Sip-Servlets -

Enable Security for Sip Servlets Applications

To enable security in JBoss AS

To enable security for JBoss Application Server, basically you have to create a security domain suitable for digest authentication and then configure your Sip Servlets application to use this security domain.
Here are the steps to make a simple configuration with static users, passwords and roles:

In server/default/conf/login-config.xml add a new security policy with hashed passwords, like this:
<application-policy name = "sip-servlets" >
<authentication >
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" >
<module-option name="usersProperties">props/sip-servlets-users.properties</module-option >
<module-option name="rolesProperties">props/sip-servlets-roles.properties</module-option >
<module-option name="hashAlgorithm">MD5</module-option >
<module-option name="hashEncoding">rfc2617</module-option >
<module-option name="hashUserPassword">false</module-option >
<module-option name="hashStorePassword">true</module-option >
<module-option name="passwordIsA1Hash">true</module-option >
<module-option name="storeDigestCallback">org.jboss.security.auth.spi.RFC2617Digest</module-option >
</login-module >
</authentication >
</application-policy >
In the file props/sip-servlets-users.properties put this:
# A sample users.properties file, this line creates user "admin" with password "admin" for "sip-servlets-realm"
admin=9640e13fedc736bdafa6b9007d965c56
The cryptic string here is the A1 value of the digest authentication algorithm and can be generated with the following command:
java -cp ../server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest username "My Realm" password
RFC2617 A1 hash: 9b47ec6f03603dd49863e7d58c4c49ea
In the file props/sip-servlets-roles.properties put this:
# A sample roles.properties file for use with some roles
admin=caller,role1,role2,..
Each line in this file assigns roles to the users defined in sip-servlets-users.properties
In jboss-web.xml in your application put this:
<jboss-web >
<!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. -- >
<security-domain>java:/jaas/sip-servlets</security-domain >
</jboss-web >
In sip.xml in your application add some security constraint and authentication type, for example:
<security-constraint >
<display-name>REGISTER Method Security Constraint</display-name >
<resource-collection >
<resource-name>SimpleSipServlet</resource-name >
<description>Require authenticated REGSITER requests</description >
<servlet-name>SimpleSipServlet</servlet-name >
<sip-method>REGISTER</sip-method >
</resource-collection >
<auth-constraint >
<role-name>caller</role-name >
</auth-constraint >
</security-constraint >
<login-config >
<auth-method>DIGEST</auth-method >
<realm-name>sip-servlets-realm</realm-name >
</login-config >

To enable security in Tomcat

You have to specify some security realm for the servlet container or it's parents, and add some contraints to the application. There are the steps: \

Open <tomcat_home>/conf/server.xml and uncomment the following line:
<Realm className="org.apache.catalina.realm.MemoryRealm" / >
Open <tomcat_home>/conf/tomcat-users.xml and add the following user sub-element:
<user name="user" password="password" roles="caller" / >
In sip.xml in your application add some security constraint and authentication type, for example:
<security-constraint >
<display-name>REGISTER Method Security Constraint</display-name >
<resource-collection >
<resource-name>SimpleSipServlet</resource-name >
<description>Require authenticated REGSITER requests</description >
<servlet-name>SimpleSipServlet</servlet-name >
<sip-method>REGISTER</sip-method >
</resource-collection >
<auth-constraint >
<role-name>caller</role-name >
</auth-constraint >
</security-constraint >
<login-config >
<auth-method>DIGEST</auth-method >
<realm-name>sip-servlets-realm</realm-name >
</login-config >