+

Search Tips   |   Advanced Search

Extending the WAS administrative system with custom MBeans


We can extend the WAS administration system by supplying and registering new Java Management Extensions (JMX) MBeans (see JMX 1.x Specification for details) in one of the WebSphere processes.

JMX MBeans represent the management interface for a particular piece of logic. All of the managed resources within the standard product infrastructure are represented as JMX MBeans. There are a variety of ways in which we can create our own MBeans and register them with the JMX MBeanServer running in any WebSphere process.

See MBean Java API documentation. In this information center, click Reference > Mbean interfaces.

 

  1. Create custom JMX MBeans.

    we have some alternatives to select from, when creating MBeans to extend WAS administrative system. Use any existing JMX MBean from another application. We can register any MBean that you tested in a JMX MBean server outside of the WAS environment in a product process, including standard MBeans, dynamic MBeans, open MBeans, and model MBeans.

    In addition to any existing JMX MBeans, and ones that were written and tested outside of WAS environment, we can use the special distributed extensions provided by WebSphere and create a WebSphere ExtensionMBean provider. This alternative provides better integration with all of the distributed functions of WAS admin system. An ExtensionMBean provider implies that you supply an XML file that contains an MBean Descriptor based on the DTD shipped with WAS ND. This descriptor tells the WebSphere system all of the attributes, operations, and notifications that the MBean supports. With this information, the WebSphere system can route remote requests to the MBean and register remote Listeners to receive your MBean event notifications.

    All of the internal WebSphere MBeans follow the Model MBean pattern. Pure Java classes supply the real logic for management functions, and the WebSphere MBeanFactory class reads the description of these functions from the XML MBean Descriptor and creates an instance of a ModelMBean that matches the descriptor. This ModelMBean instance is bound to the Java classes and registered with the MBeanServer running in the same process as the classes. Your Java code now becomes callable from any WAS admin client through the ModelMBean created and registered to represent it.

  2. Optionally define an explicit MBean security policy.

    If we do not define an MBean security policy, WAS uses the default security policy.

  3. Register the new MBeans. There are various ways to register your MBean.

    We can register the MBean with the WAS administrative service. We can register the MBean with the MBeanServer in a WAS process.

    The following list describes the available options in order of preference:

    • Go through the MBeanFactory class. If we want the greatest possible integration with the WAS system, then use the MBeanFactory class to manage the life cycle of the MBean through the activateMBean and deactivateMBean methods of the MBeanFactory class. Use these methods, by supplying a subclass of the RuntimeCollaborator abstract superclass and an XML MBean descriptor file. Using this approach, you supply a pure Java class that implements the management interface defined in the MBean descriptor. The MBeanFactory class creates the actual ModelMBean and registers it with WAS admin system on the behalf.

      This option is recommended for registering model MBeans.

    • Use the JMXManageable and CustomService interface. We can make the process of integrating with WebSphere administration even easier by implementing a CustomService interface that also implements the JMXManageable interface. Using this approach, we can avoid supplying the RuntimeCollaborator. When your CustomService interface is initialized, the WebSphere MBeanFactory class reads your XML MBean descriptor file and creates, binds, and registers an MBean to the CustomService interface automatically. After the shutdown method of your CustomService is called, WAS system automatically deactivates your MBean.

    • Go through the AdminService interface. We can call the registerMBean() method on the AdminService interface and the invocation is delegated to the underlying MBeanServer for the process, after appropriate security checks. We can obtain a reference to the AdminService using the getAdminService() method of the AdminServiceFactory class.

      This option is recommended for registering standard, dynamic, and open MBeans. Implement the UserCollaborator class to use the MBeans and to provide a consistent level of support for them across distributed and z/OS platforms.

    • Get MBeanServer instances directly. We can get a direct reference to the JMX MBeanServer instance running in any product process, by calling the getMBeanServer() method of the MBeanFactory class. You get a reference to the MBeanFactory class by calling the getMBeanFactory() method of the AdminService interface.

      When a custom MBean is registered directly with the MBean server, the MBean object name is enhanced with the cell, node and process name keys by default. This registration allows the MBean to participate in the distributed features of the admin system. We can turn off the default behavior by setting the com.ibm.websphere.mbeans.disableRouting custom property.

 

Results

Regardless of the approach used to create and register the MBean, set up proper Java 2 security permissions for the new MBean code. The WebSphere AdminService and MBeanServer are tightly protected using Java 2 security permissions and if we do not explicitly grant the code base permissions, security exceptions are thrown when you attempt to invoke methods of these classes. If supplying your MBean as part of the application, we can set the permissions in was.policy that you supply as part of the application metadata. For a CustomService interface or other code not delivered as an application, we can edit the library.policy file in the node configuration, or even the server.policy file in the properties directory for a specific installation.


Best practices for standard, dynamic, and open MBeans
Create and registering standard, dynamic, and open custom MBeans
Set Java 2 security permissions
Administrative security
Default MBean security policy
Define an explicit MBean security policy
Specifying fine-grained MBean security in the MBean descriptor

 

Related


Administration services custom properties