Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents

How J2EE Agents Work

All J2EE agents communicate with OpenSSO Enterprise by XML over HTTP. J2EE agents contain two main components: the agent realm and the agent filter. Together, these two components affect the operation of the deployment container and the behavior of protected applications on the deployment container.

Policy Decision Process for J2EE Agents

The figure that follows is a flow chart of the policy decision process for J2EE agents. This figure illustrates how a single request is processed. The chart is useful in that it demonstrates to some degree how J2EE agents function.

The chart illustrates possible scenarios that can take place when an end user makes a request for a resource. Therefore, the end user points a browser to a URL. That URL is a resource, such as a JPEG image, HTML page, JSP page, etc. When a resource is under the sphere of influence of the J2EE agent, the agent intervenes to varying degrees, depending on the specifics of the situation, checks the request, and takes the appropriate action, which culminates with the user either being allowed or denied access to the resource. The chart reflects the potential paths a request makes before finally being allowed or denied. Moreover the chart illustrates how the filter mode is involved in the resource-request process.

You can see how this J2EE agent-specific flow chart compares to the web agent flow chart as illustrated in Examples of the Policy Decision Process by Agent Type. The comparison gives a sense of how the two agent types differ in how they handle requests for resources.

Figure 2–1 J2EE Agents and the Policy Decision Process

This figure is a flow chart of the policy decision process
for a J2EE agent.