WAS v8.5 > Secure applications > Secure the Liberty profile and its applications

Configure secure JMX connection to the Liberty profile

Overview

To keep communications confidential SSL is required

The REST connector is enabled using feature restConnector-1.0, which by default already includes the ssl-1.0 feature.

Remote access through the REST connector is protected by a single administrator role.

An application deployed on the Liberty profile has unrestricted access to its MBeanServer directory.

Configure the REST connector

1. Enable the REST connector server.xml.

   < featureManager>
        <feature>restConnector-1.0</feature> </featureManager>

2. Configure SSL certificates in server.xml.

3. Map a user or group to the administrator role

4. Access the REST connector using either...
   • JMX client application
   • jConsole tool

   To use jConsole, leverage -J flags to...

   • pass the system properties as Java options
   • set the class path to include the connector class files

   The connector class files are packed in clients/restConnector.jar.

   For example...

   jconsole -J-Djava.class.path=%JAVA_HOME%/lib/jconsole.jar;%JAVA_HOME%/lib/tools.jar;%WLP_HOME%/clients/restConnector.jar
            -J-Djavax.net.ssl.trustStore=key.jks 
            -J-Djavax.net.ssl.trustStorePassword=Liberty 
            -J-Djavax.net.ssl.trustStoreType=jks

   After the jConsole starts, select...

   Remote Process

   ...and enter the JMX service URL...

   service:jmx:rest://<host>:port/IBMJMXConnectorREST

   The port number is the HTTPS port. Provide the user name and password as well.

   There are some JMX REST connection options that we can specify as system properties,

See also

1. Map the administrator role for the Liberty profile
   
2. Develop a JMX Java client for the Liberty profile
   
3. Liberty profile: JMX REST connector settings
   

Parent topic: Connect to the Liberty profile using JMX