The following procedure explains how you can configure Access Manager to use the authorization policies of the J2EE server:
Deploy the sample payroll application on your J2EE server.
On your J2EE server, prepare the application to use the agent for login and logout. See Section 4.1, Preparing the Application for the Agent.
These steps have already been performed for the sample application. See the web.xml file in the application’s WEB-INF directory.
Complete any platform-specific configuration:
JBoss: These tasks have already been performed for JBoss. To understand what was modified, see Section 4.2, Configuring Applications on the JBoss Server.
WebSphere: You need to configure the RunAs Roles feature. See Section 4.3.2, Configuring Security Role to User/Group Mapping and Section 4.3.3, Configuring for User RunAs Roles.
WebLogic: You need to configure the RunAs Roles feature. See Section 4.4, Configuring Applications on the WebLogic Server.
In Access Manager, create role policies for an Employee role and a Manager role.
For more information, see Creating Role Policies
in the NetIQ Access Manager 3.2 SP2 Policy Guide.
Configure the agent for authentication. For more information, see Section 2.0, Configuring the Agent for Authentication.
Make sure that the option is selected. In the Administration Console, click > > .
To test this configuration, send the following request from a browser:
http://<Application_Server_DNS_Name>:<port>/payroll
Replace <Application_Server_DNS_Name> with the DNS name or the IP address of your application server.
Replace <port> with the port number you have configured the J2EE Agent to use.
Log in as a user who matches the condition to receive the Employee role and access the and the .
Log out and log in as a user who matches the condition to receive the Manager role. Access the and the .
As a manager, you can add Employee Records so that when employees log in, their records are displayed on .