Allowlisting in WebSphere Application Server
How we use IBM MQ classes for JMS allowlisting in WebSphere Application Server.
Note: Wherever possible, the term allowlist has replaced the term whitelist. One exception is the Java™ system property names mentioned in this topic.You must ensure that your WebSphere Application Server installation includes a version of the IBM MQ resource adapter that supports allowlisting. This functionality was added to the resource adapter as part of APAR IT14385.
See Use IBM MQ and WebSphere Application Server together for further information on using the two products.
Once the application server has been updated, we can use the Java system properties:- -Dcom.ibm.mq.jms.whitelist
- -Dcom.ibm.mq.jms.whitelist.discover
See the section on Generic JVM arguments in Java virtual machine settings for more information.
To set the properties, go to the Java virtual machine window in Process definitions and enter the appropriate argument.
The following setting:-Dcom.ibm.mq.jms.whitelist=<youruserId>_MyObjectcauses the application server to use the allowlist youruserId_MyObject. Only objects of the type are processed by the application server. The following settings:
-Dcom.ibm.mq.jms.whitelist.discover=true -Dcom.ibm.mq.jms.whitelist=file:C/:allowlist.txtconfigure the application server to use Discover mode, and record details of the JMS ObjectMessages, that the application server processes, to the file C:\allowlist.txt The following setting:
-Dcom.ibm.mq.jms.whitelist=file:C/:allowlist.txtcauses the application server to load the file C:/allowlist.txt, and use the information in that file to determine the allowlist.