Allowlisting in WebSphere Application Server

How we use IBM MQ classes for JMS allowlisting in WebSphere Application Server.

Note: Wherever possible, the term allowlist has replaced the term whitelist. One exception is the Java™ system property names mentioned in this topic.

You must ensure that your WebSphere Application Server installation includes a version of the IBM MQ resource adapter that supports allowlisting. This functionality was added to the resource adapter as part of APAR IT14385.

See Use IBM MQ and WebSphere Application Server together for further information on using the two products.

Once the application server has been updated, we can use the Java system properties:

  • -Dcom.ibm.mq.jms.whitelist
  • -Dcom.ibm.mq.jms.whitelist.discover
described in Set up and using a JMS allowlist.Note: You need to set the Java system properties as generic JVM arguments, on the Java virtual machine used to run the application server, and the application server restarted for the changes to take effect.

See the section on Generic JVM arguments in Java virtual machine settings for more information.

To set the properties, go to the Java virtual machine window in Process definitions and enter the appropriate argument.

The following setting:
-Dcom.ibm.mq.jms.whitelist=<youruserId>_MyObject
causes the application server to use the allowlist youruserId_MyObject. Only objects of the type are processed by the application server. The following settings:
-Dcom.ibm.mq.jms.whitelist.discover=true
-Dcom.ibm.mq.jms.whitelist=file:C/:allowlist.txt
configure the application server to use Discover mode, and record details of the JMS ObjectMessages, that the application server processes, to the file C:\allowlist.txt The following setting:
-Dcom.ibm.mq.jms.whitelist=file:C/:allowlist.txt
causes the application server to load the file C:/allowlist.txt, and use the information in that file to determine the allowlist.