Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 6.0

Key Features and Tasks Performed With the J2EE Agent API

The agent runtime provides access to all the Access Manager application program interfaces (API) that can be used to further enhance the security of the application. Besides the Access Manager API, the agent also provides a set of API that allow the application to find the SSO token string associated with the logged-in user. These API can be used from within the web container or the EJB container of the deployment container. These are agent utility API. However, an equally viable option is to use client SDK public API directly to fetch the SSO token.

Note –

Certain containers, such as Apache Tomcat Servlet/JSP Container do not have an EJB container. Hence, the EJB related agent API would not be applicable for such containers.

The subsections that follow illustrate the available agent API that can be used from within an application. The J2EE agent API have changed in Policy Agent 2.2 as explained in this section. This section includes an example of the new API in use, see Usage of New J2EE Agent API in Policy Agent 2.2.

Class AmFilterManager


Available API for Class AmFilterManager

Interface IAmSSOCache


Available API for Interface IAmSSOCache

public String getSSOTokenForUser(Object ejbContextOrServletRequest)

This method can be used to retrieve the SSO token for the logged-in user. If called from the web tier, this method passes an instance of javax.servlet.http.HttpServletRequest as an argument. If called from the EJB tier, this method passes an instance of javax.ejb.EJBContext as an argument. This method eradicates the necessity of using two separate methods in AmSSOCache to retrieve the SSO token.

Class AmSSOCache


Note –

Deprecated: This class and its methods have been deprecated. The best practice is not to use the methods in this class, but to use the unified API in com.sun.identity.agents.filter.IAmSSOCache.

Available API for Class AmSSOCache

Note –

The API getSSOTokenForUser(javax.ejb.EJBContext) can be used only when the agent operation mode is either J2EE_POLICY or ALL.

Usage of New J2EE Agent API in Policy Agent 2.2

The following example demonstrates the new J2EE agent API in use.

Example 5–4 Usage of New J2EE Agent API

String ssotoken = 

Caution – Caution –

This public API can only retrieve the SSOToken object in EJB context if the value of the following property in the J2EE agent file is set to true as shown:

com.sun.identity.agents.config.user.principal = true