Hello,
I would like to authorize JSON-RPC commands for a specific user. Is it possible to enable HTTP authentification on the xHTTP module?
Thanks for your help. Best regards Loic BOISSY
Hello,
yes, it is possible, just use the same functions as for sip authentication from auth/auth_db modules -- probably you want to do www-auth, not proxy-auth for http.
Cheers, Daniel
On 02/10/15 11:07, Loïc Boissy wrote:
Hello,
I would like to authorize JSON-RPC commands for a specific user. Is it possible to enable HTTP authentification on the xHTTP module?
Thanks for your help. Best regards Loic BOISSY
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Here's an example from our config:
#!subst "/DB_USER/xxxxxxxx/" #!subst "/DB_PASSWORD/xxxxxxxxxx/"
event_route[xhttp:request] { # Challenge for authentication credentials DB_NAME and DB_PASSWORD.
xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] Received HTTP request $rm $hu from $si:$sp\n");
if(is_present_hf("Authorization") && defined $au && $au ne "DB_USER") { xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Invalid user: $au\n"); sl_send_reply("403", "Forbidden"); exit; }
# The challenge does not send a qop= parameter, in order to ease # the burden on the client.
if(!pv_www_authenticate("$Ri", "DB_PASSWORD", "0", "POST")) { switch($rc) { case -1: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Generic authentication error\n"); sl_send_reply("403", "Forbidden"); break;
case -2: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Invalid password -- rejecting\n"); sl_send_reply("403", "Forbidden"); break;
default: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Unauthorised -- issuing authentication challenge\n"); www_challenge("$Ri", "0"); }
exit; }
xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] -> Authorised user: $au\n");
consume_credentials();
-- Alex
Hello,
Great! Thank you for your help. Loic
2015-10-05 19:12 GMT+02:00 Alex Balashov abalashov@evaristesys.com:
Here's an example from our config:
#!subst "/DB_USER/xxxxxxxx/" #!subst "/DB_PASSWORD/xxxxxxxxxx/"
event_route[xhttp:request] { # Challenge for authentication credentials DB_NAME and DB_PASSWORD.
xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] Received HTTP request $rm$hu from $si:$sp\n");
if(is_present_hf("Authorization") && defined $au && $au ne"DB_USER") { xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Invalid user: $au\n"); sl_send_reply("403", "Forbidden"); exit; }
# The challenge does not send a qop= parameter, in order to ease # the burden on the client. if(!pv_www_authenticate("$Ri", "DB_PASSWORD", "0", "POST")) { switch($rc) { case -1: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !>Generic authentication error\n"); sl_send_reply("403", "Forbidden"); break;
case -2: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !>Invalid password -- rejecting\n"); sl_send_reply("403", "Forbidden"); break;
default: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !>Unauthorised -- issuing authentication challenge\n"); www_challenge("$Ri", "0"); }
exit; } xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] -> Authorised user: $au\n"); consume_credentials();-- Alex
-- Alex Balashov | Principal | Evariste Systems LLC 303 Perimeter Center North, Suite 300 Atlanta, GA 30346 United States
Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Alex Balashov -
Daniel-Constantin Mierla -
Loïc Boissy