The agent runtime provides access to all the Access Manager application program interfaces (API) that can be used to further enhance the security of the application. Besides the Access Manager API, the agent also provides a set of API that allow the application to find the SSO token string associated with the logged-in user. These API can be used from within the web container or the EJB container of the deployment container. These are agent utility API. However, an equally viable option is to use client SDK public API directly to fetch the SSO token.
Certain containers, such as Apache Tomcat Servlet/JSP Container do not have an EJB container. Hence, the EJB related agent API would not be applicable for such containers.
The subsections that follow illustrate the available agent API that can be used from within an application. The J2EE agent API have changed in Policy Agent 2.2 as explained in this section. This section includes an example of the new API in use, see Usage of New J2EE Agent API in Policy Agent 2.2.
com.sun.identity.agents.filter.AmFilterManager
public static com.sun.identity.agents.filter.AmSSOCache getAmSSOCacheInstance() throws com.sun.identity.agents.arch.AgentException
Deprecated: This method has been deprecated. The best practice is not to use this method, but to use the new public API for this AmFilterManager class as follows:
public static com.sun.identity.agents.filter.IAmSSOCache getAmSSOCache()
This method returns an instance of Class AmSSOCache, which can be used to retrieve the SSO token for the logged-in user. This method can throw AgentException if an error occurs while processing this request.
public static com.sun.identity.agents.filter.IAmSSOCache getAmSSOCache()
This method returns an instance of IAmSSOCache interface, which can be used to retrieve the SSO token for the logged-in user.
com.sun.identity.agents.filter.IAmSSOCache
public String getSSOTokenForUser(Object ejbContextOrServletRequest)
This method can be used to retrieve the SSO token for the logged-in user. If called from the web tier, this method passes an instance of javax.servlet.http.HttpServletRequest as an argument. If called from the EJB tier, this method passes an instance of javax.ejb.EJBContext as an argument. This method eradicates the necessity of using two separate methods in AmSSOCache to retrieve the SSO token.
com.sun.identity.agents.filter.AmSSOCache
Deprecated: This class and its methods have been deprecated. The best practice is not to use the methods in this class, but to use the unified API in com.sun.identity.agents.filter.IAmSSOCache.
public java.lang.String getSSOTokenForUser(javax.servlet.http.HttpServletRequest request)
Deprecated: This method has been deprecated as explained in the Note in Class AmSSOCache.
This method returns the SSO token for the logged-in user whose request is currently being processed in the web container within the deployment container. This method can return null if the requested token is not available at the time of this call.
public java.lang.String getSSOTokenForUser(javax.ejb.EJBContext context)
Deprecated: This method has been deprecated as explained in the Note in Class AmSSOCache.
This method returns the SSO token for the logged on user whose request is currently being processed in the deployment container’s EJB tier. This method can return null if the requested token is not available at the time of this call.
The API getSSOTokenForUser(javax.ejb.EJBContext) can be used only when the agent operation mode is either J2EE_POLICY or ALL.
The following example demonstrates the new J2EE agent API in use.
Web Tier Use Case:
String ssotoken = AmFilterManager.getAmSSOCache().getSSOTokenForUser(HTTPRequest);
EJB Tier Use Case:
String ssotoken = AmFilterManager.getAmSSOCache().getSSOTokenForUser(EJBContext);
This public API can only retrieve the SSOToken object in EJB context if the value of the following property in the J2EE agent AMAgent.properties file is set to true as shown:
com.sun.identity.agents.config.user.principal = true