Authentication using declarative security cannot work properly

[Ace Yin]

Hi , 

i am trying to configure the authentication by following the document steps: https://cipango.atlassian.net/wiki/display/DOC/Authentication+using+declarative+security

i add all security constraints as above example and restarted the cipango, but when i tried to send a REGISTER request to cipango by using a non-existing user, the cipango still return 200 to me(what i expected is 401).

i attached my project in this post.

is there anyone can help on this?

any suggestion will be great appreciated.

[David Soulayrol]

Hi,

On 2014.03.17 01:57:52 -0700, Ace Yin wrote:

> i am trying to configure the authentication by following the document
> steps:
> https://cipango.atlassian.net/wiki/display/DOC/Authentication+using+declarative+security
>
> i add all security constraints as above example and restarted the cipango,
> but when i tried to send a REGISTER request to cipango by using a
> non-existing user, the cipango still return 200 to me(what i expected is
> 401).

It seems you only forgot to create the jetty-web.xml file as described
on this tutorial. (At least, I cannot find it in your archive.)

Actually, the security-constraint section in the sip.xml describes the
constraints you want to set, but the object which enforces these
constraints is set in jetty-web.xml.

--
David