From 67c5500299f08338ff6fa9c7bdb1163e81f5d69c Mon Sep 17 00:00:00 2001
From: Paul Gregoire <mondain@gmail.com>
Date: Tue, 25 Oct 2022 09:42:52 -0700
Subject: [PATCH] Minor logic update; doc updates
---
.vscode/settings.json | 3 +
red5-server.code-workspace | 10 +++
rtmps.txt | 32 +++++++++
server/README-TomcatPlugin.md | 68 ++++++++++---------
.../net/websocket/WebSocketScopeManager.java | 6 +-
5 files changed, 83 insertions(+), 36 deletions(-)
create mode 100644 .vscode/settings.json
create mode 100644 red5-server.code-workspace
create mode 100644 rtmps.txt
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 00000000..e0f15db2
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+ "java.configuration.updateBuildConfiguration": "automatic"
+}
\ No newline at end of file
diff --git a/red5-server.code-workspace b/red5-server.code-workspace
new file mode 100644
index 00000000..15c77e18
--- /dev/null
+++ b/red5-server.code-workspace
@@ -0,0 +1,10 @@
+{
+ "folders": [
+ {
+ "path": "."
+ }
+ ],
+ "settings": {
+ "java.configuration.updateBuildConfiguration": "automatic"
+ }
+}
\ No newline at end of file
diff --git a/rtmps.txt b/rtmps.txt
new file mode 100644
index 00000000..6e908076
--- /dev/null
+++ b/rtmps.txt
@@ -0,0 +1,32 @@
+
+Error:
+Cannot support TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers
+
+Fix:
+Install the JSSE unlimited strength ciphers
+
+Error:
+javax.net.ssl.SSLProtocolException: Handshake message sequence violation, 1
+
+Fix:
+Turn off useClientMode on the rtmpsMinaIoHandler bean in red5-core.xml (off by default)
+
+
+http://ir5rtc.red5.org/demos/publisher.html
+rtmp://ir5rtc.red5.org/webrtc
+rtmps://ir5rtc.red5.org:8443/webrtc
+
+
+Unsupported extension status_request, data: 01:00:00:00:00
+Unsupported extension type_13172, data:
+Unsupported extension type_18, data:
+Unsupported extension type_16, data: 00:15:08:68:74:74:70:2f:31:2e:31:08:73:70:64:79:2f:33:2e:31:02:68:32
+Unsupported extension type_30032, data:
+
+
+http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297
+http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
+
+http://stackoverflow.com/questions/26633349/disable-ssl-as-a-protocol-in-httpsurlconnection?rq=1
+http://stackoverflow.com/questions/28293068/java-7-ssl-changes-with-java-6
+
diff --git a/server/README-TomcatPlugin.md b/server/README-TomcatPlugin.md
index e64e5a3f..e7b12126 100644
--- a/server/README-TomcatPlugin.md
+++ b/server/README-TomcatPlugin.md
@@ -21,7 +21,7 @@ The IP addresses and ports identified for `ws` and `wss` in the `conf/jee-contai
### Building for JDK8
-Use this command to build for JDK8 since we are currently moving over to JDK11 builds: `mvn clean install -Djava.release.level=8 -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8`
+Use this command to build for JDK8 since we've moved to JDK11: `mvn clean install -Djava.release.level=8 -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8`
## Tomcat Server
@@ -34,8 +34,6 @@ Websocket plug-in is integrated into the Tomcat plugin as of this latest release
This plugin is meant to provide websocket functionality for applications running in red5. The code is constructed to comply with [rfc6455](http://tools.ietf.org/html/rfc6455) and [JSR365](https://www.oracle.com/technetwork/articles/java/jsr356-1937161.html).
-
-
The previous Red5 WebSocket plugin was developed with assistence from Takahiko Toda and Dhruv Chopra.
## Configuration
@@ -128,31 +126,31 @@ Update the `conf/jee-container.xml` file to suit your needs.
To bind to more than one IP address / port, add additional `httpConnector` or `httpsConnector` entries:
```xml
- <property name="connectors">
- <list>
- <bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
- <property name="protocol" value="org.apache.coyote.http11.Http11Nio2Protocol" />
- <property name="address" value="${http.host}:${http.port}" />
- <property name="redirectPort" value="${https.port}" />
- </bean>
- <bean name="httpConnector1" class="org.red5.server.tomcat.TomcatConnector">
- <property name="protocol" value="org.apache.coyote.http11.Http11Nio2Protocol" />
- <property name="address" value="192.168.1.1:5080" />
- <property name="redirectPort" value="${https.port}" />
- </bean>
- <bean name="httpConnector2" class="org.red5.server.tomcat.TomcatConnector">
- <property name="protocol" value="org.apache.coyote.http11.Http11Nio2Protocol" />
- <property name="address" value="10.10.10.1:5080" />
- <property name="redirectPort" value="${https.port}" />
- </bean>
- </list>
- </property>
+<property name="connectors">
+ <list>
+ <bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
+ <property name="protocol" value="org.apache.coyote.http11.Http11Nio2Protocol" />
+ <property name="address" value="${http.host}:${http.port}" />
+ <property name="redirectPort" value="${https.port}" />
+ </bean>
+ <bean name="httpConnector1" class="org.red5.server.tomcat.TomcatConnector">
+ <property name="protocol" value="org.apache.coyote.http11.Http11Nio2Protocol" />
+ <property name="address" value="192.168.1.1:5080" />
+ <property name="redirectPort" value="${https.port}" />
+ </bean>
+ <bean name="httpConnector2" class="org.red5.server.tomcat.TomcatConnector">
+ <property name="protocol" value="org.apache.coyote.http11.Http11Nio2Protocol" />
+ <property name="address" value="10.10.10.1:5080" />
+ <property name="redirectPort" value="${https.port}" />
+ </bean>
+</list>
+</property>
```
+
*Note*
If you are not using unlimited strength JCE (ex. you are outside the USA), your cipher suite selections will fail if any containing `AES_256` are specified.
-
Adding WebSocket to an Application
------------------------
@@ -162,13 +160,16 @@ To enable websocket support in your application, add this to your appStart() met
WebSocketScopeManager manager = ((WebSocketPlugin) PluginRegistry.getPlugin(WebSocketPlugin.NAME)).getManager(scope);
manager.setApplication(this);
```
+
For clean-up add this to appStop():
```
WebSocketScopeManager manager = ((WebSocketPlugin) PluginRegistry.getPlugin(WebSocketPlugin.NAME)).getManager(scope);
manager.stop();
```
+
Lastly, the websocket filter must be added to each web application that will act as a websocket end point. In the webapp descriptor `webapps/myapp/WEB-INF/web.xml` add this entry alongside any other filters or servlets.
+
```xml
<!-- WebSocket filter -->
<filter>
@@ -183,7 +184,9 @@ Lastly, the websocket filter must be added to each web application that will act
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
```
+
To support subprotocols, add them as a comma-delimited string in the `web.xml`:
+
```xml
<!-- WebSocket subprotocols -->
<context-param>
@@ -191,24 +194,26 @@ To support subprotocols, add them as a comma-delimited string in the `web.xml`:
<param-value>chat,json</param-value>
</context-param>
```
-The plugin will default to allowing any requested subprotocol if none are specified.
+The plugin will default to allowing any requested subprotocol if none are specified.
Extending the WebSocket Endpoint
---------------------------
Implementers may extend the default websocket endpoint class provided by this plugin `org.red5.net.websocket.server.DefaultWebSocketEndpoint`. The first step is to become familiar with the class and then `extend` it in your application; once that is complete, your class must be placed in the `lib` directory of your Red5 server, not the `webapps/yourapp/WEB-INF/lib` directory. Lastly, in your webapp descriptor `webapps/yourapp/WEB-INF/web.xml` file, an entry named `wsEndpointClass` will need to be made for your class:
+
```xml
<context-param>
<param-name>wsEndpointClass</param-name>
<param-value>com.mydomain.websocket.MyWebSocketEndpoint</param-value>
</context-param>
```
-One reason to extend the endpoint for your own use is because the default endpoint implementation only handles text data.
+One reason to extend the endpoint for your own use is because the default endpoint implementation only handles text data.
Security Features
-------------------
Since WebSockets don't implement Same Origin Policy (SOP) nor Cross-Origin Resource Sharing (CORS), we've implemented a means to restrict access via configuration using SOP / CORS logic. To configure the security features, edit your `conf/jee-container.xml` file and locate the bean displayed below:
+
```xml
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true">
<property name="websocketEnabled" value="true" />
@@ -221,19 +226,19 @@ Since WebSockets don't implement Same Origin Policy (SOP) nor Cross-Origin Resou
</array>
</property>
```
-Properties:
- * [sameOriginPolicy](https://www.w3.org/Security/wiki/Same_Origin_Policy) - Enables or disables SOP. The logic differs from standard web SOP by *NOT* enforcing protocol and port.
- * [crossOriginPolicy](https://www.w3.org/Security/wiki/CORS) - Enables or disables CORS. This option pairs with the `allowedOrigins` array.
- * allowedOrigins - The list or host names or fqdn which are to be permitted access. The default if none are specified is `*` which equates to any or all.
-
+Properties:
+* [sameOriginPolicy](https://www.w3.org/Security/wiki/Same_Origin_Policy) - Enables or disables SOP. The logic differs from standard web SOP by *NOT* enforcing protocol and port.
+* [crossOriginPolicy](https://www.w3.org/Security/wiki/CORS) - Enables or disables CORS. This option pairs with the `allowedOrigins` array.
+* allowedOrigins - The list or host names or fqdn which are to be permitted access. The default if none are specified is `*` which equates to any or all.
+
Test Page
-------------------
Replace the wsUri variable with your applications path.
-```
+```xml
<!DOCTYPE html>
<meta charset="utf-8" />
<title>WebSocket Test</title>
@@ -250,4 +255,3 @@ https://github.com/Red5/red5-websocket-chat
Pre-compiled JAR
----------------
You can find [compiled artifacts via Maven](https://mvnrepository.com/artifact/org.red5/tomcatplugin)
-
diff --git a/server/src/main/java/org/red5/net/websocket/WebSocketScopeManager.java b/server/src/main/java/org/red5/net/websocket/WebSocketScopeManager.java
index e2cf80ac..ac5ada19 100644
--- a/server/src/main/java/org/red5/net/websocket/WebSocketScopeManager.java
+++ b/server/src/main/java/org/red5/net/websocket/WebSocketScopeManager.java
@@ -299,10 +299,9 @@ public class WebSocketScopeManager {
*/
public void makeScope(String path) {
log.debug("makeScope: {}", path);
- WebSocketScope wsScope = null;
if (!scopes.containsKey(path)) {
// new websocket scope
- wsScope = new WebSocketScope();
+ WebSocketScope wsScope = new WebSocketScope();
wsScope.setPath(path);
notifyListeners(WebSocketEvent.SCOPE_CREATED, wsScope, null);
addWebSocketScope(wsScope);
@@ -320,12 +319,11 @@ public class WebSocketScopeManager {
public void makeScope(IScope scope) {
log.debug("makeScope: {}", scope);
String path = scope.getContextPath();
- WebSocketScope wsScope = null;
if (!scopes.containsKey(path)) {
// add the name to the collection (no '/' prefix)
activeRooms.add(scope.getName());
// new websocket scope for the server scope
- wsScope = new WebSocketScope();
+ WebSocketScope wsScope = new WebSocketScope();
wsScope.setPath(path);
wsScope.setScope(scope);
notifyListeners(WebSocketEvent.SCOPE_CREATED, wsScope, null);
--
GitLab