2.4 Configuring Authentication Contracts

The J2EE Agent now comes with the ability to configure different authentication contracts to protect different applications that reside on the same application server instance. You can also configure additional authentication contracts to applications that require them.

2.4.1 Protecting Different Applications by Using Different Authentication Contracts

  1. In the Administration Console, click Devices > J2EE Agents > Edit. The J2EE Agents Configuration page is displayed.

  2. Click Manage authorization policies to configure J2EE Agents Policies. The Protected Web and EJB Resource page is displayed.

  3. Click New to create a new protected Web resource.

    Fill in the following fields:

    Module File Name: Specify the name of the file you are protecting, including the file extension (.jar or.war).

    Type: Select Web Module (.war) to protect the Web application. You can configure different authentication contracts only for different Web applications.

  4. Click OK.

  5. Click the newly added protected Web resource.

    Fill in the following fields:

    Protected Resource: Displays the name of the resource you are configuring

    Description: (Optional). Provides a field where you can enter a description for this protected resource. You can use it to briefly describe the purpose for protecting this resource.

    SSL Required: If this option is selected, the J2EE Agent sets up an SSL connection between the client and the application.

    IMPORTANT:If the Web pages that you are now protecting with SSL have been publicly available over HTTP, they remain publicly available over HTTP until you either restart the Web server or reinstall the application. If this is a new application, reinstalling the application might be less disruptive to your network environment than restarting the Web server.

    For the JBoss Agent, selecting the SSL Required option is only part of the process. On JBoss, you must also either disable the HTTP port and enable the SSL port or configure SSL in the web.xml file.

  6. Click New in the URL Path List section and add a new URL path, then click OK.

    For example, to allow access to all the pages in the public directory on the Web server, specify the following path:

    /public/*
    

    To allow access to everything on the Web server, specify the following path:

    /*
    

    To use this protected resource to protect a single page, specify the path and the filename. For example, to protect the login.html page in the /login directory, specify the following

    /login/login.html
    
  7. Repeat Step 1 to Step 6 for all the applications for which you want to configure different authentication contract.

  8. Click OK, then click Update > OK.

  9. To update the Identity Server, click Identity Servers, then click Update > OK.

    Whenever you set up a new trusted identity configuration, you need to update the Identity Server configuration.

2.4.2 Configuring Additional Authentication for Applications

You might want to configure additional authentication for certain resources. For example, in an organization, certain confidential policies can be viewed only by Managers. In such a scenario, you need to perform additional authentication.

  1. Complete the procedure in Section 2.3, Configuring the Agent for Direct Access.

  2. Click the protected resource for which you want to add an additional authentication contract.

  3. Click New in the URL Path List section and add a new URL path, then click OK.

  4. Click OK, then click Update > OK.

  5. To update the Identity Server, click Identity Servers, then click Update > OK.

    Whenever you set up a new trusted identity configuration, you need to update the Identity Server configuration.