How to Install GlassFish Then Policy Agent 3.0

This entry describes how to install GlassFish as a container for content to be protected by Policy Agent 3.0 (Agent for Application Server 9.0) on a Solaris 10 (SPARC) machine. I also provide the instructions for installing the agent and performing some preliminary agent configuration. These instructions are related to the instructions I already provided in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6.

NOTE TO READER: If you see anything that isn't clear or is outright incorrect, don't hesitate to leave a comment. I'll try to straighten it out.

Also, in this blog, you can bring up a list of blog entries with instructions for this deployment. This deployment is all on one machine (on Solaris 10) and inlcudes OpenSSO server on Tomcat 6.x with the Application Server 9.0 agent on GlassFish server. This will probably include other configurations, too, such as deploying the sample application and more. Click the following link:
Blog entires related to the deployment: Tomcat for OpenSSO & GlassFish for GlassFish agent

The How-to Information I'm Providing

About Tomcat, GlassFish, OpenSSO (FAM 8.0), and Policy Agent 3.0:
  1. Installed Tomcat 6.x on Solaris 10 (SPARC) and then OpenSSO on top of that. See this blog entry.
  2. The blog entry (you're reading now) is about installing GlassFish on the same machine used for step 1 and then installing the GlassFish agent, a J2EE agent, which is also referred to as appserver_v9_agent.
  3. In a blog entry in the near future, I hope to describe more about how to set up the J2EE agent sample application. Actually, Sean Brydon has written up quite a bit about installing the agent and the sample application, see this link here, and for lots of details on installing the J2EE agent sample application, see this link here. The tasks Sean describes are on earlier builds of OpenSSO and the agent, but the concepts are clear.
All of the how-to info I'm providing is in reference to one machine. I've installed it all on one machine.
  • Tomcat 6.x is the J2EE container for OpenSSO
  • GlassFish is the J2EE container protected by the Sun Java System Application Server agent (the GlassFish agent)
I refer to the one machine in various ways, depending upon which server I'm focusing on at that moment. For example, you'll see all of the following:

Tomcat:
  • http://TomcatHost.example.com:8080/
  • http://OpenssoHost.example.com:8080/opensso
GlassFish:
  • http://GlassFishHost.example.com:4848
  • http://AgentHost.domain:8090

Just know, that for my instructions, all the URLs are served from the same machine, even though the host name is shown differently.

To Install GlassFish

This task description explains how to install GlassFish as an eventual container for Policy Agent 3.0 (Agent for Application Server 9.0) on a Solaris SPARC machine. This is with the assumption that OpenSSO is already running on this machine on Tomcat 6.x as I described in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6.
  1. Set the JAVA_HOME or JRE_HOME variable.
    For my environment (using the Bourne shell a.k.a "sh" shell), I did the following:
    1. Issue the following command:
      # JRE_HOME=/usr/jdk/instances/jdk1.5.0
    2. Issue the following command:
      # export JRE_HOME
    3. Issue the following command:
      # env
      This allows you to ensure that the JRE_HOME variable is set in the list of environment variables.

  2. Make a directory for the GlassFish installation.
    For example, from the root directory:
    # mkdir pa3gf
    That directory means Policy Agent 3.0 for GlassFish.

  3. Using a browser, download glassfish-installer-v2ur2-b04-sunos.jar from
    http://www.java.net/download/javaee5/v2ur2/promoted/SunOS/glassfish-installer-v2ur2-b04-sunos-ml.jar
    to the pa3gf directory.

    I downloaded the GlassFish build listed above. However, more options for GlassFish builds are listed here:
    https://glassfish.dev.java.net/public/downloadsindex.html

  4. Using the command line, extract the file using: 
    # java -Xmx256m -jar
    glassfish-installer-v2ur2-b04-sunos.jar
    A license agreements appears.

  5. Accept the agreement
    1. Scroll and read through the agreement (In a perfect a world at least).
    2. Click Accept.
    This creates a glassfish directory with everything inside.

  6. Change into the glassfish directory.

  7. (Conditional) If the GlassFish host has another server on it running on port 8080, change the GlassFish port number as described in the substeps that follow.

    I'm installing GlassFish to host the agent. I already have Tomcat 6.x installed on port 8080. By default Glassfish attempts to use port 8080. If 8080 is being used already, the GlassFish installation will not be complete.  Therefore, this task describes how to change the default port of 8080 to 8090.

    1. Open the setup.xml file with a text editor.
    2. Locate the following line:
      <property name="instance.port" value="8080"/>
    3. Change the port number to something else, such as 8090.
      I'm not sure what range of port numbers is acceptable for instance.port, but 8090 is definitely acceptable.

      If you wanted to change the GlassFish port number after the installation, you would not edit the setup.xml file but the domain.xml file. Here's an example location for that file:  /pa3gf/glassfish/domain1/config/domain.xml

  8. Run the two following commands: 
    • # chmod -R +x lib/ant/bin
    • # lib/ant/bin/ant -f setup.xml

  9. After a successful build, change to the glassfish/bin directory. For example:
    # cd
    pa3gf/glassfish/bin

  10. Issue the following command:
    # ./asadmin start-domain domain1

  11. Using a browser, verify the server is running by accessing http://AgentHost.domain:8090.
    You should get a Server Running page.

    I'm referring to this server as AgentHost because it will host the GlassFish agent.

  12. Login to GlassFish as admin (PW: adminadmin) by accessing the console at https://AgentHost.domain:4848.

To Create an Agent Password File

The location of this file is required and will be prompted for by the agent installer.
  1. Create an ACSII text file for the agent profile. The following is an example
    of such a text file: /pa3gf/gfagentpw

    I combined steps one and two by creating the file (gfagentpw) and adding the password (agent123) in a single command as follows (issued from the root directory):

    # echo agent123>>pa3gf/gfagentpw

  2. Using a text editor, enter the appropriate password in clear text on the first line of the file.
  3. Secure the  password file appropriately, depending on the requirements of your deployment.

To Create the Agent Profile in the OpenSSO Console

When I create the agent, I won't choose the option for the agent installer to create the agent profile for me automatically (agentadmin --custom-install), so I need to do this task myself.
  1. Using a browser, log in to OpenSSO Console as amAdmin.
    For me, I'm using the OpenSSO instance that I installed on Tomcat 6.0, which  I discussed in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6.
    In that entry, I refer to that machine as follows: http://TomcatHost.example.com:8080/
    Since the Tomcat host is now also the OpenSSO host, I'll be referring to it as OpenssoHost.
    The following two examples demonstrate potential formatting for the URL of the login page:
    • http://OpenssoHost.example.com:8080/opensso
    • http://FamHost.example.com:8080/fam
  2. Select Access Control tab>realmname (such as opensso)>Agents>J2EE
  3. In the Agent section, click New.
  4. Fill in the fields as appropriate:

    Field
    Example Value
    Name
    glassfishagent
    Password
    agent123
    Re-enter Password
    agent123
    Configuration
    Centralized
    Server URL http://OpenssoHost.example.com:8080/opensso
    Agent URL
    http://AgentHost.example.com:8090/agentapp
About the fields: Note the name and password you enter since you will need this info again. The password must be the same as the password in the agent password file. A centralized configuration is a key aspect to Policy Agent 3.0 and allows you to control the agent from the OpenSSO Console. For the Server URL, enter the info for the OpenSSO server. In this case, I'm using Tomcat 6.0, which  I discussed in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6. For the Agent URL, enter the info for the GlassFish server that you just installed with the port number for domain1, which for my scenario was port 8090.

To Install GlassFish Agent (appserver_v9_agent)

This task describes how to install the GlassFish agent, appserver_v9_agent on the GlassFish server.
  1. Download the Sun Java System Application Server 9 agent to the directory in which you want to unpack the agent binaries.

    I'm using nightly builds instead of "Stable Agent Builds," such as builds tested with OpenSSO V1 Build 4.5. For the agent, I wanted to use a June 29 build to match the date of the OpenSSO build I installed on Tomcat. However, that download was not working for me for some reason. So, instead, I got the June 30 download of this agent, at this location:
    http://download.java.net/general/opensso/nightly/20080630.1/j2eeagents/
    Anyway, you can download a build with which you're comfortable. Look here:
    https://opensso.dev.java.net/public/use/index.html

    By the way, I'm downloading the agent in to the following directory: /pa3gf

  2. Unzip the zip file.
    For example:
    # unzip appserver_v9_agent_3.zip

  3. Stop the GlassFish domain with the following command (from the root directory):
    # glassfish/bin/asadmin stop-domain domain1
    If you don't shutdown the domain before creating the agent, it will modify files.

  4. Change to the directory that contains the agentadmin utility. For example:
    # cd /pa3gf/
    j2ee_agents/appserver_v9_agent/bin

  5. Set the permissions for the agentadmin utility. For example:
    # chmod 755 agentadmin

  6. Start the agent installation. For example:
    # ./agentadmin --install

    I used ./agentadmin --install instead of ./agentadmin --custom-install.

  7. Complete the installation as described in the substeps that follow:
    1. Continually press enter to accept the various parts of the license agreement.

    2. Enter yes to accept the complete agreement.
      You must then answer the agent installer prompts. Many of your responses will be responses you provided when you created the agent profile.

    3. Respond to the following prompt:
      Enter the Application Server Config Directory Path
      [/opt/SUNWappserver/domains/domain1/config]:

      I responded with the following:
      /pa3gf/glassfish/domains/domain1/config

    4. Respond to the following prompt:
      Federated Access Manager URL:

      I responded with the name of the Tomcat server, on which I installed OpenSSO:
      http://OpenssoHost.example.com:8080/opensso

    5. Respond to the following prompt:
      Agent URL:

      I responded with the name of the GlassFish instance including the port for domain1:
      http://AgentHost.example.com:8090/agentapp

    6. Respond to the following prompt:
      Enter the Agent Profile name:

      I responded with the following:
      glassfishagent

    7. Respond to the following prompt:
      Enter the path to the password file:

      I responded with the following:
      /pa3gf/gfagentpw

      Then, a summary of your responses is displayed as such:

      -----------------------------------------------
      SUMMARY OF YOUR RESPONSES
      -----------------------------------------------
      Application Server Config Directory :
      /pa3gf/glassfish/domains/domain1/config
      Federated Access Manager URL :
      http://OpenssoHost.example.com:8080/opensso/
      Agent URL : http://AgentHost.example.com:8090/agentapp
      Agent Profile name : glassfishagent
      Agent Profile Password file name : /pa3gf/gfagentpw

      Verify your settings above and decide from the choices below.
      1. Continue with Installation
      2. Back to the last interaction
      3. Start Over
      4. Exit

    8. Respond to the following prompt by providing one of the options listed at the end of summary.
      Please make your selection [1}

      I responded with the following:
      1

To Deploy Applications on GlassFish

There are a few ways to deploy applications on GlassFish. This task shows the method I used. I deployed two applications at the same time. The agentapp.war file is used for housekeeping tasks. The agentsample.ear file is the J2EE agent sample application, which gives you the opportunity to practice protecting an application with the agent. Therefore, you can create policies and perform other tasks that control access to the application.  I plan to add a blog entry in the future about using the sample application, so I've decided to deploy it now.

  1. Copy the agentapp.war file and the agentsample.ear file to the GlassFish autodeploy directory. For example, from the root directory, I issued the following commands:

    # cp /pa3gf/j2ee_agents/appserver_v9_agent/etc/agentapp.war /pa3gf/glassfish/domains/domain1/autodeploy

    # cp /pa3gf/j2ee_agents/appserver_v9_agent/sampleapp/dist/agentsample.ear  /pa3gf/glassfish/domains/domain1/autodeployGlassfish Console: Left Pane

  2. Start the GlassFish server with the appropriate command. For example I issued the following command (from the root directory):
    # pa3gf/glassfish/bin/asadmin start-domain domain1

    When the domain starts, the two applications will deploy.

  3. Verify that the Application Server is running and the two applications were deployed as described in the substeps that follow:
    1. Using a browser, access http://GlassFishHost.example.com:4848
    2. Log in with the proper credentials. For example:
      User name: admin
      Password: adminadmin

  4. In the left pane, click the arrows next to the following labels:
    • Enterprise Applications
    • Web Applications

    You should see the two applications you just deployed, the agentsample and the agentapp, as illustrated in the image to the right.

    Now things are set for you to experiment with the sample application, which is what I'd like to get into soon myself. Hopefully, I'll be blogging about my travails with the sample application soon.

    As I mentioned at the beginning of this entry, Sean Brydon has written up quite a bit about the J2EE sample applicaton, the quick example is here and the detailed example is here.
Comments:

Great post, When will you publish a tutorial say abt how to install a j2ee agent against JBoss AS server. ;-)

Posted by Jeff Yu on July 21, 2008 at 02:55 PM PDT #

Well, I followed the steps that you described, there are some issues in it.

1. Instead of navigating "Access Control tab>realmname (such as opensso)>Agents>J2EE", I am finding it thru "Configuration > Agents >J2EE". I am using opensso Build 4. Might be changed in Build4.5?

2. After deploying the agentapp, I can see them deployed successfully in the Glassfish console, but when I am accessing the url of ..:8090/agentapp, I got following error:
--------------------
HTTP Status 403 -

type Status report

message

descriptionAccess to the specified resource () has been forbidden.
Sun Java System Application Server 9.1_01
------------------------------------

Any clues?

Thanks
Jeff

Posted by Jeff Yu on July 21, 2008 at 04:25 PM PDT #

Jeff:

I checked out your blog and saw your entry on JBoss & OpenSSO. Actually, I have no plans to deploy this combo. I'm intrigued, but for now I'll stay with the OpenSSO containers that I'm familiar with and focus on agents, which is the software for which I write documentation.

About your two points:

1. You are correct about the OpenSSO Console navigation to the agents being different from build 4 to 4.5. The navigation you described is accurate for build 4.

2. About agentapp,
It is not uncommon for applications to have URLs that do not provide meaningful content. The agentapp is one such application. The agentapp URL, such as http://AgentHost.example.com:8090/agentapp, does not provide a valid link, which is expected and appropriate in this case.

AGENTAPP BACKGROUND INFO
The agent application (agentapp) is a housekeeping application used by the agent for notifications and other internal functionality. This application is bundled with the agent binaries. Once this application is deployed, administrators and others should not interact with it.

The agentapp application has to be deployed as a post installation step. In order for the agent to function correctly, this application must be deployed on the agent-protected deployment container instance.
-------------------------------------
By the way, if you want to access an application, you can deploy the agentsample application and then go to its URL. This way you can try out the OpenSSO and policy agent working together to protect an application.

Thanks, hope this helps,
John D.

Posted by John Domenichini on July 22, 2008 at 05:17 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

What does this box do?

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today