Protecting JBoss-Specific Resources is JBoss specific task and is required for all JBoss integration use cases: protecting applications, Web Services, or EJBs.
The following sections describe how to create a JBoss Agent registration (which includes defining protected resources) and configure authorization policies for use with the JBoss Agent.
You can use the Oracle Access Management Console to register the JBoss Agent with Automatic Policy Creation. Remote registration can also be used.
Remote registration is described elsewhere in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.
For communication between Access Manager and the JBoss Agent, you can use Open, Simple, or Cert Security Mode. Configuring the JBoss Agent to use Simple or Cert mode signals the Java ASDK to operate in the same mode. During registration, a new file system directory is created for the agent on the Oracle Access Management Console host (AdminServer). After registration, you copy artifacts to the Agent directory path:
ObAccessClient.xml
password.xml (Simple or Cert mode only)
oamclient-keystore.jks - see "Setting Up The Keystore" in Oracle Fusion Middleware Developer's Guide for Oracle Access Management.
In the following procedure you will create a fresh registration for a 10g OAM Agent. Replace variables with values for your environment. This example uses Cert mode. Your deployment will be different.
You can create a custom Authorization policy to protect JBoss Agent-specific resources and add responses that return the user groups as header variables.
For example, name the response OAM_GROUPS
(with value $user.groups
).
Note:
For this custom authorization policy, the success and failure redirect URLs are not needed because the single purpose of this policy is to provide responses for an authorized user. If redirect URLs are provided, no redirection occurs with the processing logic of the JBoss Agent or Login Module.
In the Oracle Access Management Console, click Application Security at the top of the window.
In the Launch Pad tab, click Application Domains in the Access Manager section.
Search for the JBoss domain and open it for editing.
Authorization Policies:
Click the Authorization Policies node and click the Create (+) button.
In the Name field of the Summary tab, enter a unique name. For example:
Custom Authorization Policy
Add Resources: JBoss Agent-specific resources were defined during agent registration.
Click the Resources tab on the Authorization Policy page.
Click the Add (+) button.
Click the Search button.
Choose a URL from the list, then click Add Selected:
/Authen/Basic
Repeat Steps a through d to add:
/Authen/SSOToken
Click Apply
Add Responses: Click the Responses tab, click the Add (+) button and:
In the Name field, enter a unique name for this response: OAM_GROUPS
.
From the Type list, choose a response type (Header).
In the Value field, enter a value for this response. For example: $user.groups
Click Apply to save changes and close the Confirmation window.
Proceed to the proper topic for your deployment.