If you use the Java Management Extensions (JMX) security
feature in WebSphere® Application Server
Community Edition Version
2.1, additional steps are required to enable the security feature
in WebSphere Virtual Enterprise.
Before you begin
New feature: You
can use this feature if you have Version 6.1.0.5 or later installed.
newfeat
- You must have WebSphere Application Server
Community Edition Version
2.1 installed with JMX security enabled.
About this task
JMX security is a feature that is added in WebSphere Application Server
Community Edition Version 2.1. When you
create new servers or dynamic clusters in the administrative console
in WebSphere Virtual Enterprise Version 6.1.0.5
or later, you can use the wasce21s server template to
create servers that have JMX security enabled. If you have discovered
servers, you must perform the additional steps in this topic to configure
JMX security.
Procedure
- If you have an existing server, start the WebSphere Application Server
Community Edition Version 2.1 server for
which JMX security needs to be enabled.
- Import the WebSphere Application Server
Community Edition certificates
into the WebSphere Application Server trust
store.
- In the administrative console, click .
- Enter the host name of the node where WebSphere Application Server
Community Edition Version 2.1 is running,
the HTTPS port number, and an alias for the certificate.
- Click Retrieve signer information.
- Save and synchronize your settings.
- Configure your WebSphere Application Server
Community Edition Version
2.1 server. If you have not yet created your servers in
the environment, you can create the server using the wasce21s server
template. If the server has already been discovered by WebSphere Virtual Enterprise, you must perform the
additional steps that are required to enable security that are listed
in this step.
To create a new WebSphere Application Server
Community Edition Version 2.1 server or
dynamic cluster with JMX security enabled, perform the following steps:
- To create a WebSphere Application Server
Community Edition server
in the administrative console, click . To create a WebSphere Application Server
Community Edition dynamic
cluster in the administrative console, click . Choose WebSphere Application Server
Community Edition as
the server type.
- Select the wasce21s template in the wizard.
- Save and synchronize your changes.
For a server that has already been discovered by WebSphere Virtual Enterprise, perform the following
steps:
- Stop the WebSphere Application Server
Community Edition Version
2.1 server.
- Edit the config.xml file to disable
the JMX service and enable the JMX secure connector.
- In the administrative console, open the WebSphere Application Server
Community Edition Version 2.1 server configuration.
Click .
- Click the External configuration tab. Edit
the config.xml file.
- Make the following changes, highlighted in bold text:
<module name="org.apache.geronimo.framework/j2ee-security/2.1.1/car">
<gbean name="JMXService" load="false">
<attribute name="protocol">rmi</attribute>
<attribute name="host">${ServerHostname}</attribute>
<attribute name="port">${JMXPort + PortOffset}</attribute>
<attribute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXConnector</attribute>
</gbean>
</module>
...
...
...
<module name="org.apache.geronimo.configs/clustering/2.1.1/car" load="false">
<gbean name="Node">
<attribute name="nodeName">${clusterNodeName}</attribute>
</gbean>
</module>
...
...
...
<module name="org.apache.geronimo.framework/jmx-security/2.1.1/car" load="true">
<gbean name="JMXSecureConnector load="true">
<attribute name="protocol">rmi</attribute>
<attribute name="host">${ServerHostname}</attribute>
<attribute name="port">${JMXSecurePort + PortOffset}</attribute>
<attrubute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXSecureConnector</attribute>
<attribute name="clientAuth">false</attribute>
</gbean>
</module>
- Add the JAVA_OPTS variable.
- In the administrative console, click .
- Create a new variable called JAVA_OPTS.
- Enter the following text in the Value field,
specifying the appropriate values for the system properties:
-Djavax.net.ssl.keyStore=${GERONIMO_HOME}/var/security/keystores/geronimo-default
-Djavax.net.ssl.keyStorePassword=secret
-Djavax.net.ssl.trustStore=${GERONIMO_HOME}/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret
- Click OK.
- Add the UseJMXSecureConnector custom property.
- In the administrative console, click
- Enter UseJMXSecureConnector as the value
in the Name field.
- Enter true in the Value field.
- Click OK.
- Save and synchronize your changes.
- Restart your server.
Results
You can use WebSphere Application Server
Community Edition Version
2.1 with JMX security enabled.