我正在寻找有关保护Red5免受入侵的一步一步的教程.这似乎是一个在谷歌搜索中出现的问题,但从来没有真正以对普通Flash开发者有意义的方式回答.
解决方法
您可以使用安全框架为发布,回放或SharedObjects保护red5.在这种情况下,客户端无关紧要,但如果您想要保护oflaDemo,则需要在后端添加安全挂钩.这是您需要的教程:
http://wiki.red5.org/wiki/Documentation/UsersReferenceManual/Red5CoreTechnologies/04-Security
http://wiki.red5.org/wiki/Documentation/UsersReferenceManual/Red5CoreTechnologies/04-Security
这里有一个更深入的安全教程:
http://wiki.red5.org/wiki/Documentation/Tutorials/Red5AndAcegiSecurity
阻止播放的简单示例如下:
public class PlaybackSecurity implements IStreamPlaybackSecurity {
@Override
public boolean isPlaybackAllowed(IScope scope,String name,int start,int length,boolean flushPlaylist) {
//start out denied
boolean allowed = false;
//get the current connection
IConnection conn = Red5.getConnectionLocal();
//token to use for auth
Long token = -1L;
if (conn.hasAttribute("token")) {
//get a 'token' we stored on their connection from elsewhere
token = conn.getLongAttribute("token");
//validate the token in some way
if (token > 0L) {
allowed = true;
}
}
//return allowed or denied state
return allowed;
}
}
应用程序启动时应添加安全类,因此我建议您将它放在应用程序适配器“appStart”方法中,如下所示:
@Override
public boolean appStart(final IScope app) {
//register our stream security classes
registerStreamPlaybackSecurity(new PlaybackSecurity(applicationContext));
//pass control back to super
return super.appStart(app);
}
使用Red5教程和源代码进行CRAM身份验证:http://blog.infrared5.com/2012/05/red5-authentication/
