Red5 安全教程 [英] Red5 Security Tutorial

问题描述

我正在寻找有关保护 Red5 免受入侵的分步教程.这似乎是一个在 google 搜索中经常出现的问题，但从来没有真正以对普通 Flash 开发人员有意义的方式回答.

解决方案

您可以使用安全框架保护 red5 的发布、播放或共享对象.在这种情况下客户端无关紧要，但是如果您想保护 oflaDemo，例如您需要在后端添加安全钩子.这是您需要的教程:http://wiki.red5.org/wiki/Documentation/UsersReferenceManual/Red5CoreTechnologies/04-安全
更深入的安全教程在这里:http://wiki.red5.org/wiki/Documentation/Tutorials/Red5AndAcegiSecurity
阻止播放的简单示例如下:<代码><预>公共类 PlaybackSecurity 实现 IStreamPlaybackSecurity {@覆盖public boolean isPlaybackAllowed(IScope 范围，字符串名称，int 开始，int 长度，boolean flushPlaylist){//开始被拒绝允许布尔值 = 假；//获取当前连接IConnection conn = Red5.getConnectionLocal();//用于身份验证的令牌长令牌 = -1L;如果(conn.hasAttribute(令牌")){//从其他地方获取我们存储在他们的连接上的令牌"token = conn.getLongAttribute("token");//以某种方式验证令牌如果(令牌> 0L){允许 = 真;}}//返回允许或拒绝状态允许退货；}}

应该在您的应用程序启动时添加安全类，所以我建议您将它放在应用程序适配器的appStart"方法中，如下所示:
<代码><预>@覆盖公共布尔应用程序开始(最终的 IScope 应用程序){//注册我们的流安全类registerStreamPlaybackSecurity(new PlaybackSecurity(applicationContext));//将控制权交还给超级返回 super.appStart(app);}

CRAM 认证与 Red5 教程和来源:http://blog.infrared5.com/2012/05/red5-身份验证/

I am looking for a step by step tutorial on securing Red5 from intrusion. This seems to be a question that comes up alot in a google search, but is never really answered in a way that makes sense to your average flash developer.

解决方案

You can secure red5 for Publishing, Playback, or SharedObjects using the security framework. The client does not matter in this case, but if you want to secure oflaDemo for instance you will need to add the security hooks on the backend. Here is the tutorial that you need: http://wiki.red5.org/wiki/Documentation/UsersReferenceManual/Red5CoreTechnologies/04-Security
A more in-depth security tutorial is here: http://wiki.red5.org/wiki/Documentation/Tutorials/Red5AndAcegiSecurity
A simple example to block playback is as follows:

public class PlaybackSecurity implements IStreamPlaybackSecurity {
    @Override
    public boolean isPlaybackAllowed(IScope scope, String name, int start, int length, boolean flushPlaylist) {
        //start out denied
        boolean allowed = false;
        //get the current connection
        IConnection conn = Red5.getConnectionLocal();
        //token to use for auth
        Long token = -1L;
        if (conn.hasAttribute("token")) {
            //get a 'token' we stored on their connection from elsewhere
            token = conn.getLongAttribute("token");
            //validate the token in some way
            if (token > 0L) {
                allowed = true;
            }
        }
        //return allowed or denied state
        return allowed;
    }
}

The security class should be added when your application starts, so I suggest that you put it in your application adapters "appStart" method like so:

    @Override
    public boolean appStart(final IScope app) {
        //register our stream security classes
    registerStreamPlaybackSecurity(new PlaybackSecurity(applicationContext));
        //pass control back to super
        return super.appStart(app);
    }

CRAM authentication with Red5 tutorial and source: http://blog.infrared5.com/2012/05/red5-authentication/

这篇关于Red5 安全教程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！