All J2EE agents communicate with Access Manager by XML over HTTP. J2EE agents contain two main components: The agent realm and the agent filter. Together, these two components affect the operation of the deployment container and the behavior of protected applications on the deployment container.
The agent realm, which is installed as a deployment container-specific platform component, enables the deployment container to interact with principals stored in Access Manager. The deployment container then communicates with Access Manager about user profile information. The agent realm needs to be configured correctly for the agent to enforce J2EE security policies for protected applications.
The agent filter is installed within the protected application and facilitates the enforcement of the security policies, governing the access to all resources within the protected application. Every application protected by the agent must have its deployment descriptors changed to reflect that it is configured to use the agent filter. Applications that do not have this setting are not protected by the agent and might malfunction or become unusable if deployed on a deployment container where the agent realm is installed.
The agent realm and agent filter work in tandem with Access Manager to enforce J2EE security policies as well as Access Manager-based URL policies for authentication and authorization of clients attempting to access protected J2EE applications.
The agent provides a fully configured and ready-to-use client installation of Access Manager SDK for the application server. This SDK offers a rich set of APIs supported by Access Manager that can be used to create security-aware applications that are tailored to work in the security framework offered by Access Manager. For more information on how to use Access Manager SDK, see Sun Java System Access Manager 7 2005Q4 Developer’s Guide.