Monitor portal with JConsole attached to WebSphere7

When Liferay portal is deployed in WebSphere 7, it is possible to use JConsole to connect to the app server and monitor the portal. You need two files:

(1) wm-jmx.bat

@echo off

:: user configuration

set HOST=liferay:2809

set WAS_HOME=c:/WebSphere/AppServer

set PROPS_DIR=.etc

:: properties

set PROPS=
set PROPS=%PROPS% -Dcom.ibm.CORBA.ConfigURL=file:/%PROPS_DIR%/sas.client.props
set PROPS=%PROPS% -Djava.naming.provider.url=corbaname:iiop:%HOST%

:: classpath

set CLASSPATH=
set CLASSPATH=%CLASSPATH%;%WAS_HOME%\java\lib\tools.jar
set CLASSPATH=%CLASSPATH%;%WAS_HOME%\runtimes\com.ibm.ws.admin.client_7.0.0.jar
set CLASSPATH=%CLASSPATH%;%WAS_HOME%\runtimes\com.ibm.ws.ejb.thinclient_7.0.0.jar
set CLASSPATH=%CLASSPATH%;%WAS_HOME%\runtimes\com.ibm.ws.orb_7.0.0.jar
set CLASSPATH=%CLASSPATH%;%WAS_HOME%\java\lib\jconsole.jar

:: start jconsole using was jdk

start %WAS_HOME%\java\bin\javaw.exe -classpath %CLASSPATH% %PROPS% sun.tools.jconsole.JConsole service:jmx:iiop://%HOST%/jndi/JMXConnector

This batch starts JConsole using IBMs VM. First 3 params should be changed to match your environment!


(2) sas.client.props (in PROPS_DIR)

com.ibm.CORBA.securityEnabled=true

com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.authenticationRetryEnabled=true
com.ibm.CORBA.authenticationRetryCount=3
com.ibm.CORBA.validateBasicAuth=true
com.ibm.CORBA.securityServerHost=
com.ibm.CORBA.securityServerPort=
com.ibm.CORBA.loginTimeout=300
com.ibm.CORBA.loginSource=prompt

com.ibm.CORBA.loginUserid=
com.ibm.CORBA.loginPassword=

com.ibm.CORBA.krb5ConfigFile=
com.ibm.CORBA.krb5CcacheFile=

com.ibm.CSI.performStateful=true

com.ibm.CSI.performClientAuthenticationRequired=false
com.ibm.CSI.performClientAuthenticationSupported=true

# all false from here

com.ibm.CSI.performTLClientAuthenticationRequired=false
com.ibm.CSI.performTLClientAuthenticationSupported=false

com.ibm.CSI.performTransportAssocSSLTLSRequired=false
com.ibm.CSI.performTransportAssocSSLTLSSupported=false

com.ibm.CSI.performMessageIntegrityRequired=false
com.ibm.CSI.performMessageIntegritySupported=false

com.ibm.CSI.performMessageConfidentialityRequired=false
com.ibm.CSI.performMessageConfidentialitySupported=false

# not needed
#com.ibm.ssl.alias=DefaultSSLSettings

com.ibm.CORBA.requestTimeout=180

 

That's all, enjoy:)

Blogs
I'm trying to connect like described in the blog entry, but I get this error from jconsole:

Oct 6, 2010 8:31:33 AM null null
AUDIT: security.LoadSCI
Oct 6, 2010 8:31:34 AM null null
AUDIT: security.GettingConfig
Oct 6, 2010 8:31:34 AM null null
INFO: ssl.disable.url.hostname.verification.CWPKI0027I
Oct 6, 2010 8:31:34 AM null null
AUDIT: security.AuthTarget
Oct 6, 2010 8:31:34 AM null null
INFO: Client code attempting to load security configuration
Oct 6, 2010 8:31:34 AM null null
AUDIT: security.ClientCSI

And I keep getting this error, "ADMN0022E: Access is denied for the <some operation> operation on ... MBean because of insufficient or empty credentials."

My WAS is configured with administrative security enabled and federated repository with an LDAP server.
as you described, it seems you can't access to the server from the outside (jmx console). i do not know the answer, but might give you a hint: take a look at the used 'sas.client.props' file. there you will see many params such

com.ibm.CORBA.securityEnabled=true
com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.validateBasicAuth=true
com.ibm.CORBA.loginUserid=
com.ibm.CORBA.loginPassword=
...

maybe you need to enter user id and password and/or to change other client parameters. also, take a look at the original sas.client/props for more hints. and please let us know if and how you succeed;)