Monday Jul 21, 2008

How to Install GlassFish Then Policy Agent 3.0

This entry describes how to install GlassFish as a container for content to be protected by Policy Agent 3.0 (Agent for Application Server 9.0) on a Solaris 10 (SPARC) machine. I also provide the instructions for installing the agent and performing some preliminary agent configuration. These instructions are related to the instructions I already provided in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6.

NOTE TO READER: If you see anything that isn't clear or is outright incorrect, don't hesitate to leave a comment. I'll try to straighten it out.

Also, in this blog, you can bring up a list of blog entries with instructions for this deployment. This deployment is all on one machine (on Solaris 10) and inlcudes OpenSSO server on Tomcat 6.x with the Application Server 9.0 agent on GlassFish server. This will probably include other configurations, too, such as deploying the sample application and more. Click the following link:
Blog entires related to the deployment: Tomcat for OpenSSO & GlassFish for GlassFish agent

The How-to Information I'm Providing

About Tomcat, GlassFish, OpenSSO (FAM 8.0), and Policy Agent 3.0:
  1. Installed Tomcat 6.x on Solaris 10 (SPARC) and then OpenSSO on top of that. See this blog entry.
  2. The blog entry (you're reading now) is about installing GlassFish on the same machine used for step 1 and then installing the GlassFish agent, a J2EE agent, which is also referred to as appserver_v9_agent.
  3. In a blog entry in the near future, I hope to describe more about how to set up the J2EE agent sample application. Actually, Sean Brydon has written up quite a bit about installing the agent and the sample application, see this link here, and for lots of details on installing the J2EE agent sample application, see this link here. The tasks Sean describes are on earlier builds of OpenSSO and the agent, but the concepts are clear.
All of the how-to info I'm providing is in reference to one machine. I've installed it all on one machine.
  • Tomcat 6.x is the J2EE container for OpenSSO
  • GlassFish is the J2EE container protected by the Sun Java System Application Server agent (the GlassFish agent)
I refer to the one machine in various ways, depending upon which server I'm focusing on at that moment. For example, you'll see all of the following:

Tomcat:
  • http://TomcatHost.example.com:8080/
  • http://OpenssoHost.example.com:8080/opensso
GlassFish:
  • http://GlassFishHost.example.com:4848
  • http://AgentHost.domain:8090

Just know, that for my instructions, all the URLs are served from the same machine, even though the host name is shown differently.

To Install GlassFish

This task description explains how to install GlassFish as an eventual container for Policy Agent 3.0 (Agent for Application Server 9.0) on a Solaris SPARC machine. This is with the assumption that OpenSSO is already running on this machine on Tomcat 6.x as I described in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6.
  1. Set the JAVA_HOME or JRE_HOME variable.
    For my environment (using the Bourne shell a.k.a "sh" shell), I did the following:
    1. Issue the following command:
      # JRE_HOME=/usr/jdk/instances/jdk1.5.0
    2. Issue the following command:
      # export JRE_HOME
    3. Issue the following command:
      # env
      This allows you to ensure that the JRE_HOME variable is set in the list of environment variables.

  2. Make a directory for the GlassFish installation.
    For example, from the root directory:
    # mkdir pa3gf
    That directory means Policy Agent 3.0 for GlassFish.

  3. Using a browser, download glassfish-installer-v2ur2-b04-sunos.jar from
    http://www.java.net/download/javaee5/v2ur2/promoted/SunOS/glassfish-installer-v2ur2-b04-sunos-ml.jar
    to the pa3gf directory.

    I downloaded the GlassFish build listed above. However, more options for GlassFish builds are listed here:
    https://glassfish.dev.java.net/public/downloadsindex.html

  4. Using the command line, extract the file using: 
    # java -Xmx256m -jar
    glassfish-installer-v2ur2-b04-sunos.jar
    A license agreements appears.

  5. Accept the agreement
    1. Scroll and read through the agreement (In a perfect a world at least).
    2. Click Accept.
    This creates a glassfish directory with everything inside.

  6. Change into the glassfish directory.

  7. (Conditional) If the GlassFish host has another server on it running on port 8080, change the GlassFish port number as described in the substeps that follow.

    I'm installing GlassFish to host the agent. I already have Tomcat 6.x installed on port 8080. By default Glassfish attempts to use port 8080. If 8080 is being used already, the GlassFish installation will not be complete.  Therefore, this task describes how to change the default port of 8080 to 8090.

    1. Open the setup.xml file with a text editor.
    2. Locate the following line:
      <property name="instance.port" value="8080"/>
    3. Change the port number to something else, such as 8090.
      I'm not sure what range of port numbers is acceptable for instance.port, but 8090 is definitely acceptable.

      If you wanted to change the GlassFish port number after the installation, you would not edit the setup.xml file but the domain.xml file. Here's an example location for that file:  /pa3gf/glassfish/domain1/config/domain.xml

  8. Run the two following commands: 
    • # chmod -R +x lib/ant/bin
    • # lib/ant/bin/ant -f setup.xml

  9. After a successful build, change to the glassfish/bin directory. For example:
    # cd
    pa3gf/glassfish/bin

  10. Issue the following command:
    # ./asadmin start-domain domain1

  11. Using a browser, verify the server is running by accessing http://AgentHost.domain:8090.
    You should get a Server Running page.

    I'm referring to this server as AgentHost because it will host the GlassFish agent.

  12. Login to GlassFish as admin (PW: adminadmin) by accessing the console at https://AgentHost.domain:4848.

To Create an Agent Password File

The location of this file is required and will be prompted for by the agent installer.
  1. Create an ACSII text file for the agent profile. The following is an example
    of such a text file: /pa3gf/gfagentpw

    I combined steps one and two by creating the file (gfagentpw) and adding the password (agent123) in a single command as follows (issued from the root directory):

    # echo agent123>>pa3gf/gfagentpw

  2. Using a text editor, enter the appropriate password in clear text on the first line of the file.
  3. Secure the  password file appropriately, depending on the requirements of your deployment.

To Create the Agent Profile in the OpenSSO Console

When I create the agent, I won't choose the option for the agent installer to create the agent profile for me automatically (agentadmin --custom-install), so I need to do this task myself.
  1. Using a browser, log in to OpenSSO Console as amAdmin.
    For me, I'm using the OpenSSO instance that I installed on Tomcat 6.0, which  I discussed in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6.
    In that entry, I refer to that machine as follows: http://TomcatHost.example.com:8080/
    Since the Tomcat host is now also the OpenSSO host, I'll be referring to it as OpenssoHost.
    The following two examples demonstrate potential formatting for the URL of the login page:
    • http://OpenssoHost.example.com:8080/opensso
    • http://FamHost.example.com:8080/fam
  2. Select Access Control tab>realmname (such as opensso)>Agents>J2EE
  3. In the Agent section, click New.
  4. Fill in the fields as appropriate:

    Field
    Example Value
    Name
    glassfishagent
    Password
    agent123
    Re-enter Password
    agent123
    Configuration
    Centralized
    Server URL http://OpenssoHost.example.com:8080/opensso
    Agent URL
    http://AgentHost.example.com:8090/agentapp
About the fields: Note the name and password you enter since you will need this info again. The password must be the same as the password in the agent password file. A centralized configuration is a key aspect to Policy Agent 3.0 and allows you to control the agent from the OpenSSO Console. For the Server URL, enter the info for the OpenSSO server. In this case, I'm using Tomcat 6.0, which  I discussed in the following entry: http://blogs.sun.com/JohnD/entry/how_to_install_tomcat_6. For the Agent URL, enter the info for the GlassFish server that you just installed with the port number for domain1, which for my scenario was port 8090.

To Install GlassFish Agent (appserver_v9_agent)

This task describes how to install the GlassFish agent, appserver_v9_agent on the GlassFish server.
  1. Download the Sun Java System Application Server 9 agent to the directory in which you want to unpack the agent binaries.

    I'm using nightly builds instead of "Stable Agent Builds," such as builds tested with OpenSSO V1 Build 4.5. For the agent, I wanted to use a June 29 build to match the date of the OpenSSO build I installed on Tomcat. However, that download was not working for me for some reason. So, instead, I got the June 30 download of this agent, at this location:
    http://download.java.net/general/opensso/nightly/20080630.1/j2eeagents/
    Anyway, you can download a build with which you're comfortable. Look here:
    https://opensso.dev.java.net/public/use/index.html

    By the way, I'm downloading the agent in to the following directory: /pa3gf

  2. Unzip the zip file.
    For example:
    # unzip appserver_v9_agent_3.zip

  3. Stop the GlassFish domain with the following command (from the root directory):
    # glassfish/bin/asadmin stop-domain domain1
    If you don't shutdown the domain before creating the agent, it will modify files.

  4. Change to the directory that contains the agentadmin utility. For example:
    # cd /pa3gf/
    j2ee_agents/appserver_v9_agent/bin

  5. Set the permissions for the agentadmin utility. For example:
    # chmod 755 agentadmin

  6. Start the agent installation. For example:
    # ./agentadmin --install

    I used ./agentadmin --install instead of ./agentadmin --custom-install.

  7. Complete the installation as described in the substeps that follow:
    1. Continually press enter to accept the various parts of the license agreement.

    2. Enter yes to accept the complete agreement.
      You must then answer the agent installer prompts. Many of your responses will be responses you provided when you created the agent profile.

    3. Respond to the following prompt:
      Enter the Application Server Config Directory Path
      [/opt/SUNWappserver/domains/domain1/config]:

      I responded with the following:
      /pa3gf/glassfish/domains/domain1/config

    4. Respond to the following prompt:
      Federated Access Manager URL:

      I responded with the name of the Tomcat server, on which I installed OpenSSO:
      http://OpenssoHost.example.com:8080/opensso

    5. Respond to the following prompt:
      Agent URL:

      I responded with the name of the GlassFish instance including the port for domain1:
      http://AgentHost.example.com:8090/agentapp

    6. Respond to the following prompt:
      Enter the Agent Profile name:

      I responded with the following:
      glassfishagent

    7. Respond to the following prompt:
      Enter the path to the password file:

      I responded with the following:
      /pa3gf/gfagentpw

      Then, a summary of your responses is displayed as such:

      -----------------------------------------------
      SUMMARY OF YOUR RESPONSES
      -----------------------------------------------
      Application Server Config Directory :
      /pa3gf/glassfish/domains/domain1/config
      Federated Access Manager URL :
      http://OpenssoHost.example.com:8080/opensso/
      Agent URL : http://AgentHost.example.com:8090/agentapp
      Agent Profile name : glassfishagent
      Agent Profile Password file name : /pa3gf/gfagentpw

      Verify your settings above and decide from the choices below.
      1. Continue with Installation
      2. Back to the last interaction
      3. Start Over
      4. Exit

    8. Respond to the following prompt by providing one of the options listed at the end of summary.
      Please make your selection [1}

      I responded with the following:
      1

To Deploy Applications on GlassFish

There are a few ways to deploy applications on GlassFish. This task shows the method I used. I deployed two applications at the same time. The agentapp.war file is used for housekeeping tasks. The agentsample.ear file is the J2EE agent sample application, which gives you the opportunity to practice protecting an application with the agent. Therefore, you can create policies and perform other tasks that control access to the application.  I plan to add a blog entry in the future about using the sample application, so I've decided to deploy it now.

  1. Copy the agentapp.war file and the agentsample.ear file to the GlassFish autodeploy directory. For example, from the root directory, I issued the following commands:

    # cp /pa3gf/j2ee_agents/appserver_v9_agent/etc/agentapp.war /pa3gf/glassfish/domains/domain1/autodeploy

    # cp /pa3gf/j2ee_agents/appserver_v9_agent/sampleapp/dist/agentsample.ear  /pa3gf/glassfish/domains/domain1/autodeployGlassfish Console: Left Pane

  2. Start the GlassFish server with the appropriate command. For example I issued the following command (from the root directory):
    # pa3gf/glassfish/bin/asadmin start-domain domain1

    When the domain starts, the two applications will deploy.

  3. Verify that the Application Server is running and the two applications were deployed as described in the substeps that follow:
    1. Using a browser, access http://GlassFishHost.example.com:4848
    2. Log in with the proper credentials. For example:
      User name: admin
      Password: adminadmin

  4. In the left pane, click the arrows next to the following labels:
    • Enterprise Applications
    • Web Applications

    You should see the two applications you just deployed, the agentsample and the agentapp, as illustrated in the image to the right.

    Now things are set for you to experiment with the sample application, which is what I'd like to get into soon myself. Hopefully, I'll be blogging about my travails with the sample application soon.

    As I mentioned at the beginning of this entry, Sean Brydon has written up quite a bit about the J2EE sample applicaton, the quick example is here and the detailed example is here.

Sunday Jun 29, 2008

How to install Tomcat 6.x then launch and configure OpenSSO

The following tasks are described in this blog entry:

  • How to install Tomcat 6.x as the Application Server
  • How to Install OpenSSO (instead of Federated Access Manager 8.0) on Tomcat 6.x.
NOTE TO READER: If you see anything that isn't clear or is outright incorrect, don't hesitate to leave a comment. I'll try to straighten it out.

Also, in this blog, you can bring up a list of blog entries with instructions for this deployment. This deployment is all on one machine (on Solaris 10) and inlcudes OpenSSO server on Tomcat 6.x with the Application Server 9.0 agent on GlassFish server. This will probably include other configurations, too, such as deploying the sample application and more. Click the following link:
Blog entires related to the deployment: Tomcat for OpenSSO & GlassFish for GlassFish agent
I installed these two software pieces on a Solaris 10 SPARC machine. It doesn't matter much what operating system you install on as long as the system has a relatively new JDK version installed. I had JDK 1.5.

The thing to keep in mind about the instructions that follow is that the examples include UNIX commands only, since I installed on Solaris. The machine I was using was set to the bourne "sh" shell by default. I didn't mess with that. What do I know from shells? Many times, I'd try various UNIX commands until one worked. When I show the wording "For example", that means that that's  what worked for me.

The commands are just examples since operating systems vary. Even when one uses Solaris, as I did, the shell varies or some other aspect of the environment. So, the bottom line is that things will vary.
-------------------------------------------------------------

To Install Tomcat 6.x

PRE-INSTALL INFO:

The OpenSSO Release Notes page for OpenSSO build 4 are available at the following link:

http://download.java.net/general/opensso/stable/openssov1-build4/B4-ReleaseNotes.html

The Instructions in this blog entry are for a nightly build between build 4 and 5 and the Release Notes apply, but you don't really need to go out to that page since I've pasted the relevant Release Note info for Tomcat 6.x in the box that follows:


Tomcat 6.x

1. Do NOT use Tomcat 6.0.16 as it does not work with OpenSSO Build 4

2. Increase JVM option -Xmx to 1024M


Okay, so the instructions follow next for installing Tomcat 6.x. I adhered to the guidelines in the box above.

INSTALL STEPS:

  1. Set the JAVA_HOME variable to an appropriate version of JDK
    For example:
    # JAVA_HOME="/usr/jdk/jdk1.5.0_12"
    # export JAVA_HOME
    # env
    There must be a thousand ways to do this depending upon one's environment. The commands above worked for me. The env command lists all the environment variables, so you can check to make sure JAVA_HOME is set properly.

  2. Create a directory for the Tomcat 6 container.
    For example:
    # mkdir Tomcat-base

  3. Change directories into the newly created directory.
    For example:
    # cd Tomcat-base

  4. Download a Tomcat 6.x version supported by OpenSSO:
    I downloaded the following version:
    http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz
    Here's the link to the page where this file is available:
    http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.14/bin/
    From that page, depending upon how your browser is set up to handle downloads, you might want to right click the option apache-tomcat-6.0.14.tar.gz and select "Copy Link Location." That way you can control the exact location to which the download goes.

  5. Uncompress the file.
    For example:
    # gunzip -c apache-tomcat-6.0.14.tar.gz | tar xvf -

    The above command is suggested by Pat Patterson. I added it to this entry after reading his comment (see his blog comment at the bottom of this entry).
    The below commands worked for me, but his command is clearly the way to go.
    # gunzip apache-tomcat-6.0.14.tar.gz
    # tar xvf apache-tomcat-6.0.14.tar
    I don't know much about such things. But I looked at the following
    page (There are many ways to uncompress a .tar.gz file. It took me a couple of attempts until I stumbled on those two commands above):
    http://www.gzip.org/

  6. Edit the following Tomcat file as shown in the substeps that follow:
    /Tomcat-base/apache-tomcat-6.0.14/bin/catalina.sh

    1. Open the catalina.sh file using your editor of choice.

    2. Add the following string  including the quotation marks to the line shown in the examples in this substep:
      "-Xmx1G"
      Before Editing:
      JAVA_OPTS="$JAVA_OPTS "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
      After Editing:
      JAVA_OPTS="$JAVA_OPTS "-Xmx1G" "-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"

    3. Save and close the file.

  7. Start Tomcat as described in the substeps that follow.
    This is just to check that everything is working as expected.

    1. Change directories to the location of the Tomcat startup script.
      For Example:
      # cd /Tomcat-base/apache-tomcat-6.0.14/bin

    2. Issue the start up command.
      For example:
      # ./startup.sh

  8. Use a browser to check that Tomcat has started:
    For example, in a browser window, go to the following location:
    http://TomcatHost.example.com:8080/

    Where TomcatHost is a place holder that you must replace with the name of the host machine to which you just installed Tomcat 6.0.14.

    If everything went properly, you will see the Apache Tomcat page.

  9. Shutdown Tomcat.
    For example:
    # ./shutdown.sh
-------------------------------------------------------------

To Install OpenSSO (Jun 29, 2008 Build) on Tomcat 6.x

PRE-INSTALL INFO:

The OpenSSO downloads are available from this web page:
https://opensso.dev.java.net/public/use/index.html

On the above listed web page, the periodic builds are listed in the section labeled as such:
"Periodic OpenSSO and Client SDK Builds"

I downloaded the OpenSSO Zip, which at that time had the following timestamp: Sun Jun 29 09:00:05 PDT 2008. I didn't create a directory for the installation. I just used the root "/" directory to download the opensso.zip file and unzipped it right there (I'll probably download and unzip files in a more organized fashion in the future).

INSTALL STEPS:

  1. Download the newest available OpenSSO build.
    I downloaded the following version:
    http://download.java.net/general/opensso/nightly/latest/opensso/opensso.zip
    Here's the link to the page where this file is available:
    http://download.java.net/general/opensso/nightly/latest/opensso/

    From there, you can right click the opensso.zip file and select "Copy Link Location" to control where you download the file. That page gives you the latest builds of OpenSSO available. Since I installed on June 29, 2008, I got the June 29 build, which is a periodic build between builds 4 and 5.

  2. Unzip the opensso.zip file.
    For example:
    # unzip opensso.zip
    Since I unzipped the file in the root directory, this created the opensso directory at the following location: /opensso

  3. Copy the opensso.war file from the distributed opensso files to the Tomcat webapps directory.
    For example:
    cp /opensso/deployable-war/opensso.war /Tomcat-base/apache-tomcat-6.0.14/webapps

  4. Start Tomcat as described in the substeps that follow.
    Because the opensso.war file is in the Tomcat webapps directory, starting Tomcat deploys OpenSSO.

    1. Change directories to the location of the Tomcat startup script.
      For Example:
      # cd /Tomcat-base/apache-tomcat-6.0.14/bin

    2. Issue the start up command.
      For example:
      # ./startup.sh

  5. Confirm that TomCat has started and OpenSSO has deployed as described in the substeps that follow:

    1. Use a browser to check that Tomcat has started:
      For example, in a browser window, go to the following location:
      http://TomcatHost.example.com:8080/

      If everything went properly, you will see the Apache Tomcat page.

    2. Add the string opensso to the URL in the browser window.
      For example:
      http://TomcatHost.example.com:8080/opensso

      If everything went properly, you will see the Sun Federated Access Manager page labeled Configuration Options.

  6. Proceed with the configuration as described in the substeps that follow:
    You don't need to go with the default configuration, but that's what I did.

    1. Click the link for Default Configuration.

    2. Enter the same password for both of the Default User Fields: Password and Confirm.
      By the way, the password you enter here is used by you and other administrators to log into OpenSSO. At that Login page (which comes up when you visit http://TomcatHost.example.com:8080/opensso), the value to enter for the User Name field is amAdmin while the password is the one you are creating in this substep.

    3. Enter the same password for both of the Default Agent Fields: Password and Confirm.
      Ensure that this password is different from the one you just created above.
      You might not ever need this password again. One situation you would need it is if you install Policy Agent 2.2 with this OpenSSO deployment. In that situation, this password would be needed. In that case, it is used in conjunction with the user name "UrlAccessAgent."

    4. Click OK.

      The configuration process continues for a couple of minutes and then shows a configuration complete message.

  7. Visit http://TomcatHost.example.com:8080/opensso again to confirm that you get the Sun Federated Access Manager login page.

  8. Log in using the proper credentials.
    User Name is amAdmin and Password is the password you chose to go with amAdmin.
Ta da! That's it. You're in.
About

What does this box do?

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today