Examples of org.cafesip.jiplet.Realm

org.cafesip.jiplet.Realm
This interface must be implemented by any class that wants to implement a realm. A realm is an authentication and authorization mechanism used by the jiplet container. The jiplet container supports container managed authentication and authorization. That is the jiplet container can authenticate SIP end points sending SIP request messages before the message is delivered to the jiplet. That way, the jiplet do not have to implement its own authentication and authorization scheme. Instead, it can use the mechanism provided by the container.
When a SIP request message is received and a jiplet object is selected for delivery of the request, the container checks if the SIP end point needs to be authenticated. The jip.xml file included with every context specifies the authentication and authorization criteria for all the jiplets in the context. Some jiplets may not have any authentication and authorization criteria, but others may have it. If a jiplet requires authentication and authorization, the SIP end point has not been authenticated and the request message does not contain a Authorization header, the container responds to the request with a UNAUTHORIZED (401) response. If the end point has not been authenticated and an Authorization header is included in the request message for the realm, the realm specified by the jiplet is used to authenticate the user. The container calls the authenticate() method specified by this interface to authenticate. If the SIP end point cannot be authenticated, an UNAUTHORIZED (401) response is sent. If the user is successfully authenticated, the container checks if the user roles to determine if the SIP end-point has the required authorization. If the end point does not have the proper authorization, a FORBIDDEN (403) response is sent. Otherwise, the request is forwarded to the jiplet object.
The jiplet container supports "pluggable authentication modules" (not to be confused with PAM although some of the concepts are similar). That is, it is possible to plugin custom authentication and authorization modules into the jiplet container (configured in server.xml). The jiplet container already comes with a number of pre-defined custom realms but you can plug in your own custom module by creating a class that implements this interface. That way, you can integrate your organization's subscriber database into your jiplet application. @author Amit Chatterjee

                    if (rname == null)
                    {
                        rname = JipletContainer.getInstance().getDefaultRealm();
                    }


                    Realm realm = JipletContainer.getInstance()
                            .findRealm(rname);
                    if (realm == null)
                    {
                        throw new JipletException(
                                "While creating security constraint for collection "

View Full Code Here

                // the jiplet does not have any security constraint
                return new Pair(null, null);
            }
        }


        Realm realm = (Realm) p.getFirst();
        String[] roles = (String[]) p.getSecond();
        String realm_name = null;
        try
        {
            Thread.currentThread().setContextClassLoader(
                    realm.getClass().getClassLoader());
            realm_name = realm.getRealmName();
        }
        finally
        {
            Thread.currentThread().setContextClassLoader(cl);
        }


        // check if the request message contains an Authorization Header that
        // belongs to this realm


        String header_name = method.equals(Request.REGISTER) == true ? AuthorizationHeader.NAME
                : ProxyAuthorizationHeader.NAME;


        ListIterator iter = req.getHeaders(header_name);
        boolean found = false;
        while (iter.hasNext() == true)
        {
            found = true;
            AuthorizationHeader header = (AuthorizationHeader) iter.next();
            String call_id = ((CallIdHeader) req.getHeader(CallIdHeader.NAME))
                    .getCallId();


            if (JipletLogger.isDebugEnabled() == true)
            {
                JipletLogger.debug("Found an authentication entry for call-id"
                        + call_id + " for realm " + header.getRealm());
            }


            // check if the user has already been authenticated
            String[] uroles = authorizations.findEntry(header.getRealm(),
                    call_id, header.getNonce(), header.getResponse());
            if (uroles != null)
            {
                if (JipletLogger.isDebugEnabled() == true)
                {
                    JipletLogger.debug("Authenticated call-id " + call_id
                            + " from cached authentications");
                }
                // update the cached information with the new time-stamp
                AuthorizationInfo ainfo = new AuthorizationInfo();
                ainfo.setRealm(realm_name);
                ainfo.setResponse(header.getResponse());
                ainfo.setCallId(call_id);
                ainfo.setNonce(header.getNonce());
                authorizations.addEntry(ainfo, new Date());


                // the user has a prior authentication for this realm, check if
                // the user has proper authority
                if (hasAuthorization(roles, uroles) == true)
                {
                    return new Pair(new JipletPrincipal(header.getUsername()),
                            uroles);
                }
                else
                {
                    // send a FORBIDDEN response
                    sendResponse(jiplet, event, Response.FORBIDDEN,
                            "You are not authorized to use this service", null);
                    return null;
                }
            }
            else
            {
                // the user either does not prior authentication or the auth
                // failed. Check if the authentication info that the user has
                // sent can
                // be authenticated.


                try
                {
                    // set the context class loader to that of the realm.
                    Thread.currentThread().setContextClassLoader(
                            realm.getClass().getClassLoader());
                    uroles = realm.authenticate(req.getMethod(), header);
                }
                finally
                {
                    Thread.currentThread().setContextClassLoader(cl);
                }


                if (uroles != null)
                {
                    // add the information to the cached authorizations
                    AuthorizationInfo ainfo = new AuthorizationInfo();
                    ainfo.setRealm(realm_name);
                    ainfo.setResponse(header.getResponse());
                    ainfo.setCallId(call_id);
                    ainfo.setNonce(header.getNonce());
                    authorizations.addEntry(ainfo, new Date());


                    // the user has proper authentication for this realm, check
                    // if the user has proper authority
                    if (hasAuthorization(roles, uroles) == true)
                    {
                        return new Pair(new JipletPrincipal(header
                                .getUsername()), uroles);
                    }
                    else
                    {
                        // send a FORBIDDEN response
                        sendResponse(jiplet, event, Response.FORBIDDEN,
                                "You are not authorized to use this service",
                                null);


                        return null;
                    }
                }
            }
        } // end while


        if (found == false)
        {
            if (JipletLogger.isDebugEnabled() == true)
            {
                JipletLogger
                        .debug("Received a SIP request with no authentication header");
            }


            if (authOnLogout == false)
            {
                if (method.equals(Request.REGISTER) == true)
                {
                    // get the expires header
                    ExpiresHeader expires = (ExpiresHeader) req
                            .getHeader(ExpiresHeader.NAME);
                    if ((expires != null) && (expires.getExpires() == 0))
                    {
                        FromHeader from = (FromHeader) req
                                .getHeader(FromHeader.NAME);
                        String name = ((SipURI) from.getAddress().getURI())
                                .getUser();
                        return new Pair(new JipletPrincipal(name), null); 
                    }
                }
            }
        }


        // if we have reached here, it means that either the user has not has
        // prior authentication or the credentials do not match, send a
        // challenge.
        String htype = method.equals(Request.REGISTER) == true ? WWWAuthenticateHeader.NAME
                : ProxyAuthenticateHeader.NAME;


        WWWAuthenticateHeader auth_header = null;


        try
        {
            Thread.currentThread().setContextClassLoader(
                    realm.getClass().getClassLoader());
            auth_header = realm.getAuthenticationHeader(jiplet, req, htype,
                    true);
        }
        finally
        {
            Thread.currentThread().setContextClassLoader(cl);

View Full Code Here

            while (i.hasNext() == true)
            {
                Map.Entry entry = (Map.Entry) i.next();
                Jiplet jiplet = (Jiplet) entry.getKey();
                Pair p = (Pair) entry.getValue();
                Realm r = (Realm) p.getFirst();


                String rname = null;
                ClassLoader cl = Thread.currentThread().getContextClassLoader();
                try
                {
                    Thread.currentThread().setContextClassLoader(
                            r.getClass().getClassLoader());
                    rname = realm.getRealmName();
                }
                finally
                {
                    Thread.currentThread().setContextClassLoader(cl);
                }


                if (r.getRealmName().equals(rname) == true)
                {
                    JipletLogger
                            .warn("Removing realm "
                                    + realm.getRealmName()
                                    + " from jiplet "

View Full Code Here

TOP

Related Classes of org.cafesip.jiplet.Realm

org.cafesip.jiplet.cma.SecurityConstraintManager

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.