|
|||||||
SecurityUnderstanding the Security-Related APIs Defined by the SIP Servlet APIThe following shows the security-related APIs in the SIP Servlet API.
Each API behaves in SIP Servlet Engine as follows:
For an overview of the authentication and authorization processes, see Security Management. How to specify the security-related tags in the sip.xmlThe following shows the security-related tags:
For more information about each tag, see sip-app_1_0.dtd. This section describes the examples of these tags and their behavior. run-as<servlet> <servlet-name>chat</servlet-name> <servlet-class>com.oki.sip.apps.demo.servlet.ChatRoomServlet</servlet-class> .... <run-as> <role-name>sipuser</role-name> </run-as> </servlet> .... <security-role> <description>Default SIP User</description> <role-name>sipuser</role-name> </security-role> In this case, if the servlet "chat" is called, the role name "sipuser" is used, for example, when called the EJB. When you define the role name which is not defined in the <security-role> tag, an exception will occur during startup. security-constraint.... <security-constraint> <display-name>Default constraint for demo-application</display-name> <resource-collection> <resource-name>Default Constraint</resource-name> <description>Default Constraint</description> <servlet-name>registrar</servlet-name> <sip-method>SUBSCRIBE</sip-method> </resource-collection> <auth-constraint> <role-name>sipuser</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> <realm-name>oki.com</realm-name> </login-config> <security-role> <description>Default SIP User</description> <role-name>sipuser</role-name> </security-role> In this case, the digest authentication is performed for the request to the SipServlet defined as "registrar" and for the request whose SIP method name is "SUBSCRIBE". And the realm used in the digest authentication is "oki.com". If the "sipuser" role is not assigned to the user, the 403 response code will be returned even when the authentication succeeds. To assign the role to the user, use the SIP Servlet Engine Management tool.((See sip-admin Users Manual.) LimitationsYou must consider the following limitations when using these security-related tags.
Last Modified:Tue Mar 23 13:46:42 JST 2004 |
|||||||
|