Secure OpenviduServer set up

openvidu-client/src/main/java/org/openvidu/client/OpenViduException.java

@@ -36,7 +36,9 @@ public class OpenViduException extends RuntimeException {
 
     USER_NOT_STREAMING_ERROR_CODE(105), EXISTING_USER_IN_ROOM_ERROR_CODE(
         104), USER_CLOSED_ERROR_CODE(
-            103), USER_NOT_FOUND_ERROR_CODE(102), USER_GENERIC_ERROR_CODE(101);
+            103), USER_NOT_FOUND_ERROR_CODE(102), USER_GENERIC_ERROR_CODE(101),
+    
+    USER_UNAUTHORIZED(401);
 
     private int value;
 

openvidu-server/pom.xml

@@ -132,6 +132,10 @@
 			<artifactId>powermock-api-mockito</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 	</dependencies>
 
 	<profiles>

openvidu-server/src/main/java/org/openvidu/server/rest/RoomController.java

@@ -22,6 +22,8 @@ import java.util.Set;
 
 import org.openvidu.server.core.NotificationRoomManager;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -52,4 +54,14 @@ public class RoomController {
   public Integer getThresholdSpeaker() {
     return Integer.valueOf(getProperty("thresholdSpeaker", THRESHOLD_SPEAKER_DEFAULT));
   }
+  
+  @RequestMapping("/getSessionId")
+  public ResponseEntity<String> getSessionId() {
+	  return new ResponseEntity<String>("SUPER_SESSIONID", HttpStatus.OK);
+  }
+  
+  @RequestMapping("/getToken")
+  public ResponseEntity<String> getToken() {
+	  return new ResponseEntity<String>("SUPER_TOKEN", HttpStatus.OK);
+  }
 }

openvidu-server/src/main/java/org/openvidu/server/security/ParticipantRoles.java

@@ -0,0 +1,7 @@
+package org.openvidu.server.security;
+
+public enum ParticipantRoles {
+	SUBSCRIBER,
+	PUBLISHER,
+	MODERATOR;
+}

openvidu-server/src/main/java/org/openvidu/server/security/ParticipantSecurity.java

@@ -0,0 +1,51 @@
+/*
+ * (C) Copyright 2014 Kurento (http://kurento.org/)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.openvidu.server.security;
+
+import org.kurento.client.MediaPipeline;
+import org.openvidu.client.OpenViduException;
+import org.openvidu.client.OpenViduException.Code;
+import org.openvidu.server.core.internal.Participant;
+import org.openvidu.server.core.internal.Room;
+
+public class ParticipantSecurity extends Participant{
+	
+	ParticipantRoles role;
+
+	public ParticipantSecurity(String id, String name, String role, Room room, MediaPipeline pipeline, boolean dataChannels,
+			boolean web) {
+		super(id, name, room, pipeline, dataChannels, web);
+		
+		this.role = ParticipantRoles.valueOf(role);
+	}
+	
+	@Override
+	public void createPublishingEndpoint() {
+		if (this.isPublisher()){
+			super.createPublishingEndpoint();
+		} else {
+			throw new OpenViduException(Code.USER_UNAUTHORIZED,
+			          "Unable to create publisher endpoint");
+		}
+	}
+	
+	private boolean isPublisher(){
+		return (this.role.equals(ParticipantRoles.PUBLISHER) ||
+				this.role.equals(ParticipantRoles.MODERATOR));
+	}
+  
+}

openvidu-server/src/main/java/org/openvidu/server/security/SecurityConfig.java

@@ -0,0 +1,43 @@
+package org.openvidu.server.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+
+@Configuration
+@EnableGlobalAuthentication
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	
+	private final String SECRET ="MY_SECRET";
+	
+	@Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+          .withUser("OPENVIDUAPP").password(SECRET).roles("ADMIN");
+    }
+	
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+
+		configureUrlAuthorization(http);
+
+		http.csrf().disable();
+
+		// Use Http Basic Authentication
+		http.httpBasic();
+	}
+ 
+    protected void configureUrlAuthorization(HttpSecurity http) throws Exception {
+    	http.csrf().disable()
+	        .authorizeRequests()
+	        .antMatchers(HttpMethod.POST, "/getSessionId").authenticated()
+	        .antMatchers(HttpMethod.POST, "/getToken").authenticated()
+	        .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+    }
+
+}