Required Post-Installation Tasks for the Application Server and GlassFish Policy Agent (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Application Server 8.1/8.2/9.0/9.1 and GlassFish)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Application Server 8.1/8.2/9.0/9.1 and GlassFish

Required Post-Installation Tasks for the Application Server and GlassFish Policy Agent

Deploying the Agent Application

The agent application (agentapp) is a housekeeping application used by the agent for notifications and other functions such as cross domain single sign-on (CDSSO) support.

To Deploy the Agent Application

Before You Begin

This application is bundled with the appserver_v9_agent.zip distribution file and is available as a WAR file in the following location after you unzip the file:

PolicyAgent-base/etc/agentapp.war

Deploy the agent application on the Application Server or GlassFish instance using the Application Server or GlassFish administration console or deployment command.

You must use the same deployment URI that you specified in the “Agent protected Application Server URL” prompt during the agent installation.

For example, if you accepted the default value (/agentapp) as the deployment URI for the agent application, then use this same URI to deploy the agentapp.war file in the Application Server or GlassFish instance.

Installing the Agent Filter for the Application Server and GlassFishAgent

Install the agent filter by modifying the deployment descriptor of each application that you want to protect.

To Install the Agent Filter

Ensure that the application you want to protect is not currently deployed on the Application Server or GlassFish instance.

If the application is deployed, undeploy it before continuing.

Backup the application's web.xml file before modifying the descriptors.

The backup copy can be useful if you need to uninstall the agent.

Edit the application's descriptors in the web.xml file as follows:

Set the <DOCTYPE> element as shown in the following example:

<!DOCTYPE web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

Note: Application Server and GlassFish supports the Java Servlet specification version 2.4. Version 2.4 is fully backward compatible with version 2.3. Therefore, all existing servlets should work without modification or recompilation.

Add the <filter> elements to the deployment descriptor.

Specify the agent filter as the first <filter> element and the agent filter mapping as the first <filter-mapping> element. For example:

<web-app>
...
    <filter>
        <filter-name>Agent</filter-name>
        <filter-class> com.sun.identity.agents.filter.AmAgentFilter </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Agent</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>
...
</web-app>

Deploy (or redeploy) the application on Application Server and GlassFish.

The agent filter is added to the application.

Next Steps

You can also protect an application with J2EE declarative security. To learn more about protecting your application with J2EE declarative security, consider deploying the sample application. For information, see Deploying the Policy Agent Sample Application.

Note –

Ensure that role-to-principal mappings in container specific deployment descriptors are replaced with OpenSSO Enterprise roles or principals. To retrieve OpenSSO Enterprise roles or principals, use the OpenSSO Enterprise (or Access Manager) Console to browse the user profile.