After you have performed any required pre-installation steps, use the agentadmin --install command to install the agent.
Change to the following directory:
JBOSS_AGENT_HOME/bin |
JBOSS_AGENT_HOME represents the directory where you unpacked or unzipped the JBoss Application Server 4.0agent distribution file. For example: /opt/j2ee_agents/am_jboss_agent.
The /bin directory contains the agentadmin program, which is used to install a J2EE agent and to perform other tasks. For more information, see Role of the agentadmin Program in a J2EE Agent for Policy Agent 2.2.
Issue the following command:
./agentadmin --install |
Note: On Windows systems, execute agentadmin.bat.
(Conditional) If you receive license agreement, accept or reject the agreement. If you reject any portion of the agreement, the program will end.
The license agreement is displayed only during the first run of the agentadmin program.
Enter the installation information as prompted by the agentadmin program (or accept the default values).
For example, specific information that you will need to enter includes:
Path to the /conf directory. For example: /opt/jboss-4.0.2/server/default/conf
Indicates (true or false) whether the JBoss server instance is running with Java Security Manager permissions:
true - The JBoss server standard server.policy file location is displayed. If JBoss server is using a different server.policy file, specify that file, including its path. The Java permissions file (standard file is server.policy) will be modified with agent-specific permissions.
false (default) - Skip the server.policy file interaction. The Java permissions file (standard file is server.policy) will not be modified, if it exists.
For more information, see Installing the Agent on a JBoss Application Server 4.0 Instance Running with Java Security Manager Permissions.
The deployment URI for the agent application (agentapp.war) is required for the agent to perform necessary housekeeping tasks such as registering policy and session notifications, legacy browser support, and CDSSO support. Accept /agentapp as the default value for this interaction. The agent application is deployed during the agent installation. The deployment URI for agent application during install time should match the deployment URI for the same application when deployed in the J2EE container.
This key is used to encrypt sensitive information such the passwords. The key should be at least 12 characters long. A key is generated randomly and provided as the default. You can accept the random key generated by the installer or create your own using the .agentadmin --getEncryptKey command.
For information about creating a new encryption key, see agentadmin --getEncryptKey.
An agent profile should have been created as a pre-installation step. The creation of the agent profile is mentioned in that section. For the pre-installation steps, see Preparing to Install Agent for JBoss Application Server 4.0. For the actual information on creating an agent profile, see Creating a J2EE Agent Profile.
In summary, the J2EE agent communicates with Access Manager with a specific ID and password created through an agent profile using Access Manager Console. For J2EE agents, the creation of an agent profile is mandatory. Access Manager uses the agent profile to authenticate an agent. This is part of the security infrastructure.
The J2EE password file should have been created as a pre-installation step. For the pre-installation steps, see Preparing to Install Agent for JBoss Application Server 4.0.
When the installation program prompts you for the password for the agent, enter the fully qualified path to this password file.
Other values that you must specify include items such as the Access Manager server host name, port number, and protocol (http or https).
After you specify all values, the program displays a summary of your responses. For example:
----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- JBoss Server Config Directory : /opt/jboss-4.0.2/server/default/conf Access Manager Services Host : am.example.com Access Manager Services Port : 8880 Access Manager Services Protocol : http Access Manager Services Deployment URI : /amserver Agent Host name : am.example.com Agent permissions gets added to java permissions policy file : true File name of Java security manager permissions used for the chosen JBoss server instance. : /opt/jboss-4.0.2/server/default/conf/server.policy Application Server Instance Port number : 8080 Protocol for Application Server instance : http Deployment URI for the Agent Application : /agentapp Encryption Key : 1Ae4alVx7M9YnVcQKI5OqCXsnGyPaKAP Agent Profile name : jee Agent Profile Password file name : /opt/ldp Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]:
Based on this summary, select one of the options.
If you choose option 1, Continue with Installation, the program performs the functions described in JBoss Application Server 4.0 Agent Installation Functions and then displays the Summary of the Agent Installation.
For a complete sample run on an installation, see Sample Installation for the Agent for JBoss Application Server 4.0.
At the end of the installation process, the installation program displays a summary of the agent installation. For example:
SUMMARY OF AGENT INSTALLATION ----------------------------- Agent instance name: agent_001 Agent Configuration file location: /opt/j2ee_agents/am_jboss_agent/agent_001/config/AMAgent.properties Agent Audit directory location: /opt/j2ee_agents/am_jboss_agent/agent_001/logs/audit Agent Debug directory location: /opt/j2ee_agents/am_jboss_agent/agent_001/logs/debug Install log file location: /opt/j2ee_agents/am_jboss_agent/logs/audit/install.log Thank you for using Access Manager Policy Agent
In the following descriptions, PolicyAgent-base represents the J2EE base installation directory for the agent, and agent_001 identifies this specific agent installation. For more information about the location of a J2EE agent base directory, see Location of the J2EE Agent Base Directory in Policy Agent 2.2.
Files in the SUMMARY OF AGENT INSTALLATION include:
Location of the J2EE agent AMAgent.properties configuration file for the agent instance. Every instance of a J2EE agent has a unique copy of this file. You can configure this file to meet your site's requirements. For more information, see the following sections:
Location of the J2EE agent local audit trail.
Location of all debug files required to debug an agent installation or configuration issue.
Location of the file that has the agent install file location. If the installation failed for any reason, you can look at this file to determine the cause of the failure.
Before performing the post-installation steps as described in Chapter 4, Post-Installation Tasks of Policy Agent 2.2 for JBoss Application Server 4.0, be sure to review the install.log file.
Example 3–5 shows a sample installation run of the agent for JBoss Application Server 4.0.
This sample run represents a JBoss Application Server 4.0 installation running with Java security manager permissions. For more information, see Installing the Agent on a JBoss Application Server 4.0 Instance Running with Java Security Manager Permissions.
************************************************************************ Welcome to the Access Manager Policy Agent for JBoss Server 4.0. If the Policy Agent is used with Federation Manager services, User needs to enter information relevant to Federation Manager. ************************************************************************ Enter the complete path to the directory which is used by JBoss Server to store its configuration Files. This directory uniquely identifies the JBoss Server instance that is secured by this Agent. [ ? : Help, ! : Exit ] Enter the JBoss Server Config Directory Path [/opt/jboss-4.0.2/server/default/conf]: Enter the fully qualified host name of the server where Access Manager Services are installed. [ ? : Help, < : Back, ! : Exit ] Access Manager Services Host: am.example.com Enter the port number of the Server that runs Access Manager Services. [ ? : Help, < : Back, ! : Exit ] Access Manager Services port [80]: 8880 Enter http/https to specify the protocol used by the Server that runs Access Manager services. [ ? : Help, < : Back, ! : Exit ] Access Manager Services Protocol [http]: Enter the Deployment URI for Access Manager Services. [ ? : Help, < : Back, ! : Exit ] Access Manager Services Deployment URI [/amserver]: Enter the fully qualified host name on which the Application Server protected by the agent is installed. [ ? : Help, < : Back, ! : Exit ] Enter the Agent Host name: agent.example.com Indicate the specified server instance runs with Java security manager permissions. [ ? : Help, < : Back, ! : Exit ] Specify whether the chosen server instance runs with Java security manager permissions. [false]: true Enter the complete path including the file name of Java security manager permissions used for the chosen JBoss server instance. [ ? : Help, < : Back, ! : Exit ] Enter the complete path including the file name of Java security manager permissions used for the chosen JBoss server instance. [/opt/jboss-4.0.2/server/default/conf/server.policy]: Enter the preferred port number on which the application server provides its services. [ ? : Help, < : Back, ! : Exit ] Enter the port number for Application Server instance [80]: 8080 Select http or https to specify the protocol used by the Application server instance that will be protected by Access Manager Policy Agent. [ ? : Help, < : Back, ! : Exit ] Enter the Preferred Protocol for Application Server instance [http]: Enter the deployment URI for the Agent Application. This Application is used by the agent for internal housekeeping. [ ? : Help, < : Back, ! : Exit ] Enter the Deployment URI for the Agent Application [/agentapp]: Enter a valid Encryption Key. [ ? : Help, < : Back, ! : Exit ] Enter the Encryption Key [1Ae4alVx7M9YnVcQKI5OqCXsnGyPaKAP]: Enter a valid Agent profile name. Before proceeding with the agent installation, please ensure that a valid Agent profile exists in Access Manager. [ ? : Help, < : Back, ! : Exit ] Enter the Agent Profile name: jee Enter the path to a file that contains the password to be used for identifying the Agent. [ ? : Help, < : Back, ! : Exit ] Enter the path to the password file: /opt/ldp ----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- JBoss Server Config Directory : /opt/jboss-4.0.2/server/default/conf Access Manager Services Host : am.example.com Access Manager Services Port : 8880 Access Manager Services Protocol : http Access Manager Services Deployment URI : /amserver Agent Host name : agent.example.com Agent permissions gets added to java permissions policy file : true File name of Java security manager permissions used for the chosen JBoss server instance. : /opt/jboss-4.0.2/server/default/conf/server.policy Application Server Instance Port number : 8080 Protocol for Application Server instance : http Deployment URI for the Agent Application : /agentapp Encryption Key : 1Ae4alVx7M9YnVcQKI5OqCXsnGyPaKAP Agent Profile name : jee Agent Profile Password file name : /opt/ldp Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]: Creating directory layout and configuring AMAgent.properties file for agent_001 instance ...DONE. Reading data from file /opt/ldp and encrypting it ...DONE. Generating audit log file name ...DONE. Creating tag swapped AMAgent.properties file for instance agent_001 ...DONE. Creating a backup for file /opt/jboss-4.0.2/server/default/conf/jboss-service.xml ...DONE. Adding Agent parameters to /opt/jboss-4.0.2/server/default/conf/jboss-service.xml file ...DONE. Creating a backup for file /opt/jboss-4.0.2/server/default/conf/server.policy ...DONE. Adding Agent parameters to /opt/jboss-4.0.2/server/default/conf/server.policy file ...DONE. Adding Agent parameters to am-login-config.xml file ...DONE. Adding Agent parameters to /opt/jboss-4.0.2/bin/setAgentClasspathdefault.sh file ...DONE. Adding Agent parameters to agentapp.war file ...DONE. SUMMARY OF AGENT INSTALLATION ----------------------------- Agent instance name: agent_001 Agent Configuration file location: /opt/j2ee_agents/am_jboss_agent/agent_001/config/AMAgent.properties Agent Audit directory location: /opt/j2ee_agents/am_jboss_agent/agent_001/logs/audit Agent Debug directory location: /opt/j2ee_agents/am_jboss_agent/agent_001/logs/debug Install log file location: /opt/j2ee_agents/am_jboss_agent/logs/audit/install.log Thank you for using Access Manager Policy Agent
After you install the agent for a specific JBoss server instance, you can install the agent on another JBoss server instance on the same host server by executing the agentadmin --install command again.
However, the JBoss server agent and the Access Manager server must run on different web containers?
If you are installing the agent on an instance of JBoss Application Server 4.0 that runs with Java security manager permissions, during the installation process, answer true to the following prompt as shown:
Indicate the specified server instance runs with Java security manager permissions. [ ? : Help, < : Back, ! : Exit ] Specify whether the chosen server instance runs with Java security manager permissions. [false]: true |
Answering true to the preceding prompt, causes the following prompt to appear:
Enter the complete path including the file name of Java security manager permissions used for the chosen JBoss server instance. [ ? : Help, < : Back, ! : Exit ] Enter the complete path including the file name of Java security manager permissions used for the chosen JBoss server instance. [/opt/jboss-4.0.2/server/default/conf/server.policy]: |
Enter the appropriate path information.