Thread: [Asterisk-java-users] AGI Mapping Strategies in Asterisk-Java 0.3
Brought to you by:
srt
Menu
▾
▴
asterisk-java-users
|
From: Stefan R. <sr...@re...> - 2006-07-12 19:21:45
Attachments:
signature.asc
|
Hi, let's sched some light on the mapping strategis for FastAGI scripts in the upcoming Asterisk-Java 0.3 release: As Tony pointed out Asterisk-Java 0.3 by default uses a CompositeMappingStrategy to determine which script class to use for an incoming AGI request. The default is to try the ResourceBundleStrategy (the one already used by 0.2) first and then fall back to the ClassNameMappingStrategy. ResourceBundleStrategy looks for fastagi-mapping.properties on the classpath. To map a call to "agi://localhost/my-script.agi" to your AGI script MyScript in com.example.agi you would place a line like this in the properties file: my-script.agi com.example.agi.MyScript If there is no fastagi-mapping.properties file on the classpath or the properties file does not a mapping that matches the request the ClassNameMappingStrategy is used: It looks for a Java class with a default (i.e. public and without arguments) constructor that implements AgiScript and has a full name corresponding to your request. So to call your script using the ClassNameMappingStrategy you would place something like exten =3D> 123,1,AGI(agi://localhost/com.example.agi.MyScript) in your dialplan. The main purpose of the ClassNameMappingStrategy is to make easy things easy. So in a simple case you dont need any mapping properties files and just call your script class directly. Hope that explanation helps and you like the idea. =3DStefan --=20 reuter network consulting Neusser Str. 110 50760 Koeln Germany Telefon: +49 221 1305699-0 Telefax: +49 221 1305699-90 E-Mail: sr...@re... Jabber: sr...@ja... |
|
From: Brett S. <bs...@no...> - 2006-07-12 22:34:29
|
This feels like it might possibly be a security risk in some instances. It basically allows someone with access to the dial-plan to call any class in the java code base. I'm not certain that this is such a good idea (although I do like the convenience). The approach I've used previously is to create a small mapping class, the advantage of this technique is that the java programmer has control over which methods can be called not the dial plan writer. Do other people have an opinion on this? Stefan Reuter wrote: > Hi, > > let's sched some light on the mapping strategis for FastAGI scripts in > the upcoming Asterisk-Java 0.3 release: > > As Tony pointed out Asterisk-Java 0.3 by default uses a > CompositeMappingStrategy to determine which script class to use for an > incoming AGI request. > The default is to try the ResourceBundleStrategy (the one already used > by 0.2) first and then fall back to the ClassNameMappingStrategy. > > ResourceBundleStrategy looks for fastagi-mapping.properties on the > classpath. To map a call to "agi://localhost/my-script.agi" to your AGI > script MyScript in com.example.agi you would place a line like this in > the properties file: > my-script.agi com.example.agi.MyScript > > If there is no fastagi-mapping.properties file on the classpath or the > properties file does not a mapping that matches the request the > ClassNameMappingStrategy is used: It looks for a Java class with a > default (i.e. public and without arguments) constructor that implements > AgiScript and has a full name corresponding to your request. So to call > your script using the ClassNameMappingStrategy you would place something > like > exten => 123,1,AGI(agi://localhost/com.example.agi.MyScript) > in your dialplan. > > The main purpose of the ClassNameMappingStrategy is to make easy things > easy. So in a simple case you dont need any mapping properties files and > just call your script class directly. > Hope that explanation helps and you like the idea. > > =Stefan > > > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > ------------------------------------------------------------------------ > > _______________________________________________ > Asterisk-java-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/asterisk-java-users > |
|
From: Stefan R. <sr...@re...> - 2006-07-12 22:59:35
Attachments:
signature.asc
|
> This feels like it might possibly be a security risk in some instances.= Security is a good point to consider. Especially being secure by default.= > It basically allows someone with access to the dial-plan to call any > class in the java code base. Not exactly any class, only classes that implement the AgiScript interface. The security issue is present if all of the following conditions are met: - you place multiple scripts on your classpath - some of the availble scripts should not be exposed to Asterisk - at least one of the available scripts, that should not be exposed to Asterisk does not itself implement security checks (i.e. verifying the source IP address) > I'm not certain that this is such a good idea (although I do like the > convenience). Its a tradeoff. The past showed that most people having trouble starting to play with Asterisk-Java and FastAGI didn't get the mapping done the right way. (esp. CLASSPATH issues) > The approach I've used previously is to create a small mapping class, > the advantage of this technique is that the java programmer has control= > over which methods can be called not the dial plan writer. Yep, thats what I also do, but it doesn't work "out of the box", i.e. you have to use it :) I usually use the Spring Framework and the SimpleMappingStrategy (which does probably just what your small mapping class does) provided with Asterisk-Java. What I like with the new approach is that it gets people started more quickly: Just implement the AgiScript, place the script's class file and asteriskjava.jar on the CLASSPATH and run DefaultAgiServer from the command line. > Do other people have an opinion on this? Any feedback is highly appreciated! =3DStefan --=20 reuter network consulting Neusser Str. 110 50760 Koeln Germany Telefon: +49 221 1305699-0 Telefax: +49 221 1305699-90 E-Mail: sr...@re... Jabber: sr...@ja... |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X