If you use the Java™ Management
Extensions (JMX) security feature in WebSphere® Application
Server Community Edition Version 2.1, additional
steps are required to enable the Intelligent Management security feature.
Before you begin
Deprecated feature: Assisted and Complete Lifecycle servers have been deprecated in
WebSphere Application Server Version 9.0. Migrate WebSphere Liberty servers to a
Liberty Collective configuration. There is no recommended migration action for other server
types.
depfeat
- You must have WebSphere Application
Server Community Edition Version
2.1 installed with JMX security enabled.
About this task
JMX security is a feature that is added in
WebSphere Application
Server Community Edition Version 2.1. When you
create new servers or dynamic clusters in the administrative console
, you can use the
wasce21s server template to create
servers that have JMX security enabled. If you have discovered servers,
you must perform the additional steps in this topic to configure JMX
security.
Procedure
- If you have an existing server, start the WebSphere Application
Server Community Edition Version 2.1 server for
which JMX security needs to be enabled.
- Import the WebSphere Application
Server Community Edition certificates
into the WebSphere Application
Server trust
store.
- In the administrative console, click .
- Enter the host name of the node where WebSphere Application
Server Community Edition Version 2.1 is running,
the HTTPS port number, and an alias for the certificate.
- Click Retrieve signer information.
- Save and synchronize your settings.
- Configure your WebSphere Application
Server Community Edition Version
2.1 server. If you have not yet created your servers in
the environment, you can create the server using the wasce21s server
template. If the server has already been discovered by Intelligent Management, you must perform the
additional steps that are required to enable security that are listed
in this step.
To create a new WebSphere Application
Server Community Edition Version 2.1 server or
dynamic cluster with JMX security enabled, perform the following steps:
- To create a WebSphere Application
Server Community Edition server
in the administrative console, click . To create a WebSphere Application
Server Community Edition dynamic
cluster in the administrative console, click . Choose WebSphere Application
Server Community Edition as the server type.
- Select the wasce21s template in the
wizard.
- Save and synchronize your changes.
For a server that has already been discovered by Intelligent Management, perform the following
steps: - Stop the WebSphere Application
Server Community Edition Version
2.1 server.
- Edit the config.xml file to disable
the JMX service and enable the JMX secure connector.
- In the administrative console, open the WebSphere Application
Server Community Edition Version 2.1 server configuration.
Click .
- Click the External configuration tab. Edit
the config.xml file.
- Make the following changes, highlighted in bold text:
<module name="org.apache.geronimo.framework/j2ee-security/2.1.1/car">
<gbean name="JMXService" load="false">
<attribute name="protocol">rmi</attribute>
<attribute name="host">${ServerHostname}</attribute>
<attribute name="port">${JMXPort + PortOffset}</attribute>
<attribute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXConnector</attribute>
</gbean>
</module>
...
...
...
<module name="org.apache.geronimo.configs/clustering/2.1.1/car" load="false">
<gbean name="Node">
<attribute name="nodeName">${clusterNodeName}</attribute>
</gbean>
</module>
...
...
...
<module name="org.apache.geronimo.framework/jmx-security/2.1.1/car" load="true">
<gbean name="JMXSecureConnector load="true">
<attribute name="protocol">rmi</attribute>
<attribute name="host">${ServerHostname}</attribute>
<attribute name="port">${JMXSecurePort + PortOffset}</attribute>
<attrubute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXSecureConnector</attribute>
<attribute name="clientAuth">false</attribute>
</gbean>
</module>
- Add the JAVA_OPTS variable.
- In the administrative console, click .
- Create a new variable called JAVA_OPTS.
- Enter the following text in the Value field,
specifying the appropriate values for the system properties:
-Djavax.net.ssl.keyStore=${GERONIMO_HOME}/var/security/keystores/geronimo-default
-Djavax.net.ssl.keyStorePassword=secret
-Djavax.net.ssl.trustStore=${GERONIMO_HOME}/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret
- Click OK.
- Add the UseJMXSecureConnector custom property.
- In the administrative console, click
- Enter UseJMXSecureConnector as the value
in the Name field.
- Enter true in the Value field.
- Click OK.
- Save and synchronize your changes.
- Restart your server.
Results
You can use
WebSphere Application
Server Community Edition Version
2.1 with JMX security enabled.
What to do next
Configure your
WebSphere Application
Server Community Edition servers. For more information,
read about configuring complete lifecycle
WebSphere Application
Server Community Edition servers and
dynamic clusters.