Configuring Policy Agent
The standard way to secure a web application is to install Access Manager's Policy Agent on a web server or an application server, and the agent protects the defined resources on the container. It is necessary to change the configuration file for the Policy Agent. Change the username and password that the agent uses to connect to the Access Manager. For Web Server 6.1 on Solaris, see Updating the Agent Profile Name and the Agent Profile Password in Web Agents in Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Web Server 6.1.
For more information, see Sun Java System Access Manager Policy Agent 2.2 User’s Guide and Sun Java System Access Manager 7.1 documentation collection at http://docs.sun.com/app/docs/coll/1292.2.
To Configure Policy Agent for Web Server 6.1 on Solaris
10 11/06
-
Go to the config directory.
cd /etc/opt/SUNWam/agents/es6/config/...instance.../
-
Edit the AMAgent.properties file.
-
Create a user name that you will use to log in to Access Manager. For example, com.sun.am.policy.am.username = amAdmin.
-
Check the settings com.sun.am.naming.url and com.sun.am.policy.am.login.url .
The settings should point to the URLs where the naming service and login pages of Access Manager are available.
-
Go to the bin directory.
cd /opt/SUNWam/agents/bin
-
Encrypt the password for the user by using the crypt_util utility. For example, crypt_util secretPassword.
Note –The crypt_util utility is part of the Access Manager installation.
-
Edit the AMAgent.properties file again to set a password for the user name that you created in Step 3. Use the hash generated by crypt_util. For example, com.sun.am.policy.am.password = XFC3z18nqMEgWbnshtNfwQ==
For more information, see Sun Java System Access Manager Policy Agent 2.2 User’s Guide and Sun Java System Access Manager 7.1 Documentation Collection.
Example of a Protected JSP Page
The following code illustrates a JavaServer Page (JSP) with the login and logout functionality. This page has a section that can be viewed only by authenticated users. This code uses the Single Sign On interface of Access Manager.
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="com.iplanet.sso.*"%>
<h1>AuthTest</h1>
<p>
<a href="http://ipp-node11.czech.sun.com/amserver/UI/Login?org=dc%3Dczech%2C
dc%3Dsun%2Cdc%3Dcom&goto=/test.jsp&gotoOnFail=/error.jsp">Login</a>
|
<a href="http://ipp-node11.czech.sun.com/amserver/UI/Logout?
goto=/test.jsp">Logout</a>
</p>
<%
SSOTokenManager ssoManager = SSOTokenManager.getInstance();
SSOToken ssoToken = null;
String orgName = "";
boolean ok = false;
try{
ssoToken = ssoManager.createSSOToken(request);
}
catch(Exception e) {
out.write("<p>Exception! "+e+"</p>");
}
if (ssoToken != null && ssoManager.isValidToken(ssoToken)) {
%>
<p>Access allowed!</p>
<%
}
else {
%>
<p>Access denied!</p>
<%
}
%>
In the above code, the login and logout links use the web interface of Access Manager to verify the username and password of users. The remaining part of the code checks if the HTTP request contains a valid SSO token. If a valid SSO token is found, the user is authenticated and access is allowed.
For more details, see the following guides:
- © 2010, Oracle Corporation and/or its affiliates