Introduction
This tutorial describes how to configure security realms to provide authentication and access control for SIP applications running in Cipango. A realm has a unique name, and is composed of a set of users. Each user has authentication information (for example, a password) and a set of roles associated with him/herself.
Declarative security is not available in Cipango before the version 2.1.1
Sip application configuration
Like described in JSR 289, the following content shoud be add in sip.xml
<?xml version="1.0" encoding="UTF-8"?> <sip-app xmlns="http://www.jcp.org/xml/ns/sipservlet" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jcp.org/xml/ns/sipservlet http://www.jcp.org/xml/ns/sipservlet/sip-app_1_1.xsd" version="1.1"> <security-constraint> <resource-collection> <resource-name>Auth resource</resource-name> <servlet-name>MyAuthServlet</servlet-name> </resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> <realm-name>cipango.org</realm-name> </login-config> </sip-app>
Like in jetty a LoginService must be provided to allow declarative security.
It could be provided as a single realm to share common security information across all of your sip applications:
<Configure id="Server" class="oorg.cipango.server.Server"> ... <Call name="addBean"> <Arg> <New class="org.eclipse.jetty.security.HashLoginService"> <Set name="name">Test Realm</Set> <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set> <Set name="refreshInterval">0</Set> </New> </Arg> </Call> </Configure>
or it could be provided for a single application using the jetty-web.xml
(this file should be located in same directory that sip.xml
)
<?xml version="1.0" encoding="ISO-8859-1"?> <Configure class="org.cipango.sipapp.SipAppContext"> <Get name="sipSecurityHandler"> <Set name="loginService"> <New class="org.eclipse.jetty.security.HashLoginService"> <Set name="name">cipango.org</Set> <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set> </New> </Set> </Get> </Configure>
The password must not be crypted (using MD5 for instance) as Digest authentication is used.
Additional Resources
SIP Authentication in Cipango is similar to web authentication in Jetty