...
Sip application configuration
Like described in JSR 289, Declarative security is enabled with the following content shoud be add in sip.xml
Code Block |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<sip-app xmlns="http://www.jcp.org/xml/ns/sipservlet"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jcp.org/xml/ns/sipservlet http://www.jcp.org/xml/ns/sipservlet/sip-app_1_1.xsd"
version="1.1">
<!-- Ensure that all access to the servlet with name MyAuthServlet are authentified -->
<security-constraint>
<resource-collection>
<resource-name>Auth resource</resource-name>
<servlet-name>MyAuthServlet</servlet-name>
</resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<!-- Ensure that all REGISTER and INVITE methods are authentified and restricted to the role 'user' -->
<security-constraint>
<resource-collection>
<resource-name>Method Auth resource</resource-name>
<sip-method>INVITE</sip-method>
<sip-method>REGISTER</sip-method>
</resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Use realm name cipango.org and digest for authentication -->
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>cipango.org</realm-name>
</login-config>
</sip-app>
|
Like in jetty, a LoginService must also be provided to allow declarative security.
It could be provided as a single realm to share common security information across all of your sip applications:
...
Code Block |
---|
|
<?xml version="1.0" encoding="ISO-8859-1"?>
<Configure class="org.cipango.sipapp.SipAppContext">
<Get name="sipSecurityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">cipango.org</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
</New>
</Set>
</Get>
</Configure>
|
with realm.properties
like
No Format |
---|
|
other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user
|
Note |
---|
The password must not be crypted (using MD5 for instance) as Digest authentication is used. |
Additional Resources