Wednesday May 14, 2008
Wednesday May 14, 2008 Authentication for SIPServlet resources in SailFin Application Server
The authentication of SIPServlet resources can be done with Digest Authentication. In SailFin, the digest authentication is implemented using the JDBC realm. You can check the details on Shingwai's blog about JDBC realm in Glassfish.
Note that at this time, ONLY this JDBC realm for digest authentication is supported on SailFin server. Other realms such as LDAP support might happen in future releases.
The following steps can help in configuring the digest auth with jdbc realm on SailFin application server:
1.Create a jdbcresource from GUI based admin console (default user: admin and password: adminadmin) or update domain.xml in similar to the below snippet. There is a default JDBC connection pool "DerbyPool" which connects to default DB (JavaDB or Derby) supplied with SailFin. We just need to create the jdbc resource or use "jdbc/__default" datasource-jndi.
| <jdbc-resource
enabled="true" jndi-name="jdbc/digestauth"
object-type="user" pool-name="DerbyPool"/> |
2.Create a security auth realm from GUI based admin console (Configuration> Security> Realms> ) or update domain.xml in similar to the below snippet. Replace Your_Realm_Name to something meaningful in your config or just use as it is. Refer JDBCRealm configuration blog on how to create users in the DB and also the fields.
|
<auth-realm
classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="Your_Realm_Name"> <property name="user-name-column" value="userid"/> <property name="password-column" value="password"/> <property name="group-name-column" value="groupid"/> <property name="jaas-context" value="jdbcDigestRealm"/> <property name="datasource-jndi" value="jdbc/digestauth"/> <property name="group-table" value="grouptable"/> <property name="user-table" value="usertable"/> </auth-realm> |
 |
3.Check the following is already added to login.conf under domain/domain1/config
| jdbcDigestRealm
{ com.sun.enterprise.security.auth.login.JDBCDigestLoginModule required; }; |
4. Add the following to sip.xml or web.xml
| <login-config> <auth-method>DIGEST</auth-method> <realm-name>Your_Realm_Name</realm-name> </login-config> |
Snapshot of sip.xml while protecting the REGISTER method for the SIP Servlet RegistrarServlet.
|
<security-constraint> <display-name>RegistrarConstraint1</display-name> <resource-collection> <resource-name>RegistrarServlet</resource-name> <description>SIP Servlet resource protection</description> <servlet-name>RegistrarServlet</servlet-name> <sip-method>REGISTER</sip-method> </resource-collection> <auth-constraint> <description>User can Access the files</description> <role-name>User</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> <realm-name>Your_Realm_Name</realm-name> </login-config> <security-role> <description>User Role</description> <role-name>User</role-name> </security-role> <security-role> <description>Admin Role </description> <role-name>Admin</role-name> </security-role> |
4. Make sure the Derby is started and DB users/groups schemas created.
To start/stop DB :
| ./bin/asadmin
start-database ./bin/asadmin stop-database |
5. Restart the SailFin Server and ready to use the DIGEST auth for your applications.
Thats it!
Posted by Jagadesh Babu Munta ( May 14 2008, 11:17:55 AM PDT ) Permalink Comments [1]
