This section describes the configuration necessary for the specific applications that the agent will protect. This configuration involves the installation of the agent filter, which is installed for each deployed application. The agent filter is installed by modifying the deployment descriptor of the application that is going to be protected.
The following steps explain how to install the agent filter for the application you want the agent to protect:
To install the agent filter, ensure that the application is not currently deployed on IBM WebSphere Application Server 6.0.
If it is currently deployed, remove it before proceeding any further.
Create the necessary backups before proceeding to modify these descriptors.
Since you will modify the deployment descriptor in the next step, creating backup files at this point is important.
Edit the application's web.xml descriptor as follows:
Set the <DOCTYPE> element as shown in the following code example:
<!DOCTYPE web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
IBM WebSphere Application Server 6.0 supports the Java Servlet Specification version 2.4.
Note that Servlet API version 2.4 is fully backward compatible with version 2.3. Therefore, all existing servlets should work without modification or recompilation. For more information, see, the Sun Java System Application Server Developer's Guide.
Edit the application's web.xml descriptor.
Add the <filter> elements in the deployment descriptor. Do this by specifying the <filter>, <filter-mapping>, and <dispatcher> elements immediately following the description element of the <web-app> element in the descriptor web.xml. The following code example displays a sample web.xml descriptor with the <filter>, <filter-mapping>, and <dispatcher> elements added.
<web-app> .. .. <filter> <filter-name>Agent</filter-name> <filter-class> com.sun.identity.agents.filter.AmAgentFilter </filter-class> </filter> <filter-mapping> <filter-name>Agent</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> .. .. </web-app>
If you want to protect an application with J2EE declarative security, refer to the PolicyAgentBase/sampleapp directory to learn how to build and deploy an application. The sampleapp directory is by no means a full fledged J2EE application. Rather it is a simple application that provides you with a quick reference to application specific deployment descriptors and various deployment modes of a J2EE agent. Once you successfully deploy sampleapp and test all of its features, you can use it as a reference to other applications that will be protected by the J2EE agent.
Once the web.xml deployment descriptor is modified to reflect the new <DOCTYPE> and <filter> elements, the agent filter is added to the application. You can now redeploy the application on IBM WebSphere Application Server 6.0.
Ensure that role-to-principal mappings in container specific deployment descriptors are replaced with Access Manager roles or principals. You can retrieve Access Manager roles or principals for Access Manager 7 by issuing the agentadmin --getUuid command. For more information on the agentadmin --getUuid command, see agentadmin --getUuid.
You can also retrieve the universal ID for the user (UUID) using Access Manager 7 Console to browse the user profile.