Installing the Agent Filter for the WebSphere Application Server 6.1 Administration Console (Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 6.1)

Sun Java System Access Manager Policy Agent 2.2 Guide for IBM WebSphere Application Server 6.1

Installing the Agent Filter for the WebSphere Application Server 6.1 Administration Console

The procedures that you have performed up to this point enable the Trust Association Interceptor to protect the Administration Console while users log in and establish the correct principal. However, the Trust Association Interceptor cannot trap logout events, enforce URL policies, and such. The agent filter allows the enforcement of coarse grained URL policies defined within Access Manager to further control the access to protected resources on the WebSphere Application Server 6.1 Administration Console.

Therefore, the agent filter must be inserted into the web.xml file as explained in the following steps to protect the Administration Console. Without the filter element, you can log in to the Administration Console and perform normal operations, but the logout button will not function.

Note –

The agent filter should be the last filter executed in sequence. Therefore, ensure that you insert the agent filter after all other filters in the web.xml file.

To Install the Agent Filter for the WebSphere Application Server 6.1 Administration Console

Change to the following directory:
```
DeployContainer-base/profiles/profile name/config/cells/cell
name/applications/isclite.ear/deployments/isclite/isclite.war/WEB-INF/
```
where DeployContainer-base represents the directory within which the WebSphere Application Server 6.1 instance was installed.

Create a back up of the web.xml file.

Insert the agent filter into the file.

Ensure that the agent filter that you add is the last filter to be executed in sequence. The example shows an excerpt of the web.xml file before the agent filter is added:

<filter>
     <filter-name>WSCUrlFilter</filter-name>
     <filter-class>com.ibm.ws.console.core.servlet.WSCUrlFilter</filter-class>
</filter>
<filter-mapping>
     <filter-name>WSCUrlFilter</filter-name>
     <servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
	<filter-name>WSCUrlFilter</filter-name>
     <url-pattern>/federatedlogoff</url-pattern>
</filter-mapping>

The example shows the agent filter in bold text:

<filter>
     <filter-name>WSCUrlFilter</filter-name>
     <filter-class>com.ibm.ws.console.core.servlet.WSCUrlFilter</filter-class>
</filter>
<filter>
     <filter-name>Agent</filter-name>
     <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
</filter>

<filter-mapping>
     <filter-name>WSCUrlFilter</filter-name>
     <servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
	<filter-name>WSCUrlFilter</filter-name>
     <url-pattern>/federatedlogoff</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
 </filter-mapping>