...
| Note |
|---|
Declarative security is not available in Cipango before the as of version 2.1.1 |
Sip
...
Application configuration
In this tutorial, we'll who how to add digest authentication to the MyServlet servlet when receiving REGISTER and INVITE requests.
To add declarative security, add the following declarations in your sip.xml file:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<sip-app xmlns="http://www.jcp.org/xml/ns/sipservlet"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jcp.org/xml/ns/sipservlet http://www.jcp.org/xml/ns/sipservlet/sip-app_1_1.xsd"
version="1.1">
<!-- Ensure that all REGISTER accessand toINVITE therequests servletprocessed withby nameservlet MyAuthServletMyServlet are authentified -->
<security-constraint>
<resource-collection>
<resource-name>Authname>Protected resource<Resource</resource-name>
<servlet-name>MyAuthServlet</servlet-name>
</resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<!-- Ensure that all REGISTER and INVITE methods are authentified and restricted to the role 'user' -->
<security-constraint>
<resource-collection>
<resource-name>Method Auth resource</resource-name>
<sip-method>INVITE</sip-method>
<sip-method>REGISTER</sip-method>
</resource-collection>
<auth-constraint>
<role-name>user<name>*</role-name>
</auth-constraint>
</security-constraint>
<!-- Use realm name cipango.org and digest for authentication -->
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>cipango.org</realm-name>
</login-config>
</sip-app>
|
Like in jetty, a LoginService must also be provided to allow declarative security.
It could be provided as a single realm to share common security information across all of your sip applications:
| Code Block | |
|---|---|
| xml | xml |
| title | cipango.xml | <Configure id="Server" class="oorg.cipango.server.Server">
...
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
</Configure>
|
...
[...]
</sip-app>
|
Next step is to declare users and their credentials. To do so, a LoginService should be provided. To do so, we add the following jetty-web.xml configuration file to our application (in the same directory as sip.xml):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="ISO-8859-1"?>
<Configure class="org.cipango.sipapp.SipAppContext">
<Get name="sipSecurityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">cipango.org</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
</New>
</Set>
</Get>
</Configure>
|
with realm.properties likeFinal step is then to populate the realm.properties located in the etc directory of your cipango installation with all desired users and passwords. Each line in the file contains a username, a password, and 0 or more role assignments. For instance, to grand access to alice and bob with passwords foo and bar, add the following lines:
| No Format | ||
|---|---|---|
| ||
otheralice: OBF:1xmk1w261u9r1w1c1xmq,user plain: plain,user user: password,user |
| Note |
|---|
The password must not be crypted (using MD5 for instance) as Digest authentication is used. |
Additional Resources
...
foo
bob: bar
|
You may now send REGISTER and INVITE requests to your servlet. These requests are authenticated and access is granted only to users alice or bob.