Integrating JSecurity with Wowza Streaming Media Server

[Ben <be...@autonomic.net>]

Hi!

I was hoping to integrate JSecurity with Wowza (RTMP(T/S) based protocol 
streaming media server) and ran into a small issue 
(http://www.jsecurity.org/node/1078#comment-278).

Wowza assigns a fresh thread for each method call from a Thread Pool. 
This means that JSecurity looses it's Subject as it likes to store it in 
the local Thread.

My tentative solution is to create a WowzaSubjectContainer (WSC) 
singleton which stores the Subject's in a HashMap whose key is the 
unique ClientId provided by Wowza with each method call.

*Before* any JSecurity methods are invoked (e.g. Annotations) I call an 
"associateSubjectWithThread()" method which (if necessary) fetches the 
Subject from the WSC and places it on the local thread as JSecurity expects.
*After* the method has run, on the last line, I call a 
"disassociateSubjectWithThread()" method, which either simply removes 
the Subject from the local Thread and/or removes it from the WSC if the 
Subject has been logged out.

I've quickly written up this first attempt here : 
http://www.willamaze.eu/?p=357

In my quick and dirty test cases, it seems to work well.  If the more 
experienced members of this list can warn me about any potential 
problems, or give tips about how this scheme could be improved, I'd be 
very grateful.

It does actually seem that this is a good candidate for creating another 
AOP Annotation (maybe @JSecurityThreadPool) to automatically top and 
tail these incoming Wowza ModuleBase methods... It would be great to get 
a tip about how to start going about that too!

Many thanks,

Ben