Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Sip application configuration

Like described in JSR 289, Declarative security is enabled with the following content shoud be add in sip.xml

Code Block
xml
xml
titlesip.xml
<?xml version="1.0" encoding="UTF-8"?>
<sip-app  xmlns="http://www.jcp.org/xml/ns/sipservlet"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.jcp.org/xml/ns/sipservlet http://www.jcp.org/xml/ns/sipservlet/sip-app_1_1.xsd"
          version="1.1">

  <!-- Ensure that all access to the servlet with name MyAuthServlet are authentified -->
  <security-constraint>
    <resource-collection>
      <resource-name>Auth resource</resource-name>
      <servlet-name>MyAuthServlet</servlet-name>
    </resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Ensure that all REGISTER and INVITE methods are authentified and restricted to the role 'user' -->
  <security-constraint>
    <resource-collection>
      <resource-name>Method Auth resource</resource-name>
      <sip-method>INVITE</sip-method>
      <sip-method>REGISTER</sip-method>
    </resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>
	
  <!--  Use realm name cipango.org and digest for authentication -->
  <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>cipango.org</realm-name>
  </login-config>
</sip-app>

Like in jetty, a LoginService must also be provided to allow declarative security.
It could be provided as a single realm to share common security information across all of your sip applications:

...

Code Block
xml
xml
titlejetty-web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<Configure class="org.cipango.sipapp.SipAppContext">
  <Get name="sipSecurityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
            <Set name="name">cipango.org</Set>
            <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
      </New>
    </Set>
  </Get>

</Configure>

with realm.properties like

No Format
titlerealm.properties

other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user
Note

The password must not be crypted (using MD5 for instance) as Digest authentication is used.

Additional Resources