To Install the Agent Filter for the IBM WebSphere Application Server 5.1.1 Administration Console (Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 5.1.1)

Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 5.1.1

Previous: To Grant Access to IBM WebSphere Application Server 5.1.1 Administration Console
Next: To Allow Access to the IBM WebSphere Application Server 5.1.1 Administration Console

To Install the Agent Filter for the IBM WebSphere Application Server 5.1.1 Administration Console

The procedures that you have performed up to this point enable the Trust Association Interceptor to protect the Administration Console while users log in and establish the correct principal. However, the Trust Association Interceptor cannot trap logout events, enforce URL policies, and such. This filter would allow the enforcement of coarse grained URL policies defined within Access Manager to further control the access to protected resources on the IBM WebSphere Application Server 5.1.1 Administration Console. Therefore, the agent filter must be inserted into the web.xml file as explained in the following steps to protect the Administration Console. Without the filter element, you can log in to the Administration Console and perform normal operations, but the logout button will not function.

Note –

As explained in this task description, the agent filter should be the last filter executed in sequence. Therefore, ensure that you insert the agent filter after all other filters in the web.xml file.

Change to the following directory:
```
DeployContainer-base/config/cells/hostname/applications/adminconsole.ear/deployments
/adminconsole/adminconsole.war/WEB-INF
```
DeployContainer-base

represents the directory within which the IBM WebSphere Application Server 5.1.1 instance was installed.

hostname

represents the host name of the machine on which the IBM WebSphere Application Server 5.1.1 instance is installed.

Create a back up of the web.xml file.

Insert the agent filter into the file.

Ensure that the filter that you add is the last filter to be executed in sequence. The following snippet of code shows an excerpt of the web.xml file before the agent filter is added:

<web-app id="WebApp_1">
<display-name>adminconsole</display-name>
<listener id="Listener_1138486037387">
<listener-class>com.ibm.ws.console.appmanagement.SessionListener</liste
er-class>
</listener>...

The preceding snippet of code might appear as follows after the agent filter has been added:

<web-app id="WebApp_1">
<display-name>adminconsole</display-name>
<filter>
<filter-name>Agent</filter-name>
<filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Agent</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener id="Listener_1138486037387">
<listener-class>com.ibm.ws.console.appmanagement.SessionListener</listener-class>
</listener>