问题描述
目前为了能够方便开发者,我们将EasyDarwin中的RTSP认证过程直接忽略过了,如果要开启认证的方式,我们可以在代码中打开:
case kRoutingRequest:
{
// Invoke router modules
numModules = QTSServerInterface::GetNumModulesInRole(QTSSModule::kRTSPRouteRole);
{
// Manipulation of the RTPSession from the point of view of
// a module is guaranteed to be atomic by the API.
Assert(fRTPSession != NULL);
OSMutexLocker locker(fRTPSession->GetSessionMutex());
for (; (fCurrentModule < numModules) && ((!fRequest->HasResponseBeenSent()) || fModuleState.eventRequested); fCurrentModule++)
{
fModuleState.eventRequested = false;
fModuleState.idleTime = 0;
if (fModuleState.globalLockRequested)
{
fModuleState.globalLockRequested = false;
fModuleState.isGlobalLocked = true;
}
theModule = QTSServerInterface::GetModule(QTSSModule::kRTSPRouteRole, fCurrentModule);
(void)theModule->CallDispatch(QTSS_RTSPRoute_Role, &fRoleParams);
fModuleState.isGlobalLocked = false;
if (fModuleState.globalLockRequested) // call this request back locked
return this->CallLocked();
// If this module has requested an event, return and wait for the event to transpire
if (fModuleState.eventRequested)
{
this->ForceSameThread(); // We are holding mutexes, so we need to force
// the same thread to be used for next Run()
return fModuleState.idleTime; // If the module has requested idle time...
}
}
}
fCurrentModule = 0;
// SetupAuthLocalPath must happen after kRoutingRequest and before kAuthenticatingRequest
// placed here so that if the state is shifted to kPostProcessingRequest from a response being sent
// then the AuthLocalPath will still be set.
fRequest->SetupAuthLocalPath();
if (fRequest->HasResponseBeenSent())
{
fState = kPostProcessingRequest;
break;
}
//!!! 这里打开对RTSPSession进行授权认证的过程 !!!
if (fRequest->SkipAuthorization())
{
// Skip the authentication and authorization states
// The foll. normally gets executed at the end of the authorization state
// Prepare for kPreprocessingRequest state.
fState = kPreprocessingRequest;
if (fRequest->GetMethod() == qtssSetupMethod)
// Make sure to erase the session ID stored in the request at this point.
// If we fail to do so, this same session would be used if another
// SETUP was issued on this same TCP connection.
fLastRTPSessionIDPtr.Len = 0;
else if (fLastRTPSessionIDPtr.Len == 0)
fLastRTPSessionIDPtr.Len = ::strlen(fLastRTPSessionIDPtr.Ptr);
break;
}
else
fState = kAuthenticatingRequest;
}
这里将kAuthenticatingRequest流程打开就能够进行RTSP认证的验证过程了,那么还有一种Token验证的方式,这种方法就类似于RTMP里面的认证方式,在流名称后面增加认证的Token串作为请求URL的QueryString发送给服务器进行动态认证,那么这种方式,我们可以在RTSPSession::SetupRequest中进行Token的相关过滤:
void RTSPSession::SetupRequest()
{
// First parse the request
QTSS_Error theErr = fRequest->Parse();
if (theErr != QTSS_NoErr)
return;
// 对RTSPRequest进行Token解析
StrPtrLen *token = fRequest->GetValue(qtssRTSPReqQueryString);
//TODO::对Token进行自定义验证,失败返回401等相应错误码
//
// let's also refresh RTP session timeout so that it's kept alive in sync with the RTSP session.
//
// Attempt to find the RTP session for this request.
OSRefTable* theMap = QTSServerInterface::GetServer()->GetRTPSessionMap();
theErr = this->FindRTPSession(theMap);
EasyDarwin RTSP认证方式
基于配置文件中用户名/密码认证的方法可参考:EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要认证解析
RTSP动态认证的方式可以参考博客《EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要自定义认证》
EasyDarwin Token认证方式
我们可以自定义一个EasyDarwin的Module,再在上述中的RTSPSession::SetupRequest中,将token以参数的形式传递给Module进行认证处理,其处理流程可以模仿《EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要自定义认证》中的流程进行;
Github
EasyDarwin开源流媒体服务器:https://github.com/EasyDarwin/EasyDarwin
获取更多信息
Copyright © EasyDarwin.org 2012-2016