1.5 Installing the J2EE Agent on WebLogic

The agent needs to be installed on the same machine as your WebLogic server. The WebLogic server must be installed on a machine that does not contain any Access Manager components.

1.5.1 Installing WebLogic Agent by Using the Installer

  1. Verify that the machine meets the minimum requirements. See Section 1.2, Prerequisites.

  2. Download the agent installer from Novell.

    IMPORTANT:Make sure that your installation folder name has no spaces. For example, you cannot specify the folder name as Novell Access Manager J2EE Agents, but you can specify the name as Novell_Access_Manager_J2EE_Agents.

  3. Make sure the WebLogic server is running.

    The WebLogic server must be running if you are performing a single server installation of J2EE Agents. The WebLogin server need not be running if you are installing J2EE Agents in a Base or Cluster mode.

  4. Run the installer.

  5. Review the License Agreement, accept it, then click Next. The installation selection page is displayed.

  6. Select a directory to install the Novell J2EE gent components, then click Next. The Choose a Java Virtual Machine page is displayed.

  7. Select a Java Virtual Machine (JVM*) to be used by the installed application.

    A default JVM is displayed.

    If you do not select a JVM here, the installer uses the java.home property value of the Java runtime that is used to run the installer to proceed with the installation.

  8. (Optional) If you want to select another JVM, click Choose Another and browse to select the JVM of your choice. Click Search for Others to get a list of available JVMs and select the one you want.

  9. Click Next. the Administration Server Communication page is displayed.

  10. Specify the following information required for server communication between the agent and the Administration Console.

    Administration Console IP Address: Specify the IP address of your Novell Access Manager Administration Console.

    Username: Specify the username of the admin user of the Novell Access Manager Administration Console.

    Password: Specify password of the admin user of the Novell Access Manager Administration Console.

    Confirm Password: Specify the password again to confirm it.

    Application Server IP Address (Current Host): Review the entered address. If your server is configured for more than one IP address, make sure you specify the IP address of the machine from which the Novell Access Manager Administration Console is reachable.

  11. Click Next. The Audit Server page is displayed.

  12. Specify the audit server IP address:

    1. (Conditional) If you do not have the Audit server installed, the J2EE installer installs the Audit server for you. Specify the IP address of the Novell Access Manager Administration Console as the Audit Server IP.

    2. (Conditional) If you have the Audit server installed, specify if you want to replace the existing Audit server or use the existing server.

  13. Click Next. The Select Application Server page is displayed.

  14. Select WebLogic, click Next. The installation selection page is displayed.

  15. Specify the path to the directory where WebLogic is installed. Click Choose to select a folder for installation. Click Restore Default to restore the default installation location.

  16. Click Next. The Installation Type page is displayed.

  17. Specify any one of the following the installation types and click Next:

    Single Server: Select this option to install a single instance of an application server.

    Base: Select this option while installing the agent on a machine that acts as a node and is part of a cluster.

    Cluster: Select this option while installing the agent on a machine where the domain is configured.

    The WebLogic Domain page is displayed.

  18. Specify the WebLogic Domain Home folder. Click Choose to select a folder for installation. Click Restore Default to restore the default installation location.

  19. Click Next. The WebLogic Administration Console Details page is displayed.

  20. Specify the information required for server communication between the agent and the Administration Console. Fill in the following fields:

    Server: Specify the name of the WebLogic Administration Console server.

    Administration Console Host: Specify the IP address of the Administration Console.

    Administration Console Port: Specify a port number for the Administration Console.

    Administration Console Username: Specify the username of the admin user of the Administration Console.

    Administration Console Password: Specify the password of the admin user of the Administration Console.

  21. Click Next. The JCC Dependent Packages Installation page is displayed.

  22. Click Install to continue with the agent installation.

  23. Review the installation summary, then click Install to install the agent.

  24. Click Done when the installation is complete.

  25. Stop the WebLogic Server if it is running.

  26. Complete the procedure in Section 1.5.3, Configuring WebLogic for J2EE Agents.

  27. To verify if the installation of the agent is complete, see Section 1.6, Verifying If a J2EE Agent Is Installed.

  28. (Optional) If you want to deploy a sample Payroll application to test the WebLogic Agent, refer to Section 1.5.4, Deploying the Example Payroll Application.

1.5.2 Installing a J2EE Agent by Using the Console

  1. Download the agent installer from Novell.

  2. Enter the following command in the command prompt to run the installer on the console:

    <filename> -i console

    Replace <filename> with the name of the J2EE agent installer.

  3. Review the License Agreement, then press Y to accept it.

  4. Specify an absolute path to install the Novell J2EE Agent components, or press Enter to continue with the default installation path.

  5. Specify a Java Virtual Machine (JVM) to be used by the installed application.

    All the available JVMs are displayed with a number. The default JVM is displayed with an arrow. Press Enter to select the default JVM, or specify the number of one of the listed JVMs.

  6. Specify the following information required for communication between the agent and the Administration Console:

    • Specify the IP address of your Novell Access Manager Administration Console.

    • Specify the username and password of the admin user of the Novell Access Manager Administration Console. Confirm the password by re-entering it.

    • Review the entered address. If your server is configured for more than one IP address, make sure you specify the IP address of the machine from which the Novell Access Manager Administration Console is reachable.

  7. (Conditional) If you do not have the Audit server installed, the J2EE installer installs the Audit server for you. Specify the IP address of the Novell Access Manager Administration Console as the Audit Server IP, then press Enter.

  8. (Conditional) If the Audit server is already installed on your machine:

    1. You are asked to specify if you want to replace the existing Audit server or use the existing server.

      • Press 1 to use the existing Audit server.

      • Press 2 to replace the existing Audit server.

    2. (Conditional) Press 1 to use the existing Novell Audit Configuration.

    3. (Conditional) Press 2 to use a different Audit Server and then specify the IP address.

  9. Specify a number for the Web Application Server installed. Specify 3 for WebLogic, then press Enter.

  10. Read the alert message and press Enter to continue.

  11. Specify the path to the directory where WebLogic is installed, then press Enter.

  12. Specify the WebLogic Domain Home folder, then press Enter.

  13. Specify the name of the WebLogic Administration Console server, then press Enter.

  14. Specify the IP address of the Administration Console, then press Enter.

  15. Specify a port number for the Administration Console, then press Enter.

  16. Specify the username of the admin user of the Administration Console, then press Enter.

  17. Specify the password of the admin user of the Administration Console, then press Enter.

  18. Click Next. The JCC Dependent Packages Installation page is displayed.

  19. Press Enter.

  20. Review the installation summary, press Enter to install the agent, then press Enter again.

  21. To verify the installation of the agent, see Section 1.6, Verifying If a J2EE Agent Is Installed.

1.5.3 Configuring WebLogic for J2EE Agents

After you install the WebLogic application server, you must configure it for the WebLogic J2EE Agent as follows:

Modifying the WebLogic Java Security Policy

Java 2 Security uses the weblogic. policy file to determine access to resources. You can modify the policy file so that it uses the correct defaults.

  1. In a text editor, browse to and open one of the following files, depending on your platform:

    • In Linux: <Domain Home>/bin/startWeblogic.sh

    • In Windows: <Domain Home>/bin/startWeblogic.cmd

  2. Remove the following Java parameter:

    -Djava.security.policy=<filename>

  3. Save and close the file.

  4. Continue with Configuring the Login.

After the installation of J2EE Agents, the security policy refers to the <AGENT_HOME>/weblogic.policy file.

There appears to be a bug in WebLogic 9.2 that prevents the Administration Console applications from functioning with the default permissions in the weblogic.policy file. This bug also prevents some of the Java 2 permissions for the agent to be explicitly set when the security manager is enabled. The only workaround Novell has found is to grant Java 2 permissions to everything.

The <AGENT_HOME>/weblogic.policy file contains the following lines.

grant {
     java.security.AllPermission
};

This should not add any more security risk than running WebLogic without the security manager enabled, which is the default configuration for WebLogic.

Configuring the Login

To configure the login, you can use either use a script or the WebLogic Administration Console:

Using a Script to Configure Login
  1. Start WebLogic.

  2. Execute the WebLogic scripting tool. Specify the command appropriate for the platform:

    Linux: WL_HOME/common/bin/wlst.sh

    Windows: WL_HOME\common\bin\wlst.cmd

  3. To the command, add the appropriate parameters to execute the weblogic_config.jy script. Separate each parameter with a space. Running the script without additional parameters prints the required parameters.

    Parameter

    Possible Value

    Description

    WebLogic administrator username

    weblogic

    The name of the administrator that you specified when you installed WebLogic.

    WebLogic administrator password

    password

    The password for the specified user.

    Domain name

    base_domain

    Specify the WebLogic domain name.

    Server name

    AdminServer

    By default, WebLogic names the server AdminServer. If you changed this name during installation, specify your name.

    Hostname and port

    localhost:7001

    The host and port are separated with a colon.

    Linux Example: /opt/bea/weblogic92/common/bin/wlst.sh /opt/novell/nids_agents/bin/weblogic_config.jy weblogic password base_domain AdminServer localhost:7001

    Windows Example: C:\bea\weblogic92\common\bin\wlst.cmd C:\Novell\bin\weblogic_config.jy weblogic password base_domain AdminServer localhost:7001

  4. Restart the WebLogic server.

    The agent should import into Access Manager Administration Console when the WebLogic server starts.

  5. (Optional) Verify and test the installation:

  6. The J2EE Agent must be configured before users can access resources. Continue with Section 2.0, Configuring the Agent for Authentication.

Using the Administration Console to Configure Login

In the WebLogic Administration Console, you need to configure the JAAS Login Module:

  1. Start WebLogic.

  2. In a browser, log in to the WebLogic Administration console:

    http://<weblogic ip>:<Weblogic port>/console
    

    Replace <weblogic ip> with the IP address or DNS name of your WebLogic Administration Console.

    Replace <weblogic port> with the port number of your Web

  3. In the Domain Structure list, click Security Realms.

  4. Click the default realm (myrealm).

  5. Click the Providers tab.

  6. In the top right corner, click Lock and Edit.

  7. In the Authentication Providers list, click New.

  8. Specify a name in the name field, select NovellAccessManagerAuthenticator for the type, then click OK.

  9. In the Authentication Providers list, click DefaultAuthenticator and change the Control Flag from Required to Sufficient.

  10. Return to the Authentication Providers list.

  11. Change the NovellAccessManagerAuthenticator > Control Flag to Sufficient.

  12. Click Activate Changes.

  13. Restart the WebLogic server.

    The agent should import into Access Manager Administration Console when the WebLogic server starts.

  14. (Optional) Verify and test the installation:

  15. The J2EE Agent must be configured before users can access resources. Continue with Section 2.0, Configuring the Agent for Authentication.

1.5.4 Deploying the Example Payroll Application

You can use a sample application to test the agent installation:

  1. In the WebLogic Administration console, click Deployments in the Domain Structure list.

  2. Click Lock and Edit.

  3. Click Install.

  4. In the location field, click the server.

  5. Browse and select the payroll application PayrollApp.ear from the following location:

    • /opt/novell/nids_agents/examples directory on Linux.

    • <Install_Directory>\sampleapp directory on Windows.

  6. Click Next.

  7. Select Install this deployment as an application, then click Next.

  8. Accept the default settings, then click Finish.

  9. To start the Payroll application, click Activate Changes.

  10. Restart the WebLogic server.

For more information on testing the configuration, see Section 7.2.4, Testing the Configuration.