Perform the tasks in this section if you are configuring Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 on SAP Web Application Server 7.0. This section includes a variety of short configuration tasks that are required for the agent to work on this specific deployment container. Complete all the tasks described in this section before performing the applicable tasks described in Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2.
The agent filter can be installed by modifying the deployment descriptor of the application to be protected. The following steps explain how to install the agent filter for the application you want the agent to protect:
To install the agent filter, ensure that the application is not currently deployed on SAP Enterprise Portal 7.0/Web Application Server 7.0.
If it is currently deployed, remove it before proceeding any further.
Create the necessary backups before proceeding to modify these descriptors.
Since you will modify the deployment descriptor in the next step, creating backup files at this point is important.
Edit the application's web.xml descriptor as follows:
Set the <DOCTYPE> element as shown in the following code example:
<!DOCTYPE web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> |
SAP Enterprise Portal 7.0/Web Application Server 7.0 supports the Java Servlet Specification version 2.4.
Note that Servlet API version 2.4 is fully backward compatible with version 2.3. Therefore, all existing servlets should work without modification or recompilation.
Edit the application's web.xml descriptor.
Add the <filter> elements in the deployment descriptor. Do this by specifying the <filter>, <filter-mapping>, and <dispatcher> elements immediately following the description element of the <web-app> element in the descriptor web.xml. The following code example displays a sample web.xml descriptor with the <filter>, <filter-mapping>, and <dispatcher> elements added.
<web-app> .. .. <filter> <filter-name>Agent</filter-name> <filter-class> com.sun.identity.agents.filter.AmAgentFilter </filter-class> </filter> <filter-mapping> <filter-name>Agent</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> .. .. </web-app> |
If you want to protect your application with J2EE declarative security, refer to the PolicyAgentBase/sampleapp directory to learn how to build and deploy an application. The sampleapp directory is by no means a full fledged J2EE application. Rather it is a simple application that provides you with a quick reference to application specific deployment descriptors and various deployment modes of a J2EE agent. Once you successfully deploy sampleapp and test all of its features, you can use it as a reference to other applications that will be protected by the J2EE agent.
Once the web.xml deployment descriptor is modified to reflect the new <DOCTYPE> and <filter> elements, the agent filter is added to the application. You can now redeploy your application on SAP Enterprise Portal 7.0/Web Application Server 7.0.
Ensure that role-to-principal mappings in container specific deployment descriptors are replaced with Access Manager roles or principals. You can retrieve Access Manager roles or principals for Access Manager 7 by issuing the agentadmin --getUuid command. For more information on the agentadmin --getUuid command, see agentadmin --getUuid.
You can also retrieve the universal ID for the user (UUID) using Access Manager 7 Console to browse the user profile.
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Web Application Server 7.0.
This task description explains how to add a library reference from the sap.com/app-context application to the newly deployed AmSAPAgent2.2 library.
Use the command line for this task.
Telnet to the J2EE telnet port by issuing a command such as the following:
$ telnet j2ee-engine-host instance-telnet-port
represents the machine that hosts the SAP Web Application Server 7.0 instance.
represents the port number of the telnet administration service of the SAP Enterprise Portal 7.0/Web Application Server 7.0 instance.
The following example demonstrates the format of the telnet command to issue:
telnet saphost.example.com 50008 |
After you issue a command similar to the preceding command, a message such as the following appears:
Telnet Administration [SAP J2EE Engine] Login: Password:
Log in using Administrator as the user and the corresponding Administrator password.
Issue the following command:
$ jump 0
A message such as the following appears:
You jumped on node 56457550
Issue the following command:
$ add deploy
Issue the following command:
$ CHANGE_REF -m sap.com/app-context library:AmSAPAgent2.2
The following message appears:
The reference between application sap.com/app-context and library:AmSAPAgent2.2 was made!
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Web Application Server 7.0.
This task description explains how to add the new login module to the J2EE engine list of login modules.
(Conditional) If the SAP Web Application Server 7.0 is not running, start it now.
Start the Visual Administration tool.
The following example provides the path to the Visual Administration tool on UNIX systems:
/usr/sap/SID/instanceName/j2ee/admin/go
represents the SAP system ID.
represents the SAP Web Application Server 7.0 instance.
Log in to the Visual Administration tool.
For a graphical representation of the Visual Administration tool as described in the steps that follow in this task, see Figure 4–12.
Select the Security Provider service.
Select the User Management tab.
Switch to the edit mode by clicking the pencil icon in the far left corner of the right panel.
Click Manage Security Stores
Click Add Login Module.
A dialog box appears.
Click OK.
In the Class Name text field, enter the following:
com.sun.identity.agents.sap.v70.AmSAPWASLoginModule
In the Display Name text field, enter the following:
AmSAPWASLoginModule
Click OK.
This is one of the post-installation tasks required when Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 has been installed on SAP Web Application Server 7.0.
This task description explains how to use the new login module that you just added to the J2EE engine list of login modules.
If necessary, start and log in to the Visual Administration tool as detailed in the preceding task description.
Select the Security Provider service.
Select the User Management tab.
In the Components list, select the application you want to configure.
In the right pane, remove BasicPasswordLoginModule.
Ensure that no other authentication template is being used at this point.
Click Add New.
From the list of modules, select AmSAPWASLoginModule.
Save the configuration.