Red5 Documentation

Enabling Security for your WebApp

To enable security on your web application, you need to add and configure the Simple Auth Plugin security bean along with the validator bean to your web application’s context file, red5-web.xml, as explained below.

Application-level Configuration

To attach simple auth plugin to a webapp using the RoundTripAuthValidator validator, you need to specify the core plugin configuration bean along with the validator bean to use for authentication, in the application’s context, red5-web.xml, file.

Example 1: Attaching plugin security to the live webapp using RoundTripAuthValidator for authentication with standard configuration settings.

STEP 1

To apply security to the live application, add the security configuration to {red5pro}/webapps/live/WEB-INF/red5-web.xml as shown below. Note that in the following example the value <property name="clientTokenRequired" value="false"/> Set this to true if you want to enforce sending a token with your request:

<bean id="roundTripValidator" class="com.red5pro.server.plugin.simpleauth.datasource.impl.roundtrip.RoundTripAuthValidator" init-method="initialize">
    <property name="adapter" ref="web.handler" />
    <property name="context" ref="web.context" />
    <property name="protocol" value="${server.protocol}" />
    <property name="host" value="${server.host}" />
    <property name="port" value="${server.port}" />
    <property name="validateCredentialsEndPoint" value="${server.validateCredentialsEndPoint}"/>
    <property name="invalidateCredentialsEndPoint" value="${server.invalidateCredentialsEndPoint}"/>
    <property name="clientTokenRequired" value="false"/>
</bean>

<bean id="simpleAuthSecurity" class="com.red5pro.server.plugin.simpleauth.Configuration" >
    <property name="active" value="true" />
    <property name="rtmp" value="true" />
    <property name="rtsp" value="true" />
    <property name="rtc" value="true" />
    <property name="rtmpAllowQueryParamsEnabled" value="true" />
    <property name="allowedRtmpAgents" value="*" />
    <property name="validator" ref="roundTripValidator" />
</bean>

STEP 2

In the {red5pro}/webapps/live/WEB-INF/red5-web.properties file, add the following section:

server.validateCredentialsEndPoint=/validateCredentials
server.invalidateCredentialsEndPoint=/invalidateCredentials
server.host=<serverIP>
server.port=3000
server.protocol=http://

The property values are substituted from the red5-web.properties file into the red5-web.xml file at runtime. If you are running the mock auth service on the same instance as your Red5 Pro Server, the server.host value should be the private IP address of your instance (same as in the Node.js index.js file).

With the following configuration applied, the server will be expecting client validation requests at http://<serverIP>:3000/validateCredentials and invalidate requests at http://<serverIP>:3000/invalidateCredentials. The plugin configuration is set to force authentication on RTMP, RTSP and WebRTC connections.

Application-level Bean Configuration

The following parameters are allowed in a bean configuration at the application level (configured in application’s red5-web.xml):

CORE

Property Type Description
active Boolean Sets the state of security for the application
rtmp Boolean Sets the state of RTMP security for the application
rtsp Boolean Sets the state of RTSP security for the application
rtc Boolean Sets the state of WebRTC security for the application
rtmpAllowQueryParamsEnabled Boolean Sets the state of query string based authentication for RTMP clients
allowedRtmpAgents String Sets the list of allowed RTMP agent strings separated by semicolons. By default, all agent string is allowed.

VALIDATOR

Property Type Description
context Reference The reference to the web.context bean
adapter Reference The reference to thr web.handler bean, which indicates the Application
protocol String The remote validation server protocol (HTTP or HTTPS) to use
host String The remote validation server host (hostname or IP)
port String The remote validation server port (80 or 443 or other)
validateCredentialsEndPoint String The remote server-client validation endpoint URI relative to the server root
invalidateCredentialsEndPoint String The remote server-client invalidation endpoint URI relative to the server root
clientTokenRequired Boolean Specifies whether token parameter is a required or optional param in client request