How J2EE Agents Work

All J2EE agents communicate with Access Manager by XML over HTTP. J2EE agents tend to contain two main components. While many agents contain an agent realm, Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 does not. This agent consists of an agent filter and a JAAS based login module.

Together, these two components affect the operation of the deployment container and the behavior of protected applications on the deployment container.

• JAAS Based Login Module

  Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 implements the login modules as follows:

  SAP Enterprise Portal 7.0

  AmSAPEP70LoginModule

  SAP Web Application Server 7.0

  AmSAPWASLoginModule

  The login module validates the SSO token issued by Access Manager and establishes the principal in the SAP Enterprise Portal 7.0 or SAP Web Application Server 7.0 by invoking a container specific API.

• Agent Filter

  The agent filter is installed within the protected application and facilitates the enforcement of the security policies, governing the access to all resources within the protected application. Every application protected by the agent must have its deployment descriptors changed to reflect that it is configured to use the agent filter.

  The JAAS based login module and the agent filter work in tandem with Access Manager to enforce J2EE security policies as well as Access Manager based URL policies for authentication and authorization of clients attempting to access protected J2EE applications.

  The agent provides a fully configured and ready-to-use client installation of Access Manager SDK for the deployment container. This SDK offers a rich set of APIs supported by Access Manager that can be used to create security-aware applications that are tailored to work in the security framework offered by Access Manager. For more information on how to use Access Manager SDK, see Sun Java System Access Manager 7 2005Q4 Developer’s Guide.