Netegrity Siteminder (now Computer Associates) provides the foundation for policy-based authentication and authorization across the Enterprise. The 2 major components in Siteminder are the Policy Server and the Remote Agents. The agents intercept the request for an electronic resource and enforce the access policy located in the Policy Server, basically, the agents are like security guards that verify the persons identity and open the secure door.
Netegrity provides agents for many web and application servers, however, currently (as far as I know) there is no agent available for tomcat or jboss/jetty.
I developed a custom agent using the Siteminder sdk that supports most Servlet 2.3 compliant containers including tomcat and jboss (with embedded tomcat or jetty). This is a basic agent that is meant to be used in a development environment. It allows a developer using standalone jboss/tomcat to test authentication/authorization against the Netegrity policy server.

I'm making this available to the Netegrity Siteminder community in the traditional open source agreement, which basically means - use it at your own risk. Having said that, you may contact me with any questions/problems related to this agent and I will be glad to answer your questions and provide bug fixes (in my spare time).
After you read the application strategy and installation instructions below, you may request the runtime (.jar) file and/or source code by contacting me.

Application Strategy
This siteminder agent only supports basic authentication and at this time does not use policy server administration functions, this means it does not handle user timeouts or cache flushing. It will however, cache unprotected resources to avoid policy server call overhead and handle SSO tokens (SMSESSION) to provide session re-establishment.

The most common options to intercept a request in tomcat are valves and servlet filters. I decided to implement my siteminder agent as a Servlet filter because it's a portable, 100% Sun specifications compliant solution.

Installation
Step 1 - Confirm that the Netegrity Siteminder client support is installed, this may be available if you 1) installed one of the Netegrity agents or 2) installed the Siteminder SDK. Basically, the 2 files you need are the smjavaagentapi.jar which is a java wrapper (JNI) to the actual C api implementation shared library (in windows is called smjavaagentapi.dll). The DLL file must be located somewhere in the system path and must be of the same version as the JAR file.

Step 2 - Create a configuration file as shown below and call it smfilter.cfg (adjust it for you application)

- The AGENT_NAME parameter must contain the name of an agent defined in the policy server, it must support 4.x clients.
- The PS_IP parameter above should point to your policy server

- Execute the following command to update the configuration file with an encrypted shared secret word - note the parameter '-c' specifies the location of the configuration file.

#java -classpath smfilter.jar com.tony007.FilterUtil -c c:\config\smfilter.cfg

This will add the following line to the configuration file (containing your shared secret encrypted)
AGENT_SECRET_ENC = bWFzdGVy

Step 3 - Update your server web.xml definition to include this filter.
    In tomcat this file located in the /conf directory (ie., C:\jakarta-tomcat-4.1.30\conf).
    In jboss with tomcat it is located in the jbossweb-tomcat directory (i.e., C:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar)
    In jboss with jetty (Identity Minder default) it's called webdefault.xml and located in the jbossweb.sar directory (i.e., D:\IdentityMinder\jboss-3.0.6\server\default\deploy\jbossweb.sar\webdefault.xml).

Insert the lines below immediately after the <web-app> tag

NOTE: You must change the config parameter above to reflect the location of your smfilter.cfg file.

Step 4 - Restart your web container.
Test this agent by creating a test policy for this agent