Registering the MBean
Use
The last step in the registration of the resource MBean(s) is to call the following method:
mbs.registerMBean(mBeanObject, monitoringObjectName); |
For more information about how you can use the registerMBean() method in different scenarios, see Registering MBeans.
Procedure
As the MBean server allows administrators only to work with it, you have to make sure that the code is executed with administrative rights. This is a common problem for the applications, because they are usually not executed with administrative rights. Therefore, if you do not use an explicit call to give administrative rights to the thread registering the resource MBean, you can declare a security role and map it to the administrators group. To do this, follow the steps below:
...
1. Add a security role in the web.xml of a Servlet:
<security-role> <description>Role for accessing MBean server</description> <role-name>MBeanCreator</role-name> </security-role> |
2. Add the following lines to the Servlet’s description to make the Servlet run using this role:
<run-as> <role-name>MBeanCreator</role-name> </run-as> |
3. Map the role declared in the web.xml to the AS Java “administrators” group.
This is done in the web-j2ee-engine.xml (situated in the /META-INF sub-folder of the WAR file):
<web-j2ee-engine> <security-role-map> <role-name> MBeanCreator </role-name> <server-role-name> administrators </server-role-name> </security-role-map> </web-j2ee-engine> |
Use a dedicated Servlet for the registration of the resource MBean(s) and put all the necessary coding in the init() method of this Servlet because the init() method is executed when the application starts. It is not good practice to give administrative rights to a Servlet that performs other tasks besides registering MBeans, because this may turn into a security hole under certain circumstances.
Next, see Sending Monitoring Data Actively Via JMX Notifications