Installing the Agent Filter for the WebLogic Server/Portal 10 Agent
The following task applies to both BEA WebLogic Server 10 and BEA WebLogic Portal 10. However, for additional information, see Post-Installation Tasks for the Agent on WebLogic Portal 10
The agent filter must be installed by modifying the deployment descriptor of each application to be protected.
To Install the Agent Filter for the Deployed Application
on Agent for WebLogic Server/Portal 10
The following steps explain how to install the agent filter for an application you want the agent to protect.
-
Ensure that the application is not currently deployed on WebLogic Server/Portal 10.
If it is currently deployed, undeploy it before proceeding any further.
-
Create the necessary backups before modifying the deployment descriptor in the next step.
Since you will modify the deployment descriptor in the next step, creating backup files at this point is important.
-
Edit the application's web.xml descriptor by adding the <filter> elements.
Add the <filter>, <filter-mapping>, and <dispatcher> elements as the first filter element in the web.xml descriptor. For example:
<web-app> ... <filter> <filter-name>Agent</filter-name> <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class> </filter> <filter-mapping> <filter-name>Agent</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> ... </web-app>Important: Make sure that this filter element is the first element in the descriptor.
Next Steps
Focus on WebLogic Server 10
Note –
The remainder of this section focuses on WebLogic Server 10, and not on WebLogic Portal 10. For information specific to the web.xml deployment descriptor for WebLogic Portal 10, see Portal: Installing the Agent Filter for the Deployed Application on Agent for WebLogic Server/Portal 10.
To protect your application with J2EE declarative security or with any other filter modes such as ALL or URL_POLICY, refer to the PolicyAgent-base/sampleapp directory for information about building and deploying an application. The sampleapp directory is not a complete J2EE application; however, it is a simple application that provides you with a quick reference to application specific deployment descriptors and various deployment modes of a J2EE agent. Once you successfully deploy sampleapp and test its features, you can use it as a reference to other applications that will be protected by the J2EE agent.
Note –
If you run this agent in J2EE_POLICY mode, map Access Manager roles to the principal names for the deployed application. The principal names are available in the weblogic.xml file and the weblogic-ejb-jar.xml file. Either or both of these files might exist.
You can retrieve Access Manager roles by issuing the agentadmin --getUuid command. For more information , see agentadmin --getUuid. You can also retrieve the universal ID for the user (UUID) using the Access Manager Console to browse the user profile.
Mapping that converts Access Manager roles to principal names is performed by configuring the following property:
com.sun.identity.agents.config.privileged.attribute.mapping[]
For more information about setting this property, see:
-
Mapping-related attributes in Privileged Attribute Processing Properties
- © 2010, Oracle Corporation and/or its affiliates