Authentification on redfire root Document

First let me thank for the great work on the redfire plugin.

After playing arround with the plugin most things works very fine, but I am a little annoyed about the ability to add a “conference” from everywhere.

So if you call http://redfire.server.xx:7070/redfire the example pages shows up and every one can play with 2Way audion/video and so on. In a Intranet Environment I think this will not an big issue. But if the server is part of the Internet…

To my questions:

Is it possible to use the auth cookie (or what ever) from the openfire server? And how could I do this?

I am not very familiar with the tomcat, but is it possible to use plain HTTP Auth? Could someone post a best practice for this?
Will there a compatibilty problem if this is enabled? ( I think so because of Spark Plugin)

I hope someone can help me about this - Thank you!

In practice, most internet deployments put their Openfire servers behind the main Apache server on port 80 and use rules to forward requests after authentication. If are planning to expose your Openfire directly to the Internet, then you are advised to read up on J2EE security especially on Jetty which is the embedded web server for Openfire, not Tomcat.

The easiest modification would be to validate the Openfire user specified in the “me” parameter and ensure that a valid XMPP session exists for the user. That would be compatible with Spark, but would require changes to the Flash client applications to authenticate as XMPP clients.