58.3 Preparing Your Environment for JBoss 6.x Integration

You can integrate JBoss Enterprise Application Platform (EAP) 6.x Application Server with Oracle Access Manager.

It includes information regarding the Access Manager Access SDK and JBoss Agent.

  1. Check the latest support information on:

  2. Host 1: Install Access Manager as described in .

  3. Host 2:

    1. Install JBoss EAP 6.x Application Server, as described in your JBoss installation guide.

    2. Set JAVA_HOME environment variable.

    3. Edit JBoss standalone.xml/domain.xml to change host from to For example:





  4. Host 2: install the Access Manager Access SDK, as described in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

  5. Host 2: create a Global module. For example:

    1. Create a directory at JBoss_install_directory\modules\system\layers\base\mymodule\main

    2. Create module.xml:

      <?xml version="1.0" encoding="UTF-8"?><module xmlns="urn:jboss:module:1.1" name="mymodule">    <resources>        <resource-root path="j2eeagent.jar"/>        <resource-root path="oamasdk-api.jar"/>        <resource-root path="jbossweb-service.jar"/>        <resource-root path="jps-api.jar"/>    </resources>    <dependencies>        <module name="javax.servlet.api"/>        <module name ="javax.xml.bind.api"/>        <module name="org.jboss.logging"/><module name="javax.api"/><module name="org.jboss.as.web"/>   </dependencies></module>
  6. Host 2: install the OAM JBoss Agent.

    1. Download the JBoss Agent ZIP file and extract the files.

      For supported JBoss EAP 6.x versions, the JBoss agent is supplied as JAR files in patch 19440119. Download the referenced patch from My Oracle Support at http://support.oracle.com/.

    2. From the /agentconfig/oam_config.properties file, copy oam-authenticatorvalve.jar and j2eeagent.jar to JBoss_install_directory\modules\system\layers\base\mymodule\mainDownload the JBossWeb jar from http://www.java2s.com/Code/JarDownload/jbossweb/jbossweb-service.jar.zip and copy it's jbossweb-service.jar to JBoss_install_directory\modules\system\layers\base\mymodule\main

  7. Host 2: configure the Global module

    1. Open jboss_install_directory/standalone/configuration/standalone.xml(for standalone) or domain.xml (for multi structure)

    2. Under “jboss:domain:ee" subsystem, add below line:

               <module name="mymodule" slot="main"/>
  8. Proceed to "Protecting JBoss-Specific Resources" and do the following procedures.

    1. "Registering the JBoss Agent with Automatic Policy Creation"

    2. "Creating a Custom Policy for JBoss Resource Protection"

  9. Proceed to "Protecting Web Applications with the JBoss Agent" and do the following procedures.

    1. "Creating Configuration Properties for the JBoss Agent"

    2. "Mapping the Filter in the Application's web.xml File"

  10. Configure the JBoss Login Module to use Access Manager policies.

    1. Open jboss_install_directory/standalone/configuration/standalone.xml(for standalone) or domain.xml (for multi structure)

    2. Under the “jboss:domain:security" subsystem, add a new security-domain as follows:

      <security-domain name="oamrealm" cache-type="default">
        <login-module code="oracle.security.am.agent.common.
         jaas.login.OAMLoginModule" flag="required">
          <module-option name="loginType" value="tokenBased"/>
          <module-option name="configPath" 
          <module-option name="publicAuthnResourceName" value="/Authen/Basic"/>
          <module-option name="rolesParam" value="OAM_GROUPS"/>
          <module-option name="publicAuthzResourceName" 
    3. Deploy the application.

    4. Start JBoss using the following command:



  • Valve is not currently supported at the Global level.

  • The JBoss agent codebase libraries are not updated during this procedure.

  • Role based authorization in EJB is not working in EAP when trying to create the authentication token on the client side via OAMLoginModule and trying to propagate the authentication token to the JBoss server via the ClientLoginModule class.