The role-to-principal mappings in Apache Tomcat Servlet/JSP Container deployment descriptors must be replaced with Access Manager roles or principals. The tasks described in this section include steps for changing the deployment descriptors of the Manager web application, the administration web application, and the host manager web application, thereby configuring J2EE declarative security for these applications.
By default, Agent for Apache Tomcat Servlet/JSP Container protects the Manager web application, the administration web application, and the host manager web application with J2EE security. This default configuration is established by the J2EE agent installer, which sets the agent filter mode to J2EE_POLICY in the J2EE agent AMAgent.properties configuration file as follows:
com.sun.identity.agents.config.Filter.mode = J2EE_POLICY
To protect the Manager web application, the administration web application, and the host manager web application with a filter mode other than J2EE_POLICY, change or add to the preceding setting accordingly in order to change the filter mode for these applications to URL_POLICY mode or ALL mode. The following example demonstrates these three applications set to specific filter modes. The administration web application is set to URL_POLICY mode while the Manager web application and the host manager web application are set to ALL mode.
com.sun.identity.agents.config.Filter.mode[admin] = URL_POLICY com.sun.identity.agents.config.Filter.mode[manager] = ALL com.sun.identity.agents.config.Filter.mode[host-manager] = ALL
After you have set the filter mode for each of these applications to the mode that best suits your site's deployment, perform the steps detailed in the following task descriptions.