• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Authentication using Sun Access Manager 7 and webmethods portal

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm trying to figure out how to use Sun Access Manager 7 (realms, policies). I deployed a web app on a webMethods server and I want to control access to the resources inside the web application.

I'm able to authenticate a user programmatically using the AuthContext class but I'm thinking this could be done automatically. I thought that the answer would be found in the policy agents, but they only exist for other servers (weblogic, websphere, etc).

Also, if I access my server like this: http://localhost/MyApp/login.jsp, what would MyApp be inside the Access Manager Console? A realm, a policy?

Any help would be appreciated, thanks!
 
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Bob,
There are two types of Sun Policy Agent.

1. URL Policy Agent (URL based)
2. J2EE Policy Agent (Realm based)

You can install URL Policy Agent on any supported web server and deploy the application on Web Methods.

Hope this helps,

Thanks,
Raj
 
ben thompson
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by raj sekar:

1. URL Policy Agent (URL based)
You can install URL Policy Agent on any supported web server and deploy the application on Web Methods.

Raj



Hi Raj,

Still a bit confused because I can't find a URL policy agent.

If you look at the agents on http://www.sun.com/download/index.jsp?cat=Identity%20Management&tab=3, those are J2EE Policy agents, right?

Other documentation I have found makes me think the URL policy agent is in the Sun Access Manager Console, under Policies (which I then have to define), would that be right?

Thanks.
 
raj sekar
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ben,
Check the sun docs on URL Agent (Web Agent) and J2ee Agent.

http://docs.sun.com/app/docs/doc/819-2143

Thanks,
Raj
 
raj sekar
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
http://docs.sun.com/app/docs/doc/819-2143/6n4f0tger?a=view

Web Agents

Web agents control access to content on web servers and proxy servers. The content that web agents can protect include a multitude of services and web resources based on policies configured by an administrator. When a user points a browser to a URL deployed on a protected web or proxy server, the agent intercepts the request and validates the user�s session token, if any exists. If the token�s authentication level is insufficient (or none exists), the appropriate Authentication Service is called for a login page, prompting the user for (further) authentication. The Authentication Service verifies that the user credentials are valid. For example, the LDAP service verifies that the user name and password are stored in an LDAP v3 compliant directory server, such as Sun Java System Directory Server. After the user�s credentials are properly authenticated, the agent examines all the roles and groups (which contain the policies) assigned to the user. Based on the aggregate of all policies assigned to the user, the individual is either allowed or denied access to the URL.
J2EE Agents

Access Manager provides agents for protecting J2EE applications in a variety of deployment containers, such as application and portal servers.

A J2EE policy agent can be installed for protecting a variety of hosted J2EE applications, which might require a varying set of security policy implementation. The security infrastructure of J2EE provides declarative as well as programmatic security that are platform-independent and are supported by all the J2EE-compliant servers. For details on how to use J2EE platform declarative as well as programmatic security, refer to J2EE documentation at http://java.sun.com/j2ee.

The agent helps enable role-to-principal mapping for protected J2EE applications with Access Manager principals. Therefore, at runtime, when a J2EE policy is evaluated, the evaluation is against the information available in Access Manager. Using this functionality, you can configure hosted J2EE applications so that they are protected by the J2EE agent, which provides real security services and other key features such as single sign-on. Apart from enabling J2EE security for hosted applications, J2EE agents also provide complete support for Access Manager based URL policies for enforcing access control over web resources hosted in deployment containers, such as an application servers.

While web agents and J2EE agents both work with Access Manager to implement authentication and authorization processes, the design of the J2EE agents allows them to also enforce J2EE security. The J2EE agents are generally comprised of two components (although this is partially subject to the interfaces exposed and supported by the deployment container): an agent filter for authentication and an agent realm for authorization.
 
ben thompson
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, I just can't see how to tie it up with WebMethods. Every download of the "Sun Java System Access Manager Policy Agent 2.2" is for a specific server and, again, I can't see which one to use or how to use it with WebMethods.

Thanks
 
raj sekar
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Bob,
Check with Sun Support team. They will esculate the issue to engineering to create a Policy Agent for Web Methods.

Other options is to use the Policy Agent jar files and create a custom Policy Agent for web methods. You need understand how the policy agent works.

I have done some customization to the oracle policy agent 2.1.

Thanks,
Raj
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic