Last month, I published a blog post called Useful information on setting up and using a JMS whitelist, which described how the JMS whitelisting functionality provided by APAR IT14385 worked and how it could be used. One question that keeps cropping up is "How do I use the whitelist from WebSphere Application Server?".
This is a good question!
The first thing that you'll need to do is to either apply a WebSphere Application Server interim fix or Fix Pack to your WebSphere Application Server installation that upgrades the MQ resource adapter component to a version that includes the fix for IT14385. To make things easier, the WebSphere Application Server support organization have raised a number of different APARs against the application server (one per release) - these APARs are being used to ship the updated resource adapter. The APAR numbers are shown in the table below:
WebSphere Application Server
||Version of MQ resource adapter shipped as part of the APAR.
WebSphere Application Server V7.0
WebSphere Application Server V8.0
|WebSphere MQ V184.108.40.206 + IT14385
||WebSphere Application Server V8.5
||WebSphere MQ V220.127.116.11 + IT14385 + IT15559
||WebSphere Application Server V9.0
||IBM MQ V18.104.22.168 + IT14385
Once the application server has been updated, you can use the Java system properties:
mentioned in the Useful information on setting up and using a JMS whitelist blog post to configure and use a whitelist. Note that the Java system properties need to be set as Generic JVM Arguments on the Java Virtual Machine that the application server is running in (as shown in the screenshots below) and the application server restarted for the properties to take effect.
Figure 1: Setting this Generic JVM Argument will cause the application server to use the whitelist "pault.MyObject". Only objects of this type will be processed by the application server.
Figure 2: In this example, the application server has been configured to use "Discover" mode and will record details of the JMS ObjectMessages that it processes to the file C:\whitelist.txt
Figure 3: This setting causes the application server to load the file C:/whitelist.txt, and use the information in that file to determine the whitelist.
As always, I hope this helps! If you have any questions, feel free to ask and I'll be happy to answer them.