SIP servlet FORM authentication

Question

I have a java client/server application based on HTTP. Now I want to add some SIP functionality. The server can accept SIP messages from authenticated user only but the authentication is HTTP based.

Is there a way to authorize SIP messages only for user authenticated via HTTP?

Container: mobicents 2 on JBoss 7

PS: I use declarative security so the container must be aware of the user identity.

UPDATE

What I need is a sort of authentication tracking system, something like a cookie for sip messages: a token to add in every sip message that inform the container that I'm already authenticated via HTTP.

A way could be to pass a token by means of a custom SIP header than using @SipApplicationKey to join the SipApplicationSession. In this case the problem is that I can't generate the key form the HttpSession. besides I'm not sure that join a SipApplicationSession solve the problem since the jsr289 says that a SipApplicationSession can have more than one HttpSession thus, potentially, more than one authenticated user.

Answer 1

SipApplicationSession is for joining two (or more) SipSession in order to create a back-to-back UA.

I need to do something similar and I'm working on implementing it this way. The biggest issue is how to associate a SipSession with a HttpSession. If you've done this you can simply get the authenticated user of a SipSession from the associated HttpSession.

For this I will send an extra header in the SIP messages, let's call it SESSIONID and the value will be `httpSession.getId()'. Then when processing the SIP message, you can scan through the HTTP sessions and associate the SIP session with the one with the corresponding id.