Developing a JMX Java client for Liberty
You can develop a Java™ Management Extensions (JMX) client application to access the secured REST connector of Liberty.
About this task
Using a JMX remote client application, you can administer Liberty through JMX programming.
Procedure
- Develop a sample JMX client. The REST connector supports the standard JMX API. For a started
Liberty server with the restConnector-1.0 feature configured, the contents of
${server.output.dir}/logs/state/com.ibm.ws.jmx.rest.address can be used to
instantiate a new JMXServiceURL object.
import javax.management.remote.JMXServiceURL; import javax.management.MBeanServerConnection; import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import java.util.HashMap; public class Test { public static void main(String[] args) { System.setProperty("javax.net.ssl.trustStore", <truststore location>); System.setProperty("javax.net.ssl.trustStorePassword", <truststore password>); //If the type of the trustStore is not jks, which is default, //set the type by using the following line. System.setProperty("javax.net.ssl.trustStoreType", <truststore type>); try { HashMap<String, Object> environment = new HashMap<String, Object>(); environment.put("jmx.remote.protocol.provider.pkgs", "com.ibm.ws.jmx.connector.client"); environment.put(JMXConnector.CREDENTIALS, new String[] { "bob", "bobpassword" }); JMXServiceURL url = new JMXServiceURL("service:jmx:rest://<host>:<port>/IBMJMXConnectorREST"); JMXConnector connector = JMXConnectorFactory.newJMXConnector(url, environment); connector.connect(); MBeanServerConnection mbsc = connector.getMBeanServerConnection(); } catch(Throwable t) { ... } } }
- Optional: Disable host name verification for SSL certificates. The certificates that are installed with
Liberty might not contain the host name of where the server is running. If you want to disable host
name verification of SSL certificates, you can set the system property
com.ibm.ws.jmx.connector.client.disableURLHostnameVerification to true, which
disables host name verification for all connections. To disable host name verification on a
per-connection basis, pass the property as a new environment when you create the
JMX connection:
HashMap<String, Object> environment = new HashMap<String, Object>(); environment.put("jmx.remote.protocol.provider.pkgs", "com.ibm.ws.jmx.connector.client"); environment.put("com.ibm.ws.jmx.connector.client.disableURLHostnameVerification", Boolean.TRUE); environment.put(JMXConnector.CREDENTIALS, new String[] { "bob", "bobpassword" }); ...
- Optional: Configure JMX REST connector settings by using the environment Map.
... HashMap<String, Object> environment = new HashMap<String, Object>(); environment.put("com.ibm.ws.jmx.connector.client.rest.maxServerWaitTime", 0); environment.put("com.ibm.ws.jmx.connector.client.rest.notificationDeliveryInterval", 65000); ...
- Optional: The Liberty REST connector allows a specific custom SSL socket factory to be used to obtain
sockets. If the javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path
building failed: java.security.cert.CertPathBuilderException: unable to find valid certification
path to requested target exception is displayed, you can create your own SSLContext from
your own keystores and then use the SocketFactory from that context with the REST connector.
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream inputStream = new FileInputStream("myTrustStore.jks"); trustStore.load(inputStream, "password".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustManagers, null); Map<String, Object> environment = new HashMap<String, Object>(); environment.put(ConnectorSettings.CUSTOM_SSLSOCKETFACTORY, sslContext.getSocketFactory()); environment.put(ConnectorSettings.DISABLE_HOSTNAME_VERIFICATION, true); environment.put("jmx.remote.protocol.provider.pkgs", "com.ibm.ws.jmx.connector.client"); environment.put(JMXConnector.CREDENTIALS, new String[] { "admin", "password" }); JMXServiceURL url = new JMXServiceURL("REST", "myhost", 9443, "/IBMJMXConnectorREST"); jmxConn = JMXConnectorFactory.connect(url, environment);
Parent topic: Configuring secure JMX connection to Liberty
Related tasks:


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twlp_dev_jmxclient
File name: twlp_dev_jmxclient.html