Contents
Table of Contents |
---|
Warning |
---|
This is a Draft of OpenMeetings 5.0.x. As well as not final |
Description
Describe which components and interactions that happen when a new session is established. This should also help to identify any security vulnerabilities.
High Level Components
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
It is a 3 way communication. The Session between Browser and Kurento will be established after ?! OpenMeetings has created the Session in Kurento.
...
Info |
---|
Comments to consider 1) First diagram: "webRTC wss://$server:433" I would say right now it most probably "ws://KMS:8888" |
Selected flows
Below is a selection of flows that are relevant for handling Socket or RTC connections.
There are several flows
1) Audio/Video test setup record
2) Audio/Video test setup playback
3) Audio/Video broadcast in room (recording endpoint can be added/removed if necessary)
In this case new WebRTC endpoint is created
4) Audio/Video playback in room
In this case new WebRTC endpoint is connected to the sender (so all can be dropped on broadcast stop)
In every flow websocket messages are sent to KurentoHandler
StreamProcessor and TestStreamProcessor were created and separated to make KurentoHandler more readable :)
TestStreamProcessor is more or less covered with tests https://sonarcloud.io/code?id=apache_openmeetings&selected=apache_openmeetings%3Aopenmeetings-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fopenmeetings%2Fcore%2Fremote%2FTestStreamProcessor.java
Create Video Stream
- User-case: User initiates video in a presentation conference room.
- The diagram simplifies some of the communication for simplification as they are not relevant for the creation if the MediaStream or Security
...
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
Recently I found this flow is not bullet-proof and web-rtc connection might not be established even if no errors were reported
This is why we get lots of emails like "I only can see my own video"
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L118 should improve situation
According to security: we are using secured channel for WS messages
KMS can be secured by setting up HTTPS proxy (in this case port 8888 will be accessible at 443)
Not sure what else can be done here
Supporting material
- This flow was created by debugging various examples from here https://github.com/Kurento/kurento-tutorial-java
- Minimal example of creating a Media Stream with Kurento: https://github.com/Kurento/kurento-tutorial-js/blob/master/kurento-hello-world/js/index.js
Create recording
Recordings are using the browsers ability to create a video stream of the entire desktop and share it as a video stream. Audio is added separated.
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|