This documentation relates to last stable version of Cipango.
visit the last unstable documentation home.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

This tutorial describes how to configure security realms to provide authentication and access control for SIP applications running in Cipango. A realm has a unique name, and is composed of a set of users. Each user has authentication information (for example, a password) and a set of roles associated with him/herself.

Declarative security is not available in Cipango before the version 2.1.1

Sip application configuration

Declarative security is enabled with the following content in sip.xml

sip.xml
<?xml version="1.0" encoding="UTF-8"?>
<sip-app  xmlns="http://www.jcp.org/xml/ns/sipservlet"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.jcp.org/xml/ns/sipservlet http://www.jcp.org/xml/ns/sipservlet/sip-app_1_1.xsd"
          version="1.1">

  <!-- Ensure that all access to the servlet with name MyAuthServlet are authentified -->
  <security-constraint>
    <resource-collection>
      <resource-name>Auth resource</resource-name>
      <servlet-name>MyAuthServlet</servlet-name>
    </resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Ensure that all REGISTER and INVITE methods are authentified and restricted to the role 'user' -->
  <security-constraint>
    <resource-collection>
      <resource-name>Method Auth resource</resource-name>
      <sip-method>INVITE</sip-method>
      <sip-method>REGISTER</sip-method>
    </resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>
	
  <!--  Use realm name cipango.org and digest for authentication -->
  <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>cipango.org</realm-name>
  </login-config>
</sip-app>

Like in jetty, a LoginService must also be provided to allow declarative security.
It could be provided as a single realm to share common security information across all of your sip applications:

cipango.xml
<Configure id="Server" class="oorg.cipango.server.Server">
 
...
    <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">Test Realm</Set>
          <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
          <Set name="refreshInterval">0</Set>
        </New>
      </Arg>
    </Call>
 
</Configure>

or it could be provided for a single application using the jetty-web.xml (this file should be located in same directory that sip.xml)

jetty-web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<Configure class="org.cipango.sipapp.SipAppContext">
  <Get name="sipSecurityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
            <Set name="name">cipango.org</Set>
            <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
      </New>
    </Set>
  </Get>

</Configure>

with realm.properties like

realm.properties
other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user

The password must not be crypted (using MD5 for instance) as Digest authentication is used.

Additional Resources

  • No labels