rtmp 视频流在截图时出现沙箱问题 “Security sandbox violation: BitmapData.draw”

原文:http://www.shell-tips.com/2009/08/30/flash-how-to-fix-the-security-sandbox-violation-bitmapdata-draw/

这个只在自己架设 rtmp 服务器的情况下可以改服务器配置文件...但 P2P 情况下的截图还是会出现沙箱问题. rtmfp://p2p.rtmfp.net/ 是adobe的.貌似没有开放这个权限.估计也不太可能开放.看以后有没有可能自己架设 Cirrus service 了地址http://labs.adobe.com/technologies/cirrus/

The “Security sandbox violation” message is a common problem for any Flash developer who try to do a Snapshot of an RTMP Stream. There was a couple of workaround but they stopped working since Flash Player 9.0.115 as it was considered as a possible bug. So, now how to do a proper snapshot of an RTMP stream ? The answer is simple but you’ll need to have the control on the streaming server, whatever it is FMS or Red5.

Flash use a non documented part of the RTMP protocol. When the client connect to an RTMP stream, the server send a packet that will indicate to the client if it can allow access to the bitmap data (pixels) or/and the raw audio data.

Wireshark - Packet capture RtmpSampleAccess

Fix with FMS

I think what is working here for FMS is also working for Wowza servers but I never tried. To fix your problem with Flash Media Server, you can add this two simple line of code inside the application.onConnect function :

1

2

appClient.audioSampleAccess ="/";

appClient.videoSampleAccess ="/";

It seem that you can also just edit your application.xml file to add the following inside the Application node :

1

2

<AudioSampleAccessenabled=”true”>/</AudioSampleAccess>

<VideoSampleAccessenabled=”true”>/</VideoSampleAccess>

Beaware that using “/” will allow snapshot on all your streams, you can restrict it accordingly to your needs.

Fix with Red5

On last April I posted a patch to Red5 community that let you handle the problem in the same way that FMS does (Ticket#APPSERVER-315#498). So, to let your client access the stream, you will need to edit the red5-web.xml of your application :

1

2

3

4

<beanid="rtmpSampleAccess"class="org.red5.server.stream.RtmpSampleAccess">

    <propertyname="audioAllowed"value="true"/>

    <propertyname="videoAllowed"value="true"/>

</bean>

All the Red5 project is designed to use beans which make this application quite flexible. So, in the same way, you can implement your own class and add every security check you want before allowing the access to your RTMP streams. All you need to do is implementing a new class with the IRtmpSampleAccess interface and create a bean using your class.

Even with those changes, you could still get the error message if the stream buffer is empty. So be sure to use a proper try/catch in your client application and also to listen for the “NetStatusEvent.NET_STATUS” event. You can start capturing data when the NET_STATUS event return an event.info.code as “NetStream.Buffer.Full” and stop capturing data on “NetStream.Buffer.Empty”.