For each Web application that you want to use with the J2EE Agent, you need to configure the Web application to use the J2EE Agent for login and for logout. You do this by configuring the application’s web.xml file:
The web.xml file of the sample application (PayrollApp.ear) has these modifications. The location of this application is platform-specific:
On a Linux J2EE server, this application is copied to the /opt/novell/nids_agents/examples directory.
On a Windows J2EE server, this application is copied to the <Install_Directory>\sampleapp directory.
The Web application needs to be able to log in to the Identity Server that you have configured the J2EE Agent to trust. You accomplish this by specifying that the Web application uses FORM authentication. This is specified in the <login-config> section of the application's descriptor in the WEB-INF/web.xml file. For example:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login</form-error-page>
</form-login-config>
</login-config>
The <form-login-page> and <form-error-page> elements need to be set to a URL that is mapped to the following servlet class:
com.novell.nids.agent.auth.LoginServlet
The above <login-config> element specifies /login as the login page and the error page. The /login URL needs a servlet mapping within the application's web.xml file:
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>
com.novell.nids.agent.auth.LoginServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
As part of single sign-on and single logout, the J2EE Agent supports the following:
Notifying the Identity Server about application-level logout events.
Informing the J2EE applications when the Identity Server logs a user out.
For global logout to function, you need to add a logout servlet and its servlet mapping to the web.xml file:
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>
com.novell.nids.agent.auth.LogoutServlet
</servlet-class>
<init-param>
<param-name>postLogoutURL</param-name>
<param-value>/loggedOut</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
The URL pattern of the LogoutServlet can be customized for the application's requirements. The function of the LogoutServlet is to notify the Identity Server about the application logout. The Identity Server is responsible for notifying all other components about the logout. To cause the LogoutServlet to notify the Identity Server about a user logging out, the user must invoke one of the URLs of the LogoutServlet.
More than one <url-pattern> value can be specified for the LogoutServlet. After the logout is complete, the user is redirected to the URL in the Web module as specified by the postLogoutURL servlet initialization parameter. If it is not specified, the LogoutServlet defaults the postLogoutURL to /.