This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.
Developing a JMX Java client for Liberty
You can develop a Java™ Management Extensions (JMX) client application to access the secured REST connector of the Liberty server.
About this task
Using a JMX remote client application, you can administer the Liberty server through JMX programming.
Procedure
- Develop a sample JMX client as follows. The REST connector supports the standard JMX API.
import javax.management.remote.JMXServiceURL; import javax.management.MBeanServerConnection; import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import java.util.HashMap; public class Test { public static void main(String[] args) { System.setProperty("javax.net.ssl.trustStore", <truststore location>); System.setProperty("javax.net.ssl.trustStorePassword", <truststore password>); //If the type of the trustStore is not jks, which is default, //set the type by using the following line. System.setProperty("javax.net.ssl.trustStoreType", <truststore type>); try { HashMap<String, Object> environment = new HashMap<String, Object>(); environment.put("jmx.remote.protocol.provider.pkgs", "com.ibm.ws.jmx.connector.client"); environment.put(JMXConnector.CREDENTIALS, new String[] { "bob", "bobpassword" }); JMXServiceURL url = new JMXServiceURL("service:jmx:rest://<host>:<port>/IBMJMXConnectorREST"); JMXConnector connector = JMXConnectorFactory.newJMXConnector(url, environment); connector.connect(); MBeanServerConnection mbsc = connector.getMBeanServerConnection(); } catch(Throwable t) { ... } } }
- Optional: Disable host name verification for SSL certificates. The certificates that are installed with
the Liberty profile might not contain the host name of where the server is actually running. If you
want to disable host name verification of SSL certificates, you can set the system property
com.ibm.ws.jmx.connector.client.disableURLHostnameVerification to true, which
disables host name verification for all connections. To disable host name verification on a
per-connection basis, pass the property as a new environment when you create the
JMX connection:
HashMap<String, Object> environment = new HashMap<String, Object>(); environment.put("jmx.remote.protocol.provider.pkgs", "com.ibm.ws.jmx.connector.client"); environment.put("com.ibm.ws.jmx.connector.client.disableURLHostnameVerification", Boolean.TRUE); environment.put(JMXConnector.CREDENTIALS, new String[] { "bob", "bobpassword" }); ...
- Optional: Configure JMX REST connector settings by using the environment Map.
... HashMap<String, Object> environment = new HashMap<String, Object>(); environment.put("com.ibm.ws.jmx.connector.client.rest.maxServerWaitTime", 0); environment.put("com.ibm.ws.jmx.connector.client.rest.notificationDeliveryInterval", 65000); ...
- Optional: The Liberty REST connector allows you to specify a custom SSL socket factory that can be used
to obtain sockets. If the javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX
path building failed: java.security.cert.CertPathBuilderException: unable to find valid
certification path to requested target exception is displayed, you can create your own
SSLContext from your own KeyStores and then use the SocketFactory from that context with the REST
connector.
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream inputStream = new FileInputStream("myTrustStore.jks"); trustStore.load(inputStream, "password".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustManagers, null); Map<String, Object> environment = new HashMap<String, Object>(); environment.put(ConnectorSettings.CUSTOM_SSLSOCKETFACTORY, sslContext.getSocketFactory()); environment.put(ConnectorSettings.DISABLE_HOSTNAME_VERIFICATION, true); environment.put("jmx.remote.protocol.provider.pkgs", "com.ibm.ws.jmx.connector.client"); environment.put(JMXConnector.CREDENTIALS, new String[] { "admin", "password" }); JMXServiceURL url = new JMXServiceURL("REST", "myhost", 9443, "/IBMJMXConnectorREST"); jmxConn = JMXConnectorFactory.connect(url, environment);
Parent topic: Configuring secure JMX connection to Liberty
Related tasks:


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=twlp_dev_jmxclient
File name: twlp_dev_jmxclient.html