An easy way to install, configure, and deploy the Sun Java System Access Manager

Sun Java System 7.1, which is referred to as Access Manager, integrates authentication and authorization services, policy agents, identity management, and identity unions to protect network resources. This allows you to provide security for resource access, D D D, and to manage the identities of the users who access those resources.

Access Manager can be deployed on most platforms that conform to the Java Servlet 2.3 API specification and on most containers (that is, most WEB servers or application servers). D D D But this is not always the case; see appendix.

This article describes a simple and efficient way to install, configure, and deploy Access Manager on the Sun Java System Application Server (hereinafter referred to application server), Application server It is also an open source project called GlassFish. Generally speaking, it takes no more than 10 minutes to complete the process, so it is particularly handy for prototypes.

First, please download the following software:

Sun application Server Platform Edition 9.0 or later derived from GlassFish

Access Manager

The ZIP file contains the Java Development Kit (JDK) version of the Web Archive (WAR) file, the Distributed authentication application, the administrative command-line interface (CLI) tool, the session failover tool, the legal file, and the process of running the sample. Unzip the file to the selected directory, which is called Access_manager_install_dir in the remainder of this article. Figure 1 shows the file structure for this directory.

Figure 1:access Manager's file structure

The main difference between JDK14 and jdk15 binaries is file size. Sun's JDK 1.5.x includes most Java archive (JAR) files for the Java Web Services Developer Pack (Java WSDP), but these files are not running under Sun JDK 1.5.x The components of the Access Manager for the container. The example in this article will use the Amserver.war file under Access_manager_install_dir/applications/jdk15.

Configuring the Application Server

If you have enabled security Manager in the Java virtual machine, you need to add the associated permissions for access Manager to the Server.policy file in application Server, as shown below.

//Additions for Access Manager


Grant CodeBase "file:${com.sun.aas.instanceroot}/applications/j2ee-modules/amserver/-" {


permission Java.net.SocketPermission "*", "connect,accept,resolve";


permission Java.util.PropertyPermission "*", "read, write";


permission Java.lang.RuntimePermission "Modifythreadgroup";


permission Java.lang.RuntimePermission "Setfactory";


permission Java.lang.RuntimePermission "accessclassinpackage.*";


Permission Java.util.logging.LoggingPermission "Control";


permission Java.lang.RuntimePermission "Shutdownhooks";


permission Javax.security.auth.AuthPermission "Getloginconfiguration";


permission Javax.security.auth.AuthPermission "Setloginconfiguration";


permission Javax.security.auth.AuthPermission "Modifyprincipals";


permission Javax.security.auth.AuthPermission "createlogincontext.*";


permission Java.io.FilePermission "<<all files>>", "Execute,delete";


permission Java.util.PropertyPermission "Java.util.logging.config.class", "write";


permission Java.security.SecurityPermission "Removeprovider.sun";


permission Java.security.SecurityPermission "Insertprovider.sun";


permission Javax.security.auth.AuthPermission "DoAs";


Permission Java.util.PropertyPermission "Java.security.krb5.realm", "write";


permission Java.util.PropertyPermission "JAVA.SECURITY.KRB5.KDC", "write";


permission Java.util.PropertyPermission "Java.security.auth.login.config", "write";


permission Java.util.PropertyPermission "User.language", "write";


permission Javax.security.auth.kerberos.ServicePermission "*", "accept";


permission Javax.net.ssl.SSLPermission "Sethostnameverifier";


permission Java.security.SecurityPermission "Putproviderproperty.iaik";


permission Java.security.SecurityPermission "Removeprovider.iaik";


permission Java.security.SecurityPermission "Insertprovider.iaik";


};


//End of additions for Access Manager