Thursday Oct 29, 2009

Installing diameter on Sailfin 2.0

Diameter will be soon available as a pay for Addon module on Sailfin 2.0. Naman has written how to install and configure diameter on sailfin 2.0 here.

Friday Oct 16, 2009

Reading AVP value not directly exposed by Response API's in Sun Diameter stack

Here is a code snippet that shows how to read AVP’s that any of the response API’s does not directly expose.
In this case we see how to read Experimental Result Code AVP value.

Tuesday Jul 28, 2009

Diameter Online Charging(Ro) Javadocs available

Javadocs for Sun Diameter Online charging API's are now available here.

Monday Jul 20, 2009

Code Syntax highlighter

A nice set of scripts from

Thursday Jul 16, 2009

Updating user profile information in HSS using Sailfin diameter Sh API.

In the below code snippet we see how to read the user repository data from HSS,modify the data and update the HSS. Sh API makes this operation a breeze. OpenIMS HSS is one of the HSS server being used to test SH API's.

In simple steps :

1.Look up HSS server
2.Create ReadProfileKey with required information and validate it to ensure required information to construct a valid message is there.
3.convert the retrieved profile data into JAXB objects
4.Update the profile data using setter methods provided by JAXB
5.Create a UpdateKey
6.send out the modified information.

Use ViewImage option to look @ the code snippet...

Update userprofile information.

Wednesday Jul 15, 2009

Quick look @ Online Charging in Sailfin Communication server

Wrapping up development on Online and Offline charging API in Sailfin communication server. Here is a sample that shows a charging client accessing Ericsson Charging Server.

PartOne: Initial Request in Session based online charging.

View image to look at the source.
Session Charging

PartTwo: Update and Terminate Request in Session based online charging.
The below code snippet shows how to update a charging session and terminate one. The code snippet has comments to help you understand the code.

Updating and terminating charging session

Highlights of Diameter support in Sailfin
1.Easy to use API , interfaces provided for AVP's defined in 3GPP specs and RFC's
2.Easy to query additional AVP's in a Grouped AVP.
3.Easy to add new AVP support using dictionary or annotations.
4.Ability to send messages in a synchronous or asynchronous manner(Listener support to receive asynchronous responses)
5.Interfaces defined to build messages as per 3GPP specifications.
6.Easy to build custom messages as shown in the code snippet.
7.Diameter Resource adapter.
8.Sailfin Admin console and Admin GUI support for local/remote configuration
9.TLS support.

more later....

If you have questions write to

Thursday Jun 25, 2009

Code Generation API

While I was looking at tools to generate code, I found Codemodel[] to be a pretty good one. It is used by JAXB and by quite a number of internal projects within SUN. If you are not looking for a template based approach for generating JAVA code[as in] I strongly recommend using Codemodel, nice thing I found in Codemodel is that generated code is nicely formatted :), it was a onestop solution for me.

Friday May 29, 2009

Annotations and AVP code generation tool

As we progressed through adding features to diameter module in sailfin, we felt the need to speed up the process of adding new application support into Diameter base protocol. Inorder to enable this we added few annotations and came up with a tool that uses metadata from the dictionary to generate the huge number of AVP's the 3GPP specs define.
Hoping to improve the tool as we progress.... Will publish the updated API's and Annotations soon...

Wednesday Jan 07, 2009

P-Asserted-Identity authentication in Sailfin Communication Server

P-Asserted-Identity authentication in Sailfin is based on RFC 3325 and requirements from JSR 289,

Steps to configure P-Asserted-Identity authentication

We will break the steps to configure P-Asserted-Identity authentication module into following steps,

       1.Configuring security realm
       2.Configuring Trust
       3.Configuring security for SIP Applications

1.Configuring security realm

Refer to section Configuring security realm in my previous blog entry.

2.Configuring Trust

  • Open sailfin administration console, default url will be http://localhost:4848
  • Click on Configuration tab
  • Click on Trust configurations

You can now either create new trust configuration elements or edit if you have already have one.
When you create a new trust configuration you have the option to either choose static configuration or you can write your own custom trust handler(to determine if a host from which message is being received or sent to is trusted).

Here are some snapshots 1 & 2.

Default trust handler provided by Sailfin trusts all hosts and maps the value in P-Asserted-Identity to a format suitable to the container for use in authentication,authorization tasks.For eg: "Cullen Jennings" value will be mapped/formatted to "CullenJ".

3.Configuring security for SIP Applications.

  • Configuration as per JSR 289
           1.Login configuration
           2.Securing methods

  • Implementation specific configuration
           1.Configuring sun-sip.xml

Configuration as per JSR 289.

1.Login configuration

              JSR 289 specific configuration elements (standard configuration) are defined in sip.xml, sip.xml has   following additional elements under login-config.

As per JSR 289 sailfin supports P-Asserted-Identity authentication in two modes (SUPPORTED , REQUIRED). When SUPPORTED value is used then incoming SIP messages are processed as follows

a) if P-Asserted-Identity header is present then process it.

b) if P-Asserted-Identity header is not present then apply the authentication method configured in auth-method element.




          <!-- SUPPORTED/REQUIRED are supported values for identity-assertion-support -->


As per JSR 289 Sailfin supports P-Asserted-Identity authentication in two modes (SUPPORTED , REQUIRED). When SUPPORTED value is used then incoming SIP messages are processed as follows

  a) if P-Asserted-Identity header is present then process it.

  b) if P-Asserted-Identity header is not present then apply the authentication method configured in auth-method element.        
















When P-Asserted-Identity scheme is REQUIRED by the application, the P-Asserted-Identity header MUST be present in the request. If the P-Asserted-Identity header is not present, Sailfin will reject the request with a 403 response. If authorization of the Identity specified by P-Asserted-Identity header fails, Sailfin will return a 403 response.

2.Securing methods

   JSR 289 defines security-constraint( auth-constraints and resource-collection) elements which enables users to configure SIP methods that need to be secured i,e accessed by authorized users.

please refer to sample sip.xml file for more details.

Implementation specific configuration

1.Configuring sun-sip.xml

Following elements and properties need to configured in sun-sip.xml

security-role-mapping  element to enable principal to role mapping

properties trust-id-ref  and trust-auth-realm-ref, please refer to my previous blog entry to know learn about these properties.

Thursday Dec 18, 2008

Configuring NonceManager for Digest and Identity authentication modules

Identity authentication and Digest authentication modules need NonceManager to cache call-id and nonce values respectively.
One can configure the max nonce age for these modules using NonceManager property under Security-Service element in domain.xml. maxNonceAge value is in milliseconds.
"property name="NonceManager" value="id=identity-nonce-config,maxNonceAge=350000;id=sip-nonce-config,maxNonceAge=3000"

NonceManager for Digest authentication module is sip-nonce-config whose default value is 600000 milliseconds.
NonceManager for identity authentication module is identity-nonce-config whose default value is 3600000 milliseconds.

Snapshot of configuring NonceManager using Admin UI is here

Friday Jan 25, 2008

svn proxy settings

Incase you get below mentioned error and you need to use a proxy to access your source repository using svn

svn: PROPFIND request failed on '/svn/glassfish-svn/trunk/v3/web/appserv-webtier'
svn: PROPFIND of '/svn/glassfish-svn/trunk/v3/web/appserv-webtier': Could not resolve hostname `': No address associated with hostname (

then edit "servers" file and set http proxy host and port with appropriate values. This file will be present in your home

http-proxy-host =
http-proxy-port = 8080

Wednesday Jan 09, 2008

Reactor subproject failure occurred

If you get the below mentioned error when setting up Sailfin development workspace, then the problem can be that your

maven checkout and maven bootstrap-all commands have failed. Check the logs and update your sources or execute checkout and bootstrap-all commands again freshly.

[echo] ------------------------------
[echo] - Building GlassFish modules -
[echo] ------------------------------
[echo] Resolving appserv-docs binary dependency
Starting the reactor...

File...... /home/venu/work/workspace/sailfin/bootstrap/maven.xml
Element... maven:reactor
Line...... 52
Column.... 40
Unable to obtain goal [build] -- /home/venu/work/workspace/sailfin/bootstrap/../../glassfish/bootstrap/maven.xml:264:40: Reactor subproject failure occurred




« April 2014