Wednesday May 14, 2008

Authentication for SIPServlet resources in SailFin Application Server
The authentication of SIPServlet resources can be done with Digest Authentication. In SailFin, the digest authentication is implemented using the JDBC realm.  You can check the details on Shingwai's blog about JDBC realm in Glassfish.

Note that at this time, ONLY this JDBC realm for digest authentication is supported on SailFin server. Other realms such as LDAP support might happen in future releases.


The following steps can help in configuring the digest auth with jdbc realm on SailFin application server:

1.Create a jdbcresource from GUI based admin console (default user: admin and password: adminadmin) or update domain.xml in similar to the below snippet.  There is a default JDBC connection pool "DerbyPool" which connects to default DB (JavaDB or Derby) supplied with SailFin. We just need to create the jdbc resource or use "jdbc/__default" datasource-jndi.

<jdbc-resource enabled="true" jndi-name="jdbc/digestauth" object-type="user" pool-name="DerbyPool"/>

2.Create a security auth realm from GUI based admin console (Configuration> Security> Realms> ) or update domain.xml in similar to the below snippet. Replace Your_Realm_Name to something meaningful in your config or just use as it is. Refer JDBCRealm configuration blog on how to create users in the DB and also the fields.

<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="Your_Realm_Name">          <property name="user-name-column" value="userid"/>          <property name="password-column" value="password"/>          <property name="group-name-column" value="groupid"/>          <property name="jaas-context" value="jdbcDigestRealm"/>          <property name="datasource-jndi" value="jdbc/digestauth"/>          <property name="group-table" value="grouptable"/>          <property name="user-table" value="usertable"/>    </auth-realm>

 

3.Check the following is already added to login.conf under domain/domain1/config

jdbcDigestRealm {        com.sun.enterprise.security.auth.login.JDBCDigestLoginModule required; };

4.  Add the following to sip.xml or web.xml

<login-config>        <auth-method>DIGEST</auth-method>        <realm-name>Your_Realm_Name</realm-name>   </login-config>

Snapshot of sip.xml while protecting the REGISTER method for the SIP Servlet RegistrarServlet.

<security-constraint>         <display-name>RegistrarConstraint1</display-name>         <resource-collection>             <resource-name>RegistrarServlet</resource-name>             <description>SIP Servlet resource protection</description>             <servlet-name>RegistrarServlet</servlet-name>             <sip-method>REGISTER</sip-method>         </resource-collection>         <auth-constraint>             <description>User can Access the files</description>             <role-name>User</role-name>         </auth-constraint>     </security-constraint>     <login-config>         <auth-method>DIGEST</auth-method>         <realm-name>Your_Realm_Name</realm-name>     </login-config>     <security-role>         <description>User Role</description>         <role-name>User</role-name>     </security-role>     <security-role>         <description>Admin Role </description>         <role-name>Admin</role-name>     </security-role>

4. Make sure the Derby is started and DB users/groups schemas created.
    To start/stop DB :

./bin/asadmin start-database ./bin/asadmin stop-database

    
5. Restart the SailFin Server and ready to use the DIGEST auth for your applications.

Thats it!




Posted by Jagadesh Babu Munta ( May 14 2008, 11:17:55 AM PDT ) Permalink Comments [1]

Monday May 12, 2008

JavaOne 2008 experience (more with GlassFish)
As a regular JavaOne attendee, this year 2008 also I was at JavaOne. It is a world's largest Java developers conference organized by Sun and happens every year at Moscone Center, San Francisco.
I feel the crowd is more than last year! Seen many students and stalls in the pavillion.
Here are few highlights!