Wednesday, 24 February 2010

Invoking Custom MBeans via Java

A third way of invoking a method on a custom MBean is to actually embed the call within a Java method.

I already have a web application with EJB tier behind it so decided to enable a button on the web app which would call through to the EJB and then lookup the custom MBean and call the initialise method on it.

Within the EJB container you can get a default InitialContext using the authenticated user's credentials:

Context ctx = new InitialContext();

Then lookup WebLogic's runtime MBean Server as follows:

MBeanServer server = (MBeanServer)ctx.lookup("java:comp/env/jmx/runtime");

Call to retrieve all MBeans:
Set names = server.queryNames(null, null);

Loop through to find your desired bean and call invoke the on the WebLogic server runtime object:

for(ObjectName name:names)
{
if(name.toString().equals("com.workflow.server.infrastructure:type=WFEngineMBean,name=WFEngineMBean")))
{
server.invoke(name, "forceEngineInitialisation", null, null);
break;
}
}

This is a very quick knock up of how to do this programmatically. I believe you can improve your search results from the server by modiying the method: server.queryNames(null, null); and passing details of the MBean you require. Haven't got that to work yet though.
Posted by at No comments:

Connecting to MBeans via JConsole


Update from last blog...it looks like you can invoke custom MBean methods using the Java JDK's JConsole GUI. Instructions as follows... In order to connect to the server via the jconsole GUI, you must configure both your application server and the jconsole client.


WebLogic Server configuration

The following command-line options should be added to the WebLogic startup script. As an example they can be added to the JAVA_OPTIONS variable within the setDomainEnv script:

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8888
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.authenticate=false

Additionally the following two options should be added – these refer to the keystore which is used by the server – usually located within the JDK shipped with WebLogic:
-Djavax.net.ssl.keyStore=C:\bea_9_2_3\jdk150_12\jre\lib\security\cacerts
-Djavax.net.ssl.keyStorePassword=changeit

Key Generation

Using the keystore above, a certificate key should be generated as follows (apply parameters appropriate for the environment):

keytool -genkey -alias jconsole -keyalg RSA -validity 7 -keystore C:\bea_9_2_3\jdk150_12\jre\lib\security\cacerts 
 
 Enter keystore password:  changeit
 What is your first and last name?
 [Unknown]:  jconsole
 What is the name of your organizational unit?
 [Unknown]:  Unit
 What is the name of your organization?
 [Unknown]:  Org
 What is the name of your City or Locality?
 [Unknown]:  Newcastle

 What is the name of your State or Province?
 [Unknown]:  Tyneside
 What is the two-letter country code for this unit?
 [Unknown]:  UK

 Is CN=jconosle, OU=Unit, O=Org,

 L=Newcastle, ST=Tyneside, C=UK correct?

 [no]:  yes
 
 Enter key password for 
  (RETURN if same as keystore password):

Confirm that the entry has been created successfully:

keytool -list -v -keystore keystore
Enter keystore password:  password
 
Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: jconsole
Creation date: Dec 20, 2001
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=jconsole, OU=Unit, O=Org,L=Newcastle, ST=Tyneside, C=UK
Issuer: CN=jconsole, OU=Unit, O=Org,L=Newcastle, ST=Tyneside, C=UK Serial number: 3c22adc1
Valid from: Thu Dec 20 19:34:25 PST 2001 until: Thu Dec 27 19:34:25 PST 2001
Certificate fingerprints:
    MD5: F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C:9C:F0
    SHA1: B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:AF:6A:3D:E4:03:7C:74

Key import

The certificate generated above should now be exported from the keystore and imported to the keystore where the jconsole GUI is running. Export as follows:

keytool -export -alias jconsole -keystore C:\bea_9_2_3\jdk150_12\jre\lib\security\cacerts –rfc -file jconsole.cer

Then import as follows:

keytool -import -alias jconsole -file jconsole.cer -keystore truststore
Enter keystore password:  changeit
Owner: CN=jconsole, OU=Unit, O=Org,L=Newcastle, ST=Tyneside, C=UK
Issuer: CN=jconsole, OU=Unit, O=Org,L=Newcastle, ST=Tyneside, C=UK
Serial number: 3c22adc1
Valid from: Thu Dec 20 19:34:25 PST 2001 until: Thu Dec 27 19:34:25 PST 2001
Certificate fingerprints:
    MD5: F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C:9C:F0
    SHA1: B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:AF:6A:3D:E4:03:7C:74
Trust this certificate? [no]:  yes
Certificate was added to keystore

There is now a SSL trust established between the WebLogic server and the jconsole client. The jconsole client can now connect to the server to monitor JMX MBeans securely.

Running jconsole

The jconsole GUI should be run with the following parameters:

jconsole -J-Djavax.net.ssl.trustStore=\jdk150_12\jre\lib\security\cacerts -J-Djavax.net.ssl.trustStorePassword=changeit




Once both server and client have been configured, connect to the server via the jconsole GUI with a URL as follows (replacing with the correct IP Address of the server):

Navigate to the WFEngineMBean within the server hierarchy as follows:

Invoke the forceEngineInitialisation() method. A dialog box will appear confirming that the process was completed successfully.


Posted by at 2 comments:
Labels: , , ,

Friday, 11 December 2009

Creating Custom JMX MBeans within Weblogic

I've spent the last few days looking at setting up a custom MBean within a Weblogic (9.2) server so that I have a way of calling a method and forcing initialisation of a service which is deployed as part of an ear file.

I followed the blog on the oracle site here: http://blogs.oracle.com/WebLogicServer/2009/10/developing_custom_mbeans_to_ma.html

This works fine up to the point of deployment. However there is then the issue of actually calling the MBean and invoking the operation...
I've tried to follow the blog's instructions of using jconsole with no success.
I then moved on to trying to do it via the weblogic WLST command-line tool. So far as I can see the command-line tool only recognises attributes NOT operations!

After another hunt around the web I've cobbled together the instructions to do it via jconsole.

The changes can be made via the Admin console found at http://localhost:7001/console (assuming the server is on localhost and using port 7001).

To login you will need the username/password configured during the domain creation.

  1. Click on the server you wish to edit, then the protocol tab then IIOP. Ensure enable IIOP is selected and also add in a username and password. It doesn't matter what these values are but it needs them to be set even when using anonymous access!
  2. Save and activate changes.
  3. Restart the server.



Now load jconsole and enter the following URL into the advanced tab:

service:jmx:rmi:///jndi/iiop://localhost:7001/weblogic.management.mbeanservers.runtime



Select connect and navigate to your MBean and select the operation tab as follows:



I'll continue to look at the WLST side of things next week but at least this is a start!
Posted by at 1 comment:
Subscribe to: Posts (Atom)