Security in Sailfin Milestone3

Sailfin milestone 3 is out and here is the list of features we added as per JSR 289. I will talk in detail on how to use each of these security features in my next blog.

We have provided support for

  • run-as
             - can be configured using standard descriptors (sip.xml), example:
                  <servlet>
                        <servlet-name>SipSample</servlet-name>
                        <display-name>SipSample</display-name>
                        <servlet-class>com.sun.test.SipSample</servlet-class>
                        <load-on-startup>0</load-on-startup>
                        <run-as>
                            <role-name>externalUser</role-name>
                        </run-as>
                 </servlet>

  • P-Asserted Identity authentication
          P-Asserted Identity form of authentication requires us to define trust rules. Sailfin allows users to achieve this using configuration elements defined in domain.xml. GUI and command line options enable users to configure trust rules. A SIP entity on the network can be part of the trust domain by adding its IP address or hostname under the element trusted-entity as shown below.  To enable users define custom trust rules sailfin provides a TrustHandler interface which the user can implement.
           example:

                  <identity-assertion-trust id="default_id_assertion" is-default="true">
                         <!--
                              <trust-handler class-name="org.jvnet.glassfish.comms.security.auth.impl.TrustHandlerImpl">
                                  <property name="certstore" value="/home/venu/certstore.jks"/>
                             </trust-handler>
                         -->
                          <trusted-entity id="tr" trusted-as="intermediate">
                                <ip-address>129.158.229.124</ip-address>
                         </trusted-entity>
                  </identity-assertion-trust>

more soon......


Powered by ScribeFire.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

venu

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today