This blog entry explains how to install GlassFish to host both OpenSSO server and Policy Agent 3.0. I then get into a little about deploying the agent sample application. In the very next blog entry, I get into configuring and experimenting with the sample application.

This one entry includes various tasks. The deployment described involves two GlassFish domains: one for OpenSSO (between builds 5 and 6) and one for the GlassFish agent (Agent for Application Server 9.0). The instructions are all for a Solaris 10 SPARC machine.

I've covered some of this before in this blog. However, I was using older OpenSSO builds. Some instruction details have changed since then. Furthermore, the use of two domains on GlassFish is new. Also, the sample application details included in the next blog entry are new.

NOTE TO READER: If you see anything that isn't clear or is outright incorrect, don't hesitate to leave a comment. I'll try to straighten it out.

To Install GlassFish

This task description explains how to install GlassFish as an eventual container for OpenSSO server and Policy Agent 3.0.  This is all being performed on on a Solaris 10 SPARC machine. The objective is to deploy OpenSSO on GlassFish domain1. Then to create a second glassfish domain (domain2) and install Policy Agent 3.0 (Agent for Application Server 9.0).

1. Set the JAVA_HOME or JRE_HOME variable.
   For my environment (using the Bourne shell a.k.a "sh" shell), I did the following:
   
   1. Issue the following command:
      # JAVA_HOME=/usr/jdk/instances/jdk1.5.0
   2. Issue the following command:
      # export JAVA_HOME
   3. Issue the following commnad:
      # env
      This allows you to ensure that the JRE_HOME variable is set in the list of environment variables.
      
      
2. Make a directory for the GlassFish installation.
   For example, in the root directory:
   # mkdir GF_OSSO_PA
   That's my shorthand for GlassFish container for OpenSSO server and the Glassfish agent.
   
   
3. Using a browser, download glassfish-installer-v2ur2-b04-sunos.jar to the GlassFish installation directory you just created. As you know, I named it as follows: /GF_OSSO_PA
   
   I downloaded the GlassFish build listed above. I got to that file and one will see other similar GlassFish builds by starting here:
   https://glassfish.dev.java.net/public/downloadsindex.html
   Which brought me here:
   https://glassfish.dev.java.net/downloads/v2ur2-b04.html
   This is the wording and such for the download I finally got:
   Solaris SPARC Platform glassfish-installer-v2ur2-b04-sunos.jar, size 54M
   
   You can navigate to the download or you can right click the link immediately above and choose the option that controls where the download is saved within your directory system.
   
   
4. Using the command line, extract the file using: 
# java -Xmx256m -jar glassfish-installer-v2ur2-b04-sunos.jar
A license agreements appears.
   
   
5. Accept the agreement
   
   1. Scroll and read through the agreement.
   2. Click Accept.
   This creates a glassfish directory with everything inside.
   
   
6. Change into the glassfish directory. For example:
   # cd /GF_OSSO_PA/glassfish
   
   
7. Run the two following commands: 
   • # chmod -R +x lib/ant/bin
   • # lib/ant/bin/ant -f setup.xml
   

8. After a successful build, change to the glassfish/bin directory. For example:
# cd /GF_OSSO_PA/glassfish/bin

   
9. Issue the command to start domain1:
   For example, I issued the following command:
   
./asadmin start-domain domain1


10. Using a browser, verify the server is running by accessing http://OpenSSOhost.example.com:8080.
    You should get a Server Running page.
    
    I'm referring to this host,  which is using domain1, as OpenSSOhost because it will host the OpenSSO server.
    
    
11. Using a browser, login to domain1 of GlassFish as admin (PW: adminadmin) by accessing the console using a browser:
    An example of the URL is as follows: http://OpenSSOhost.example.com:4848.
    
    Notice that 4848 is the port for the console for domain1 of Glassfish. The console for other domains will have different port numbers.
    
    
12. Edit the domain.xml file of domain1 as described in the substeps that follow:
    
    When Glassfish is the container for the OpenSSO server, the domain.xml file should be edited as described.
    
    
    1. Change directories to the config directory of domain1.
       For example:
       # cd /GF_OSSO_PA/glassfish/domains/domain1/config
       
       
    2. Using your text editor of choice, open the domain.xml file.
       
       
    3. Change the following JVM options as shown in the table below:
       
       

       Changes to Make	Lines Before Editing	Lines After Editing
       "client" to "server"	<jvm-options>-client</jvm-options>	<jvm-options>-server</jvm-options>
       "512 to "1024"	<jvm-options>-Xmx512m</jvm-options>	<jvm-options>-Xmx1024m</jvm-options>

       
       

To Create a Second GlassFish Domain

These instructions are necessary if you are going to install OpenSSO and the GlassFish agent on the same Glassfish server. You cannot install the two on the same domain, so you will need to create a second GlassFish domain.

1. Ensure that domain1 is running.
   
   You can do this by ensuring that GlassFish is accessible in a browser.
   For my scenario, I visited the follwing URL: http://OpenSSOhost.example.com:8080
   
   With domain1 running, you ensure that domain2 won't be assigned the same port as domain1.
   
   
2. Issue the command to create domain2:
   For example, I issued the following command:
   
   # /GF_OSSO_PA/glassfish/bin/asadmin create-domain --adminport 6868 --user admin domain2
   
   Notice that the port 6868 used in the command above is the port to use to log in to GlassFish server domain2 while port 4848 is the port to use to log in to GlasFish server domain1.
   


3. Enter adminadmin as the password for the various password prompts you receive.
   
   After you provide all the passwords, a list of configuration information is displayed.
   
   
4. Note the port number for the HTTP instance.
   
   You will need this port number when you create Agent for Application Server 9.0 (the Glassfish agent) Look for the line about the HTTP instance. For example:
   Default port 8080 for HTTP Instance is in use. Using 33053
   In such a case you would note 33053. You will need that port number (whatever, it might be) when you install the agent on domain2.
   
   
5. Start the second GlassFish domain:
   For example, I issued the following command:
   
   # /GF_OSSO_PA/glassfish/bin/asadmin start-domain domain2


6. Enter adminadmin as the password for the password prompt you receive.
   
   
7. Using a browser, verify that you have access to the GlassFish console for domain2 by logging in to domain2 using admin (PW: adminadmin):
   
   An example of the URL is as follows: http://OpenSSOhost.example.com:6868.
   
   
8. Shutdown the second GlassFish domain:
   For example, I issued the following command:
   
   # /GF_OSSO_PA/glassfish/bin/asadmin stop-domain domain2

If you don't shutdown the second domain before creating the agent (later on), it will modify files.
   
   
9. Shutdown the first GlassFish domain:
   For example, I issued the following command:
   
   # /GF_OSSO_PA/glassfish/bin/asadmin stop-domain domain1

To Install OpenSSO on GlassFish Domain1

These instructions involve downloading OpenSSO in the same directory where I downloaded GlassFish (GF_OSSO_PA). I use domain1 of the GlassFish server.

1. Change directories to the location you want to download the OpenSSO binaries.
   
   I used the GF_OSSO_PA directory I created previously. For example, I issued the following command:
   # cd /GF_OSSO_PA
   
   
2. Using a browser, download the OpenSSO binaries to the directory of your choice.
   For my scenario, I downloaded the binaries to the following directory: GF_OSSO_PA
   
   The general URL to start from is as follows:
   

   https://opensso.dev.java.net/public/use/index.html

   A more specific location on the above page, for periodic builds, is here:
   https://opensso.dev.java.net/public/use/index.html#periodic
   
   The above URL brings you to the table named Periodic OpenSSO and Client SDK Builds. You could navigate to that table and right click the "opensso.zip" link. Or you could just right click it here: "opensso.zip". Then  you can choose the option that controls where the download is saved within your directory system.
   
   At the time I performed this task, the latest build was September 10th. When I install the GlassFish agent (described later in this blog entry), I also use the September 10th build. 
   
   Be aware that there's a risk-reward relationship involved with using periodic builds. The reward is that you might be able to see the newest features and behaviors. The risk is that the chances of the build failing or acting oddly are greater than when you use a stable buld. At least, you know the September 10th build is stable enough to handle all the tasks described in this blog entry.
   
   If you want to install the same build that I did (since you know it's relatively stable) but at a point in time in which the Sept 10th build is no longer available from the Periodic OpenSSO and Client SDK Builds table, then you can pick it up at this link: http://download.java.net/general/opensso/nightly/20080910.1/opensso/
   
   You can go to that page and right click the openso.zip link or you can right click it here: opensso.zip. Then you can control which directory the file is downloaded to.
   

3. Unzip the opensso.zip file.
   I used the following command:
   # unzip opensso.zip
   
   This creates an opensso directory. Therefore, for me the opensso directory was at the following location: /GF_OSSO_PA/opensso
   
   
4. Copy the opensso.war file from the distributed opensso files to the autodeploy directory of the GlassFish server domain1.
   For example:
   cp /GF_OSSO_PA/opensso/deployable-war/opensso.war /GF_OSSO_PA/glassfish/domains/domain1/autodeploy
   
   A few ways exist to deploy the opensso.war file. The command above demonstrates the method I used.
   
   
5. Start domain1 of the GlassFish server.
   For Example, I issued the following command:
   
   # /GF_OSSO_PA/glassfish/bin/asadmin start-domain domain1
   
   Starting GlassFish domain1 with the opensso.war file in the autodeploy directory deploys the opensso.war file.
   
   
6. Confirm that GlassFish domain1 has started and OpenSSO has deployed as described in the substeps that follow:
   
   
1. Use a browser to check that Glassfish domain 1 has started:
   For example, in a browser window, go to the following location:
   http://OpenSSOhost.example.com:8080/
   
   If everything goes properly, you will see the message:
   "Your Application Server is now running"
   
   
2. Add the string opensso to the URL in the browser window.
   For example:
   http://OpenSSOhost.example.com:8080/opensso
   
   If everything goes properly, you will see the OpenSSO server page labeled Configuration Options.
   
   
7. Proceed with the configuration as described in the substeps that follow:
   You don't need to go with the default configuration, but that's what I did.
   
   
1. Click Create Default Configuration.
   
   
2. Enter the same password for both of the Default User Fields: Password and Confirm.
   For example, admin123.
   
   By the way, the password you enter here is used by you and other administrators to log into OpenSSO. At that Login page (which comes up when you visit http://OpenSSOhost.example.com:8080/opensso), the value to enter for the User Name field is amAdmin while the password is the one you are creating in this substep.
   
   
3. Enter the same password for both of the Default Agent Fields: Password and Confirm.
   For example, agent123.
   Ensure that this password is different from the one you just created in the step above.
   You might not ever need this password again. One situation you would need it is if you install Policy Agent 2.2 with this OpenSSO deployment. In that situation, this password would be needed. In that case, it is used in conjunction with the user name "UrlAccessAgent."
   
   
4. Click OK.
   
   The configuration process continues for a couple of minutes and then shows a configuration complete message.
   
   
5. Click  Proceed to Login.
   This brings you to the login page, which is at a URL such as the following:
   http://OpenSSOhost.example.com:8080/opensso/UI/Login
   
   
8. Log in using the proper credentials.
   For example:
   User Name: amAdmin
   Password: admin123
   
   

To Create an Agent Password File

The location of this file is required and will be prompted for by the agent installer.

1. Create an ACSII text file for the agent profile. The following is an example
   of such a text file: /GF_OSSO_PA/gfagentpw
   
   I combined steps one and two by creating the file (gfagentpw) and adding the password (agent456) in a single command as follows:
   
   # echo agent456>>/GF_OSSO_PA/gfagentpw
   
   
2. (CONDITIONAL) If you didn't combine the creation of text and the creation of the file in one command, using a text editor, enter the appropriate pasword in clear text on the first line of the file.


3. Secure the  password file appropriately, depending on the requirements of your deployment.
   

To Create the Agent Profile in the OpenSSO Console

When I create the agent, I won't choose the option for the agent installer to create the agent profile for me automatically (agentadmin --custom-isntall), so I need to do this task myself.

1. Using a browser, log in to OpenSSO Console as amAdmin.
   For example:
   http://OpenssoHost.example.com:8080/opensso
2. Select Access Control tab>realmname (such as Top Level Realm)>Agents>J2EE
3. In the Agent section, click New.
4. Fill in the fields as appropriate:
   
   

   Field	Example Value
   Name	glassfishagent
   Password	agent456
   Re-enter Password	agent456
   Configuration	Centralized
   Server URL	http://OpenssoHost.example.com:8080/opensso
   Agent URL	http://AgentHost.example.com:33053/agentapp

To Install the GlassFish Agent on GlassFish Domain2

This task involves the installation of the GlassFish agent on the GlassFish server, domain2.

1. Download the Sun Java System Application Server 9 (the GlassFish) agent to the directory in which you want to uninstall the agent.
   
   For my situation, I'm downloading the agent in to the following directory: /GF_OSSO_PA
   
   Since I used the September 10 build for the OpenSSO download, I'll be using the same date for the GlassFish agent download. If you install the OpenSSO server and the agent on the same day, the "latest" directory for the two downloads will have the same date.
   
   You can start form the following URL for the latest J2EE agent builds:
   http://download.java.net/general/opensso/nightly/latest/j2eeagents/
   
   If you want to go to that page, you can then right click the link "appserver_v9_agent_3.zip" in the table or you can right click the following link: appserver_v9_agent_3.zip. Then you can choose the option that controls where the download is saved within your directory ststem.
   
   If you want to install the same build that I did but at a point in time in which the Sept 10th build is no longer available from the J2EE agent page listed above, then you can pick it up at this link: http://download.java.net/general/opensso/nightly/20080910.1/j2eeagents/
   
   You can go to that page and right click the appserver_v9_agent_3.zip link or you can right click the following link: "appserver_v9_agent_3.zip." Then you can choose the option that controls which directory the file is downloaded to.
   
   
2. Unzip the zip file.
   For example:
   # unzip appserver_v9_agent_3.zip
   
   
3. (Conditional) Ensure that GlassFish domain1 is running.
   During agent installation, the agent searches for the OpenSSO server. The installation is more complete if the OpenSSO server is running.
   
   For example, you can check the GlassFish console (http://OpenssoHost.example.com:4848). If it is not accessible, start GlassFish domain1 (For example # /GF_OSSO_PA/glassfish/bin/asadmin start-domain domain1)


4. Change to the directory that contains the agentadmin utility. For example:
   # cd /GF_OSSO_PA/j2ee_agents/appserver_v9_agent/bin
   
   
5. Set the permissions for the agentadmin utility. For example:
   # chmod 755 agentadmin
   
   
6. Start the agent installation. For example:
   # ./agentadmin --install
   
   I used ./agentadmin --install instead of ./agentadmin --custom-install.
   
   
7. Complete the installation as described in the substeps that follow:
1. Continually press enter to accept the various parts of the license agreement.
   
   
2. Enter yes to accept the complete agreement.
   You must then answer the agent installer prompts. Many of your responses will be responsses you provided when you created the agent profile.
   
   
3. Respond to the following prompt:
   Enter the Application Server Config Directory Path
   [/opt/SUNWappserver/domains/domain1/config]:
   
   I responded with the following:
   /GF_OSSO_PA/glassfish/domains/domain2/config
   
   
4. Respond to the following prompt:
   OpenSSO server URL:
   
   I responded with the name of the GlassFish Server domain1, which is where I installed OpenSSO:
   http://OpenssoHost.example.com:8080/opensso
   
   I've messed up here before where I put a forward slash "/" after "opensso": That causes huge problems. Don't put anything after "opensso": not even a space.
   
   
5. Respond to the following prompt:
   Agent URL:
   
   I responded with the name of the GlassFish instance including the port for domain2:
   http://AgentHost.example.com:33053/agentapp
   
   
6. Respond to the following prompt:
   Enter the Agent Profile name:
   
   I responded with the following:
   glassfishagent
   
   
7. Respond to the following prompt:
   Enter the path to the password file:
   
   I responded with the following:
   /GF_OSSO_PA/gfagentpw
   
   Then, a summary of your responses is displayed as such:
   
   Verify your settings above and decide from the choices below.
   1. Continue with Installation
   2. Back to the last interaction
   3. Start Over
   4. Exit
   Please make your selection [1]:
   
   
8. Choose the applicable option.
   
   I responded by pressing Return to accept the default choice: "1. Continue with Installation"

To Deploy Applications on GlassFish

There are a few ways to deploy applications on GlassFish. This task shows the method I used. I deployed two applications at the same time. The agentapp.war file is used for housekeeping tasks, and it required for the notification mechanism to function. The agentsample.ear file is the J2EE agent sample application, which gives you the opportunity to practice protecting an application with the agent. Therefore, you can create policies and perform other tasks that control access to the application and then you can test those policies.  I'll be configuring the sample application in the next task, so I decided to deploy it at the same time that I'm deploying the agent application.

Deploying the sample application (e.g agentsample.ear)  the way I do below (without building my own sample application)  is possible because the agentsample.ear file is already built for me with the assumption that I  used the default realm, "opensso" when installing the OpenSSO server.  Well, good, I really did use the "opensso" realm, so I didn't have to change the realm information and rebuild the sample application myself. By the way, such details are explained in the sample application readme.txt file:
(e.g. /GF_OSSO_PA/j2ee_agents/appserver_v9_agent/sampleapp/readme.txt)

1. Copy the agentapp.war file and the agentsample.ear file to the GlassFish domain2 autodeploy directory. For example, from the root directory, I issued the following commands:
   
   # cp /GF_OSSO_PA/j2ee_agents/appserver_v9_agent/etc/agentapp.war /GF_OSSO_PA/glassfish/domains/domain2/autodeploy
   
   # cp /GF_OSSO_PA/j2ee_agents/appserver_v9_agent/sampleapp/dist/agentsample.ear  /GF_OSSO_PA/glassfish/domains/domain2/autodeploy
   
   
2. Start GlassFish domain2 (the domain on which the agent is installed) with the appropriate command. For example I issued the following command:
   # /GF_OSSO_PA/glassfish/bin/asadmin start-domain domain2


3. Enter the master password.
   For example:
adminadmin

   When the domain starts, the two applications will deploy.
   
   
4. Verify that the Application Server is running and the two applications were deployed as described in the substeps that follow:
   
   
   1. Using a browser, access http://GlassFishHost.example.com:6868
      
      Remember that because of the way I created domain2, port 6868 is the correct port for domain2.
      
      
   2. Log in with the proper credentials. For example:
      User name: admin
      Password: adminadmin
      
      
5. In the left pane, click the arrows next to the following labels:
   
   • Enterprise Applications
   • Web Applications
     
     
   You should see the two applications you just deployed, the agentsample and the agentapp, as illustrated in the image to the right.
   
   Now things are set for you to experiment with the sample application,
   
   Sean Brydon has written up quite a bit about the J2EE sample applicaton, the quick example is here and the detailed example is here.

The very next blog entry (Policy Agent 3.0: Learning About J2EE Agents By Using the Sample Application) describes how to set up the sample application. It's real important and useful info. Really!!!