Protecting an Application With the Filter Mode Set to J2EE_POLICY or ALL For the Oracle Application Server 10g Agent (Sun Java System Access Manager Policy Agent 2.2 Guide for Oracle Application Server 10g)

Sun Java System Access Manager Policy Agent 2.2 Guide for Oracle Application Server 10g

Previous: Installing the Agent Filter for the Deployed Application on Agent for Oracle Application Server 10g
Next: Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2

Protecting an Application With the Filter Mode Set to `J2EE_POLICY` or `ALL` For the Oracle Application Server 10g Agent

The steps in this section are required if the filter mode (com.sun.identity.agents.config.filter.mode property) is set to J2EE_POLICY or ALL (which is the default value set during the agent installation).

Perform these steps for each application to be protected by the version 2.2–02 Oracle Application Server 10g agent, including the sample application.

To Protect an Application With the Filter Mode Set to `J2EE_POLICY` or `ALL` For the Oracle Application Server 10g Agent

If the application is already deployed, undeploy it.

Then, find the application's EAR file with its internal source files, including files within the WAR and JAR files.

Edit the WAR file's WEB-INF/web.xml file as follows:

Add the following filter descriptors as the first filter definition:

<filter id="Filter_PolicyAgent"> 
<filter-name>Agent</filter-name> 
<display-name>Agent</display-name> 
<description>J2EE Policy Agent Filter</description> 
<filter-class> 
com.sun.identity.agents.filter.AmAgentFilter 
</filter-class> 
</filter> 
<filter-mapping id="FilterMapping_PolicyAgent"> 
<filter-name>Agent</filter-name> 
<url-pattern>/*</url-pattern> 
</filter-mapping>

Since filters were introduced in Servlet specification 2.3, the web.xml file's <DOCTYPE> element must indicate that the deployment descriptor is a Servlet 2.3 compliant deployment descriptor, as follows:
```
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application2.3//EN" 
"http://java.sun.com/dtd/web-app_2_3.dtd"> 
```

If the application has specified declarative security in the web.xml or ejb-jar.xml file, perform these steps:
1. Add the following entry in WEB-INF/web.xml:
```
<login-config> 
<auth-method>FORM</auth-method> 
<form-login-config> 
<form-login-page>/jsp/oracle10g_login.jsp</form-login-page> 
<form-error-page>/authentication/accessdenied.html</form-error-page> 
</form-login-config> 
</login-config>
```
2. Copy the sampleapp/docroot/jsp/oracle10g_login.jsp file to the application's WAR file jsp directory.
3. Copy the sampleapp/docroot/authentication/accessdenied.html file to the application's WAR file authentication directory.
  
  Note: If you wish, you can customize these two files and put them into different directories for the application. Refer to the various application files under sampleapp/etc for the sample application.

Add the following entry to the application's META-INF/orion-application.xml file:

<jazn provider="XML"> 
<property name="role.mapping.dynamic" value="true"/> 
<property name="custom.loginmodule.provider" value="true" /> 
</jazn>

Or, if the application has an existing jazn-data.xml file in its META-INF directory, add this entry:

<jazn provider="XML" "location="./jazn-data.xml"> 
<property name="role.mapping.dynamic" value="true"/> 
<property name="custom.loginmodule.provider" value="true" /> 
</jazn>

Repackage the application with the changes you have made.

Redeploy the application through the Oracle 10g Enterprise Manager. Note the application name, which is required in a later step.
- On the “Deploy Application: User Manager” screen, select “Use JAZN XML User Manager”.
- Leave the “Default Realm” empty and “XML Data” as /jazn-data.xml, which are the defaults.

Add the following entry to oracle_home/j2ee/home/config/jazn-data.xml or oracle_home/j2ee/instance/config/jazn-data.xml:

<application> 
<name>application-name</name>
<login-modules> 
<login-module> 
<class>com.sun.identity.agents.oracle.v1012.AmOracleLoginModule</class> 
<control-flag>required</control-flag> 
<options> 
<option> 
<name>debug</name> 
<value>true</value> 
</option> 
</options> 
</login-module> 
</login-modules> 
</application>

Note: For <name>application-name</name>, specify the application name within the Oracle 10g instance from Step 6.

Add the URL policies from Access Manager. You also must grant permissions to those users for this application's URLs.

For information about specifying URL policies in Access Manager, see Chapter 8, Managing Policies, in Sun Java System Access Manager 7 2005Q4 Administration Guide.

In AMAgent.properties, set the com.sun.identity.agents.config.filter.mode property to the proper mode, such as J2EE_POLICY or ALL.

Restart both the Access Manager server and the Oracle 10g instance.

Protecting an Application With the Filter Mode Set to J2EE_POLICY or ALL For the Oracle Application Server 10g Agent

To Protect an Application With the Filter Mode Set to J2EE_POLICY or ALL For the Oracle Application Server 10g Agent

Protecting an Application With the Filter Mode Set to `J2EE_POLICY` or `ALL` For the Oracle Application Server 10g Agent

To Protect an Application With the Filter Mode Set to `J2EE_POLICY` or `ALL` For the Oracle Application Server 10g Agent