Configuring JMX security for WebSphere Application Server Community Edition Version 2.1 servers

If you use the Java Management Extensions (JMX) security feature in WebSphere® Application Server Community Edition Version 2.1, additional steps are required to enable the security feature in WebSphere Virtual Enterprise.

Before you begin

About this task

JMX security is a feature that is added in WebSphere Application Server Community Edition Version 2.1. When you create new servers or dynamic clusters in the administrative console in WebSphere Virtual Enterprise Version 6.1.0.5 or later, you can use the wasce21s server template to create servers that have JMX security enabled. If you have discovered servers, you must perform the additional steps in this topic to configure JMX security.

Procedure

  1. If you have an existing server, start the WebSphere Application Server Community Edition Version 2.1 server for which JMX security needs to be enabled.
  2. Import the WebSphere Application Server Community Edition certificates into the WebSphere Application Server trust store.
    1. In the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
    2. Enter the host name of the node where WebSphere Application Server Community Edition Version 2.1 is running, the HTTPS port number, and an alias for the certificate.
    3. Click Retrieve signer information.
    4. Save and synchronize your settings.
  3. Configure your WebSphere Application Server Community Edition Version 2.1 server. If you have not yet created your servers in the environment, you can create the server using the wasce21s server template. If the server has already been discovered by WebSphere Virtual Enterprise, you must perform the additional steps that are required to enable security that are listed in this step.

    To create a new WebSphere Application Server Community Edition Version 2.1 server or dynamic cluster with JMX security enabled, perform the following steps:

    1. To create a WebSphere Application Server Community Edition server in the administrative console, click Servers > Other middleware servers > WebSphere Application Server Community Edition servers > New. To create a WebSphere Application Server Community Edition dynamic cluster in the administrative console, click Servers > Dynamic cluster > New. Choose WebSphere Application Server Community Edition as the server type.
    2. Select the wasce21s template in the wizard.
    3. Save and synchronize your changes.
    For a server that has already been discovered by WebSphere Virtual Enterprise, perform the following steps:
    1. Stop the WebSphere Application Server Community Edition Version 2.1 server.
    2. Edit the config.xml file to disable the JMX service and enable the JMX secure connector.
      1. In the administrative console, open the WebSphere Application Server Community Edition Version 2.1 server configuration. Click Servers > Other middleware servers > WebSphere Application Server Community Edition servers > wasce_server_name.
      2. Click the External configuration tab. Edit the config.xml file.
      3. Make the following changes, highlighted in bold text:
        <module name="org.apache.geronimo.framework/j2ee-security/2.1.1/car">
        	<gbean name="JMXService" load="false">
        		<attribute name="protocol">rmi</attribute>
        		<attribute name="host">${ServerHostname}</attribute>
        		<attribute name="port">${JMXPort + PortOffset}</attribute>
        		<attribute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXConnector</attribute>
        	</gbean>
        </module>
        ...
        ...
        ...
        <module name="org.apache.geronimo.configs/clustering/2.1.1/car" load="false">
        	<gbean name="Node">
        		<attribute name="nodeName">${clusterNodeName}</attribute>
        	</gbean>
        </module>
        ...
        ...
        ...
        <module name="org.apache.geronimo.framework/jmx-security/2.1.1/car" load="true">
        	<gbean name="JMXSecureConnector load="true">
        		<attribute name="protocol">rmi</attribute>
        		<attribute name="host">${ServerHostname}</attribute>
        		<attribute name="port">${JMXSecurePort + PortOffset}</attribute>
        		<attrubute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXSecureConnector</attribute>
        		<attribute name="clientAuth">false</attribute>
        	</gbean>
        </module>
    3. Add the JAVA_OPTS variable.
      1. In the administrative console, click Servers > Other middleware servers > WebSphere Application Server Community Edition servers > wasce_server_name > Variables > New.
      2. Create a new variable called JAVA_OPTS.
      3. Enter the following text in the Value field, specifying the appropriate values for the system properties:
        -Djavax.net.ssl.keyStore=${GERONIMO_HOME}/var/security/keystores/geronimo-default 
        -Djavax.net.ssl.keyStorePassword=secret 
        -Djavax.net.ssl.trustStore=${GERONIMO_HOME}/var/security/keystores/geronimo-default 
        -Djavax.net.ssl.trustStorePassword=secret
      4. Click OK.
    4. Add the UseJMXSecureConnector custom property.
      1. In the administrative console, click Servers > Other middleware servers > WebSphere Application Server Community Edition servers > wasce_server_name > Custom properties > New
      2. Enter UseJMXSecureConnector as the value in the Name field.
      3. Enter true in the Value field.
      4. Click OK.
    5. Save and synchronize your changes.
    6. Restart your server.

Results

You can use WebSphere Application Server Community Edition Version 2.1 with JMX security enabled.

What to do next

Configure your WebSphere Application Server Community Edition servers. See Creating complete life-cycle WebSphere Application Server Community Edition servers and dynamic clusters for more information.

The URL for this topic is: