An easy way to install, configure, and deploy the Sun Java System Access Manager

Source: Internet
Author: User
Tags auth config file size web services glassfish java web

Sun Java System 7.1, which is referred to as Access Manager, integrates authentication and authorization services, policy agents, identity management, and identity unions to protect network resources. This allows you to provide security for resource access, D D D, and to manage the identities of the users who access those resources.

Access Manager can be deployed on most platforms that conform to the Java Servlet 2.3 API specification and on most containers (that is, most WEB servers or application servers). D D D But this is not always the case; see appendix.

This article describes a simple and efficient way to install, configure, and deploy Access Manager on the Sun Java System Application Server (hereinafter referred to application server), Application server It is also an open source project called GlassFish. Generally speaking, it takes no more than 10 minutes to complete the process, so it is particularly handy for prototypes.

First, please download the following software:

Sun application Server Platform Edition 9.0 or later derived from GlassFish

Access Manager

The ZIP file contains the Java Development Kit (JDK) version of the Web Archive (WAR) file, the Distributed authentication application, the administrative command-line interface (CLI) tool, the session failover tool, the legal file, and the process of running the sample. Unzip the file to the selected directory, which is called Access_manager_install_dir in the remainder of this article. Figure 1 shows the file structure for this directory.

Figure 1:access Manager's file structure

The main difference between JDK14 and jdk15 binaries is file size. Sun's JDK 1.5.x includes most Java archive (JAR) files for the Java Web Services Developer Pack (Java WSDP), but these files are not running under Sun JDK 1.5.x The components of the Access Manager for the container. The example in this article will use the Amserver.war file under Access_manager_install_dir/applications/jdk15.

Configuring the Application Server

If you have enabled security Manager in the Java virtual machine, you need to add the associated permissions for access Manager to the Server.policy file in application Server, as shown below.

//Additions for Access Manager


Grant CodeBase "file:${com.sun.aas.instanceroot}/applications/j2ee-modules/amserver/-" {


permission Java.net.SocketPermission "*", "connect,accept,resolve";


permission Java.util.PropertyPermission "*", "read, write";


permission Java.lang.RuntimePermission "Modifythreadgroup";


permission Java.lang.RuntimePermission "Setfactory";


permission Java.lang.RuntimePermission "accessclassinpackage.*";


Permission Java.util.logging.LoggingPermission "Control";


permission Java.lang.RuntimePermission "Shutdownhooks";


permission Javax.security.auth.AuthPermission "Getloginconfiguration";


permission Javax.security.auth.AuthPermission "Setloginconfiguration";


permission Javax.security.auth.AuthPermission "Modifyprincipals";


permission Javax.security.auth.AuthPermission "createlogincontext.*";


permission Java.io.FilePermission "<<all files>>", "Execute,delete";


permission Java.util.PropertyPermission "Java.util.logging.config.class", "write";


permission Java.security.SecurityPermission "Removeprovider.sun";


permission Java.security.SecurityPermission "Insertprovider.sun";


permission Javax.security.auth.AuthPermission "DoAs";


Permission Java.util.PropertyPermission "Java.security.krb5.realm", "write";


permission Java.util.PropertyPermission "JAVA.SECURITY.KRB5.KDC", "write";


permission Java.util.PropertyPermission "Java.security.auth.login.config", "write";


permission Java.util.PropertyPermission "User.language", "write";


permission Javax.security.auth.kerberos.ServicePermission "*", "accept";


permission Javax.net.ssl.SSLPermission "Sethostnameverifier";


permission Java.security.SecurityPermission "Putproviderproperty.iaik";


permission Java.security.SecurityPermission "Removeprovider.iaik";


permission Java.security.SecurityPermission "Insertprovider.iaik";


};


//End of additions for Access Manager

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.