In this mode, the agent filter and agent realm work together with variousOpenSSO Enterprise services to ensure the correct evaluation of J2EE policies.
You can set these policies either in the application's deployment descriptors or, in cases where the application uses the J2EE programmatic security APIs, in the application code. URL policies that are defined in OpenSSO Enterprise do not take effect in this mode. If the application uses declarative security in the Web tier, you must configure the agent to enable that feature. See Enabling Web-Tier Declarative Security in J2EE Agents for more information on how to enable this feature. While running in the J2EE_POLICY mode, the Policy Agent ensures that the security principal is set in the system for all authorized accesses.