7.3 Using the J2EE Server to Enforce Authorization

The following procedure explains how you can configure Access Manager to use the authorization policies of the J2EE server:

  1. Deploy the sample payroll application on your J2EE server.

  2. On your J2EE server, prepare the application to use the agent for login and logout. See Section 4.1, Preparing the Application for the Agent.

    These steps have already been performed for the sample application. See the web.xml file in the application’s WEB-INF directory.

  3. Complete any platform-specific configuration:

  4. In Access Manager, create role policies for an Employee role and a Manager role.

    For more information, see Creating Role Policies in the Novell Access Manager 3.1 SP2 Policy Guide.

  5. Configure the agent for authentication. For more information, see Section 2.0, Configuring the Agent for Authentication.

  6. Make sure that the Enforce application server policy option is selected. In the Administration Console, click Devices > J2EE Agents > Edit.

  7. To test this configuration, send the following request from a browser:

    http://<Application_Server_DNS_Name>:<port>/payroll 
    

    Replace <Application_Server_DNS_Name> with the DNS name or the IP address of your application server.

    Replace <port> with the port number you have configured the J2EE Agent to use.

  8. Log in as a user who matches the condition to receive the Employee role and access the My Page and the Manager Page.

  9. Log out and log in as a user who matches the condition to receive the Manager role. Access the My Page and the Manager Page.

    As a manager, you can add Employee Records so that when employees log in, their records are displayed on My Page.