Here's my bookmarklet code (you can try it out on this site)— puts an icon next to any <embed> element on the page that you can click to isolate that <embed> inside a distraction-free lightbox:
javascript:(function(){
var isolated = false, smallestVideo=300, videoElements=document.getElementsByTagName('embed'), activate_style='width:16px; height:16px; position:relative; cursor:pointer; left:-23px;
[code]....
View 1 Replies