Exception from System.loadLibrary(smjavaagentapi) java.lang.UnsatisfiedLinkError: no smjavaagentapi in java.library.path - 一天不进步，就是退步

缺少smjavaagentapi.jar文件或者libsjavaagentapi.so缺少相关的依赖包。

2.使用ldd命令检查sso的bin下面的ligsmjavaagentapi.so是否缺少依赖包，如果缺少，添加到/usr/lib目录下。

Implementation differences between smjavaagentapi and smagentapi

Another interesting piece of information for those who work closely with SM SDK for Agent APIs. Siteminder SDK provides an array of agent APIs which one can leverage to write a custom agent from scratch ( we will talk about siteminder custom agents in detail in coming articles , contact me if you need more information on this ). Lot many enterprises use these agent APIs to write there custom solutions around agent area.

Applications can use these agent APIs in 2 ways .. they can use either the pure java agent APIs or JNI java agent APIs. smagentapi.jar is the library which is used for pure java implementation while smjavaagentapi.jar is used in case of JNI java agent api implementation. Applications have the liberty to use either of them based on there architecture. From SM SDK perspective both libraries have same functionality but built with different technologies. So there is a difference the way applications can use them in there environments.

smagentapi.jar does not need any shared objects or dll to do its functionality , it is a pure java api and can be used standalone. smjavaagentapi needs the underlying shared object or dll to run , it calls the native functions contained in shared objects/DLLs to achieve its tasks. In case you dont have the shared objects/dll in your environment or the path is not set properly then it is very much common to get following “unsatisfied link” errors while loading these libraries.

Sample error.

“EXCEPTION OCCURED WHILE INITIALIZING SESSION MANAGER – SESSION MANAGER FAILED TO INITIALIZE
: java.lang.UnsatisfiedLinkError: netegrity/siteminder/javaagent/AgentAPI.javaagent_api_getConfig ”

So if you are using JNI Java agent api , dont forget to take care of native shared object/dll( libsmjavaagentapi.so/dll)

Netegrity Siteminder (now Computer Associates) provides the foundation for policy-based authentication and authorization across the Enterprise. The 2 major components in Siteminder are the Policy Server and the Remote Agents. The agents intercept the request for an electronic resource and enforce the access policy located in the Policy Server, basically, the agents are like security guards that verify the persons identity and open the secure door.
Netegrity provides agents for many web and application servers, however, currently (as far as I know) there is no agent available for tomcat or jboss/jetty.
I developed a custom agent using the Siteminder sdk that supports most Servlet 2.3 compliant containers including tomcat and jboss (with embedded tomcat or jetty). This is a basic agent that is meant to be used in a development environment. It allows a developer using standalone jboss/tomcat to test authentication/authorization against the Netegrity policy server.

I'm making this available to the Netegrity Siteminder community in the traditional open source agreement, which basically means - use it at your own risk. Having said that, you may contact me with any questions/problems related to this agent and I will be glad to answer your questions and provide bug fixes (in my spare time).
After you read the application strategy and installation instructions below, you may request the runtime (.jar) file and/or source code by contacting me.

Application Strategy
This siteminder agent only supports basic authentication and at this time does not use policy server administration functions, this means it does not handle user timeouts or cache flushing. It will however, cache unprotected resources to avoid policy server call overhead and handle SSO tokens (SMSESSION) to provide session re-establishment.

The most common options to intercept a request in tomcat are valves and servlet filters. I decided to implement my siteminder agent as a Servlet filter because it's a portable, 100% Sun specifications compliant solution.

Installation
Step 1 - Confirm that the Netegrity Siteminder client support is installed, this may be available if you 1) installed one of the Netegrity agents or 2) installed the Siteminder SDK. Basically, the 2 files you need are the smjavaagentapi.jar which is a java wrapper (JNI) to the actual C api implementation shared library (in windows is called smjavaagentapi.dll). The DLL file must be located somewhere in the system path and must be of the same version as the JAR file.

Step 2 - Create a configuration file as shown below and call it smfilter.cfg (adjust it for you application)

- The AGENT_NAME parameter must contain the name of an agent defined in the policy server, it must support 4.x clients.
- The PS_IP parameter above should point to your policy server

- Execute the following command to update the configuration file with an encrypted shared secret word - note the parameter '-c' specifies the location of the configuration file.

This will add the following line to the configuration file (containing your shared secret encrypted)
AGENT_SECRET_ENC = bWFzdGVy

Step 3 - Update your server web.xml definition to include this filter.
    In tomcat this file located in the /conf directory (ie., C:\jakarta-tomcat-4.1.30\conf).
    In jboss with tomcat it is located in the jbossweb-tomcat directory (i.e., C:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar)
    In jboss with jetty (Identity Minder default) it's called webdefault.xml and located in the jbossweb.sar directory (i.e., D:\IdentityMinder\jboss-3.0.6\server\default\deploy\jbossweb.sar\webdefault.xml).

NOTE: You must change the config parameter above to reflect the location of your smfilter.cfg file.

Step 4 - Restart your web container.
Test this agent by creating a test policy for this agent