This documentation relates to last stable version of Cipango.
visit the last unstable documentation home.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

This tutorial describes how to configure security realms to provide authentication and access control for SIP applications running in Cipango. A realm has a unique name, and is composed of a set of users. Each user has authentication information (for example, a password) and a set of roles associated with him/herself.

Declarative security is not available in Cipango before the version 2.1.1

Sip application configuration

Like described in JSR 289, the following content shoud be add in sip.xml

sip.xml
<?xml version="1.0" encoding="UTF-8"?>
<sip-app  xmlns="http://www.jcp.org/xml/ns/sipservlet"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.jcp.org/xml/ns/sipservlet http://www.jcp.org/xml/ns/sipservlet/sip-app_1_1.xsd"
          version="1.1">

  <security-constraint>
    <resource-collection>
      <resource-name>Auth resource</resource-name>
      <servlet-name>MyAuthServlet</servlet-name>
    </resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>
	

  <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>cipango.org</realm-name>
  </login-config>
</sip-app>

Like in jetty a LoginService must be provided to allow declarative security.
It could be provided as a single realm to share common security information across all of your sip applications:

cipango.xml
<Configure id="Server" class="oorg.cipango.server.Server">
 
...
    <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">Test Realm</Set>
          <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
          <Set name="refreshInterval">0</Set>
        </New>
      </Arg>
    </Call>
 
</Configure>

or it could be provided for a single application using the jetty-web.xml (this file should be located in same directory that sip.xml)

jetty-web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<Configure class="org.cipango.sipapp.SipAppContext">
  <Get name="sipSecurityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
            <Set name="name">cipango.org</Set>
            <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
      </New>
    </Set>
  </Get>

</Configure>

The password must not be crypted (using MD5 for instance) as Digest authentication is used.

Additional Resources

SIP Authentication in Cipango is similar to web authentication in Jetty

  • No labels