Table of Contents
Advertisement
Installing the J2EE Agents
1
Access Manager currently has J2EE agents for JBoss*, WebLogic*, and WebSphere* servers. The
agents can be installed on Linux, Windows* and AIX* platforms.
The J2EE Agents allow you to use roles and other types of policies to restrict access to specific
application modules and Enterprise JavaBeans. These agents leverage the Java Authentication and
Authorization Service (JAAS) and Java Authorization Contract for Containers (JACC) standards for
Access Manager-controlled authentication and authorization to Java Web applications and
Enterprise JavaBeans.
NOTE: You cannot upgrade J2EE Agents from version 3.0 to 3.1. You must perform a fresh
installation of the 3.1 version of J2EE Agents.
This section has the following information:
Section 1.1, "Overview of J2EE Agents," on page 11
Section 1.2, "Prerequisites," on page 12
Section 1.3, "Installing the J2EE Agent on JBoss," on page 13
Section 1.4, "Installing the J2EE Agent on WebSphere," on page 21
Section 1.5, "Installing the J2EE Agent on WebLogic," on page 30
Section 1.6, "Verifying If a J2EE Agent Is Installed," on page 42
Section 1.7, "Uninstalling a J2EE Agent," on page 43
1.1 Overview of J2EE Agents
Users of application servers, such as J2EE servers, commonly fall into one of three abstract roles:
buyer, seller, or administrator. For example, a rental car company might apply a variety of Enterprise
JavaBeans* (EJB) components that offer different products and services to clients. One service
could be a specific component that enables a Web-based reservation process. In this case, the
customer could access a Web site to reserve a rental car. The seller could access a site that provides a
list of available cars and prices. Then the administrator could access a site that tracked inventory and
maintenance schedules. These components provide the basic business services for the application to
function and the tasks they accomplish require a security policy to enforce appropriate use of such
services.
Using the deployment descriptors, the application developer can set up a method to protect the
components by using abstract security role names. For example, there can be a role called Service
Representative, which protects the component that creates a rental agreement. Similarly, there can
be a role called Approver, which protects the component that approves the agreement. Although
these roles convey the intent of the application vendor or developer to enforce such security policies,
they are not useful unless these abstract role names are mapped to real life principals such as actual
users or actual roles.
Installing the J2EE Agents
1
11
Advertisement
Chapters
Table of Contents
