Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 8.1

Previous: Common Post-Installation Steps for All J2EE Agents in Policy Agent 2.2
Next: Conditional Post-Installation Steps for J2EE Agents in Policy Agent 2.2

Post-Installation Steps Specific to Agent for Sun Java System Application Server 8.1

Once you have installed Policy Agent 2.2 for Sun Java System Application Server 8.1 and you have performed the post-installation steps that apply to all J2EE agents in the Policy Agent 2.2 release, complete the following agent-specific steps.

Installing the Agent Filter for the Deployed Application on Agent for Sun Java System Application Server 8.1

The agent filter can be installed by modifying the deployment descriptor of each application to be protected.

To Install the Agent Filter for the Deployed Application on Agent for Sun Java System Application Server 8.1

The following steps explain how to install the agent filter for an application you want the agent to protect.

Ensure that the application is not currently deployed on Sun Java System Application Server 8.1.

If it is currently deployed, remove it before proceeding any further.

Create the necessary backups before proceeding to modify these descriptors.

Since you will modify the deployment descriptor in the next step, creating backup files at this point is important.

Edit the application's web.xml descriptor as follows:

Set the <DOCTYPE> element as shown in the following code example:

<!DOCTYPE web-app version="2.4"
 xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

Sun Java System Application Server 8.1 supports the Java Servlet Specification version 2.4.

Note that Servlet API version 2.4 is fully backward compatible with version 2.3. Therefore, all existing servlets should work without modification or recompilation. For more information, see, the Sun Java System Application Server Developer's Guide.

Edit the application's web.xml descriptor.

Add the <filter> elements in the deployment descriptor. Do this by specifying the <filter>, <filter-mapping>, and <dispatcher> elements immediately following the description element of the <web-app> element in the descriptor web.xml. The following code example displays a sample web.xml descriptor with the <filter>, <filter-mapping>, and <dispatcher> elements added.

<web-app>
..
..	
<filter>
        <filter-name>Agent</filter-name>
        <filter-class> com.sun.identity.agents.filter.AmAgentFilter </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Agent</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>
..
..
</web-app>

Next Steps

You have the option of protecting your application with J2EE declarative security. For more information, seeEnabling Web-Tier Declarative Security in J2EE Agents.

Furthermore, you can learn more about protecting your application with J2EE declarative security by deploying the sample application. Visit the PolicyAgentBase/sampleapp directory to learn how to build and deploy an application. The sampleapp application is by no means a full fledged J2EE application. Rather it is a simple application that provides you with a quick reference to application specific deployment descriptors and various deployment modes of a J2EE agent. Once you successfully deploy sampleapp and test all of its features, you can use it as a reference to other applications that will be protected by the J2EE agent.

Once the web.xml deployment descriptor is modified to reflect the new <DOCTYPE> and <filter> elements, the agent filter is added to the application. You can now redeploy your application on Sun Java System Application Server 8.1.

Note –

Ensure that role-to-principal mappings in container specific deployment descriptors are replaced with Access Manager roles or principals. You can retrieve Access Manager roles or principals for Access Manager 7 by issuing the agentadmin --getUuid command. For more information on the agentadmin --getUuid command, see agentadmin --getUuid.

You can also retrieve the universal ID for the user (UUID) using Access Manager 7 Console to browse the user profile.