I have a java client/server application based on HTTP. Now I want to add some SIP functionality. The server can accept SIP messages from authenticated user only but the authentication is HTTP based.
Is there a way to authorize SIP messages only for user authenticated via HTTP?
Container: mobicents 2 on JBoss 7
PS: I use declarative security so the container must be aware of the user identity.
UPDATE
What I need is a sort of authentication tracking system, something like a cookie for sip messages: a token to add in every sip message that inform the container that I'm already authenticated via HTTP.
A way could be to pass a token by means of a custom SIP header than using @SipApplicationKey to join the SipApplicationSession. In this case the problem is that I can't generate the key form the HttpSession. besides I'm not sure that join a SipApplicationSession solve the problem since the jsr289 says that a SipApplicationSession can have more than one HttpSession thus, potentially, more than one authenticated user.
SipApplicationSessionis for joining two (or more)SipSessionin order to create a back-to-back UA.I need to do something similar and I'm working on implementing it this way. The biggest issue is how to associate a
SipSessionwith aHttpSession. If you've done this you can simply get the authenticated user of aSipSessionfrom the associatedHttpSession.For this I will send an extra header in the SIP messages, let's call it
SESSIONIDand the value will be `httpSession.getId()'. Then when processing the SIP message, you can scan through the HTTP sessions and associate the SIP session with the one with the corresponding id.