Monday Jul 21, 2008

How to Install GlassFish Then Policy Agent 3.0

This entry describes how to install GlassFish as a container for content to be protected by Policy Agent 3.0 (Agent for Application Server 9.0) on a Solaris 10 (SPARC) machine. I also provide the instructions for installing the agent and performing some preliminary agent configuration. These instructions are related to the instructions I already provided in the following entry:

NOTE TO READER: If you see anything that isn't clear or is outright incorrect, don't hesitate to leave a comment. I'll try to straighten it out.

Also, in this blog, you can bring up a list of blog entries with instructions for this deployment. This deployment is all on one machine (on Solaris 10) and inlcudes OpenSSO server on Tomcat 6.x with the Application Server 9.0 agent on GlassFish server. This will probably include other configurations, too, such as deploying the sample application and more. Click the following link:
Blog entires related to the deployment: Tomcat for OpenSSO & GlassFish for GlassFish agent

The How-to Information I'm Providing

About Tomcat, GlassFish, OpenSSO (FAM 8.0), and Policy Agent 3.0:
  1. Installed Tomcat 6.x on Solaris 10 (SPARC) and then OpenSSO on top of that. See this blog entry.
  2. The blog entry (you're reading now) is about installing GlassFish on the same machine used for step 1 and then installing the GlassFish agent, a J2EE agent, which is also referred to as appserver_v9_agent.
  3. In a blog entry in the near future, I hope to describe more about how to set up the J2EE agent sample application. Actually, Sean Brydon has written up quite a bit about installing the agent and the sample application, see this link here, and for lots of details on installing the J2EE agent sample application, see this link here. The tasks Sean describes are on earlier builds of OpenSSO and the agent, but the concepts are clear.
All of the how-to info I'm providing is in reference to one machine. I've installed it all on one machine.
  • Tomcat 6.x is the J2EE container for OpenSSO
  • GlassFish is the J2EE container protected by the Sun Java System Application Server agent (the GlassFish agent)
I refer to the one machine in various ways, depending upon which server I'm focusing on at that moment. For example, you'll see all of the following:

  • http://AgentHost.domain:8090

Just know, that for my instructions, all the URLs are served from the same machine, even though the host name is shown differently.

To Install GlassFish

This task description explains how to install GlassFish as an eventual container for Policy Agent 3.0 (Agent for Application Server 9.0) on a Solaris SPARC machine. This is with the assumption that OpenSSO is already running on this machine on Tomcat 6.x as I described in the following entry:
  1. Set the JAVA_HOME or JRE_HOME variable.
    For my environment (using the Bourne shell a.k.a "sh" shell), I did the following:
    1. Issue the following command:
      # JRE_HOME=/usr/jdk/instances/jdk1.5.0
    2. Issue the following command:
      # export JRE_HOME
    3. Issue the following command:
      # env
      This allows you to ensure that the JRE_HOME variable is set in the list of environment variables.

  2. Make a directory for the GlassFish installation.
    For example, from the root directory:
    # mkdir pa3gf
    That directory means Policy Agent 3.0 for GlassFish.

  3. Using a browser, download glassfish-installer-v2ur2-b04-sunos.jar from
    to the pa3gf directory.

    I downloaded the GlassFish build listed above. However, more options for GlassFish builds are listed here:

  4. Using the command line, extract the file using: 
    # java -Xmx256m -jar
    A license agreements appears.

  5. Accept the agreement
    1. Scroll and read through the agreement (In a perfect a world at least).
    2. Click Accept.
    This creates a glassfish directory with everything inside.

  6. Change into the glassfish directory.

  7. (Conditional) If the GlassFish host has another server on it running on port 8080, change the GlassFish port number as described in the substeps that follow.

    I'm installing GlassFish to host the agent. I already have Tomcat 6.x installed on port 8080. By default Glassfish attempts to use port 8080. If 8080 is being used already, the GlassFish installation will not be complete.  Therefore, this task describes how to change the default port of 8080 to 8090.

    1. Open the setup.xml file with a text editor.
    2. Locate the following line:
      <property name="instance.port" value="8080"/>
    3. Change the port number to something else, such as 8090.
      I'm not sure what range of port numbers is acceptable for instance.port, but 8090 is definitely acceptable.

      If you wanted to change the GlassFish port number after the installation, you would not edit the setup.xml file but the domain.xml file. Here's an example location for that file:  /pa3gf/glassfish/domain1/config/domain.xml

  8. Run the two following commands: 
    • # chmod -R +x lib/ant/bin
    • # lib/ant/bin/ant -f setup.xml

  9. After a successful build, change to the glassfish/bin directory. For example:
    # cd

  10. Issue the following command:
    # ./asadmin start-domain domain1

  11. Using a browser, verify the server is running by accessing http://AgentHost.domain:8090.
    You should get a Server Running page.

    I'm referring to this server as AgentHost because it will host the GlassFish agent.

  12. Login to GlassFish as admin (PW: adminadmin) by accessing the console at https://AgentHost.domain:4848.

To Create an Agent Password File

The location of this file is required and will be prompted for by the agent installer.
  1. Create an ACSII text file for the agent profile. The following is an example
    of such a text file: /pa3gf/gfagentpw

    I combined steps one and two by creating the file (gfagentpw) and adding the password (agent123) in a single command as follows (issued from the root directory):

    # echo agent123>>pa3gf/gfagentpw

  2. Using a text editor, enter the appropriate password in clear text on the first line of the file.
  3. Secure the  password file appropriately, depending on the requirements of your deployment.

To Create the Agent Profile in the OpenSSO Console

When I create the agent, I won't choose the option for the agent installer to create the agent profile for me automatically (agentadmin --custom-install), so I need to do this task myself.
  1. Using a browser, log in to OpenSSO Console as amAdmin.
    For me, I'm using the OpenSSO instance that I installed on Tomcat 6.0, which  I discussed in the following entry:
    In that entry, I refer to that machine as follows:
    Since the Tomcat host is now also the OpenSSO host, I'll be referring to it as OpenssoHost.
    The following two examples demonstrate potential formatting for the URL of the login page:
  2. Select Access Control tab>realmname (such as opensso)>Agents>J2EE
  3. In the Agent section, click New.
  4. Fill in the fields as appropriate:

    Example Value
    Re-enter Password
    Server URL
    Agent URL
About the fields: Note the name and password you enter since you will need this info again. The password must be the same as the password in the agent password file. A centralized configuration is a key aspect to Policy Agent 3.0 and allows you to control the agent from the OpenSSO Console. For the Server URL, enter the info for the OpenSSO server. In this case, I'm using Tomcat 6.0, which  I discussed in the following entry: For the Agent URL, enter the info for the GlassFish server that you just installed with the port number for domain1, which for my scenario was port 8090.

To Install GlassFish Agent (appserver_v9_agent)

This task describes how to install the GlassFish agent, appserver_v9_agent on the GlassFish server.
  1. Download the Sun Java System Application Server 9 agent to the directory in which you want to unpack the agent binaries.

    I'm using nightly builds instead of "Stable Agent Builds," such as builds tested with OpenSSO V1 Build 4.5. For the agent, I wanted to use a June 29 build to match the date of the OpenSSO build I installed on Tomcat. However, that download was not working for me for some reason. So, instead, I got the June 30 download of this agent, at this location:
    Anyway, you can download a build with which you're comfortable. Look here:

    By the way, I'm downloading the agent in to the following directory: /pa3gf

  2. Unzip the zip file.
    For example:
    # unzip

  3. Stop the GlassFish domain with the following command (from the root directory):
    # glassfish/bin/asadmin stop-domain domain1
    If you don't shutdown the domain before creating the agent, it will modify files.

  4. Change to the directory that contains the agentadmin utility. For example:
    # cd /pa3gf/

  5. Set the permissions for the agentadmin utility. For example:
    # chmod 755 agentadmin

  6. Start the agent installation. For example:
    # ./agentadmin --install

    I used ./agentadmin --install instead of ./agentadmin --custom-install.

  7. Complete the installation as described in the substeps that follow:
    1. Continually press enter to accept the various parts of the license agreement.

    2. Enter yes to accept the complete agreement.
      You must then answer the agent installer prompts. Many of your responses will be responses you provided when you created the agent profile.

    3. Respond to the following prompt:
      Enter the Application Server Config Directory Path

      I responded with the following:

    4. Respond to the following prompt:
      Federated Access Manager URL:

      I responded with the name of the Tomcat server, on which I installed OpenSSO:

    5. Respond to the following prompt:
      Agent URL:

      I responded with the name of the GlassFish instance including the port for domain1:

    6. Respond to the following prompt:
      Enter the Agent Profile name:

      I responded with the following:

    7. Respond to the following prompt:
      Enter the path to the password file:

      I responded with the following:

      Then, a summary of your responses is displayed as such:

      Application Server Config Directory :
      Federated Access Manager URL :
      Agent URL :
      Agent Profile name : glassfishagent
      Agent Profile Password file name : /pa3gf/gfagentpw

      Verify your settings above and decide from the choices below.
      1. Continue with Installation
      2. Back to the last interaction
      3. Start Over
      4. Exit

    8. Respond to the following prompt by providing one of the options listed at the end of summary.
      Please make your selection [1}

      I responded with the following:

To Deploy Applications on GlassFish

There are a few ways to deploy applications on GlassFish. This task shows the method I used. I deployed two applications at the same time. The agentapp.war file is used for housekeeping tasks. The agentsample.ear file is the J2EE agent sample application, which gives you the opportunity to practice protecting an application with the agent. Therefore, you can create policies and perform other tasks that control access to the application.  I plan to add a blog entry in the future about using the sample application, so I've decided to deploy it now.

  1. Copy the agentapp.war file and the agentsample.ear file to the GlassFish autodeploy directory. For example, from the root directory, I issued the following commands:

    # cp /pa3gf/j2ee_agents/appserver_v9_agent/etc/agentapp.war /pa3gf/glassfish/domains/domain1/autodeploy

    # cp /pa3gf/j2ee_agents/appserver_v9_agent/sampleapp/dist/agentsample.ear  /pa3gf/glassfish/domains/domain1/autodeployGlassfish Console: Left Pane

  2. Start the GlassFish server with the appropriate command. For example I issued the following command (from the root directory):
    # pa3gf/glassfish/bin/asadmin start-domain domain1

    When the domain starts, the two applications will deploy.

  3. Verify that the Application Server is running and the two applications were deployed as described in the substeps that follow:
    1. Using a browser, access
    2. Log in with the proper credentials. For example:
      User name: admin
      Password: adminadmin

  4. In the left pane, click the arrows next to the following labels:
    • Enterprise Applications
    • Web Applications

    You should see the two applications you just deployed, the agentsample and the agentapp, as illustrated in the image to the right.

    Now things are set for you to experiment with the sample application, which is what I'd like to get into soon myself. Hopefully, I'll be blogging about my travails with the sample application soon.

    As I mentioned at the beginning of this entry, Sean Brydon has written up quite a bit about the J2EE sample applicaton, the quick example is here and the detailed example is here.

What does this box do?


« July 2016