Setting up HTTP Authentication in Jetty 5 for VoiceObjects Server

Introduction

This KB article shows how to set up a secure link between the VXML browser and VoiceObjects Server.
More specifically, it shows how to enforce HTTP Basic Authentication and HTTP Digest Authentication for requests of VoiceObjects? DialogMapping servlet when hosting VoiceObjects Server on a Jetty 5 web application server.

Setting up BASIC Authentication

Note: File paths are given as in a default installation of VoiceObjects 7.x, based on Jetty 5 as the web application server (as part of the standard installation).

1. Open [VoiceObjects]\Platform\WEB-INF\etc\web.xml.VOServer in a text editor and add the nodes <security-constraint> and <login-config> as follows:

   <web-app>
   	...
   	<security-constraint>
   		<web-resource-collection>
   			<web-resource-name>PROTECTED</web-resource-name>
   			<url-pattern>/DialogMapping/*</url-pattern>
   			<http-method>GET</http-method>
   			<http-method>POST</http-method>
   		</web-resource-collection>
   		<auth-constraint>
   			<role-name>*</role-name>
   		</auth-constraint>
   	</security-constraint>
   	<login-config>
   		<auth-method>BASIC</auth-method>
   		<realm-name>VORealm</realm-name>
   	</login-config>
   </web-app>
   

2. Open [VoiceObjects]\Platform\WEB-INF\etc\Jetty5\VOServer.xml in a text editor and add a node as follows:

   <Configure …>
   	...
   	<Call name="addRealm">
   		<Arg>
   			<New class="org.mortbay.http.HashUserRealm">
   				<Arg>VORealm</Arg>
   				<Arg>./etc/VORealm.properties</Arg>
   			</New>
   		</Arg>
   	</Call>
   </Configure>
   

3. Finally, add the new file [VoiceObjects]\Jetty\etc\VORealm.properties with this one line for each set of user credentials of the form name: password[, role]

   Sample content:
   vouser, voiceobjects, user
voadmin, hk74, admin
   This defines the user vouser (role: user) with the password voiceobjects, and another user named voadmin with role admin.
   To test, restart VoiceObjects Server, then invoke the following URL in a web browser:
   http://localhost:8099/VoiceObjects/DialogMapping?ping=true
   The web browser should display a message window with prompts for username and password. On entering voiceobjects / vouser, the browser window should display a single line with the logical server name (default: VOServer).

Setting up HTTP DIGEST Authentication

To set up HTTP Digest Authentication, you need to take two steps:

1. In web.xml.VOServer, change the line

   <auth-method>BASIC</auth-method>
   to
   <auth-method>DIGEST</auth-method>

2. In VORealm.properties we must now store encrypted passwords rather than the plain text version. To encrypt passwords, follow these steps:
   • In [VoiceObjects]\Jetty\etc\ create a new batch file, generatePwd.bat containing the following two lines:

     set CP="../lib/org.mortbay.jetty.jar;../ext/commons-logging.jar" 
     java -cp %CP% org.mortbay.util.Password %1
     

   • Call this batch file from the command line, providing the password that you want to encrypt as an argument. Sample call with password "ussd_user":

     C:\VoiceObjects\Jetty\etc>generatePwd.bat ussd_pwd
     ussd_pwd
     OBF:1w281zej1y0y1rpg1rp61y0s1zer1w1a
     MD5:22e3803916dd66d35d62721241d915d1
     

   • Now open VORealms.properties, remove all lines with plain text passwords, and create new lines of the form

     ussd_user: OBF:1w281zej1y0y1rpg1rp61y0s1zer1w1a
     taking the line "OBF:?" from the above output as the password.

Now, restart VOServer, and conduct the same test as in the previous chapter. In the login window, provide the username ussd_user and the password ussd_pwd.