Using the Administration Thin Client

With the Administration Thin Client, you can run the wsadmin tool or a stand-alone administrative Java™ program with only a couple of Java archive (JAR) files. This reduces the amount of time that it takes for the wsadmin tool to start and improved performance. This information for setting up JMX client programs.

Before you begin

Verify that the IBM® Software Development Kit (SDK) is installed on the Administration Thin Client. It is recommended that you use the same IBM SDK as the server that it connects to in the administrative Thin-Client environment.
Important: The Administration Thin Client is supported for the IBM SDKs. It is also supported for the corresponding Oracle Java Development Kit (JDK) with the same major version, provided that:
  • The client administration application uses only the SOAP connector.
  • The client administration application uses the com.ibm.websphere.management.AdminClientFactory API to get the JMX client.
Attention: You cannot run a thin administrative client with the -conntype NONE option.

About this task

You cannot use the Administration Thin Client to manage feature packs nor deploy application artifacts that are specific to feature packs.

The Administration Thin Client does not support the installation of SIP Application Archive (SAR) files or editing applications that use an external Java Authorization Contract for Containers (JACC) provider, such as the Tivoli® Access Manager.

The Administrative Thin Client does not support passing the Kerberos token to a server. It only supports basic authentication, which passes the user ID and password.

The Administration Thin Client does not support co-existence with other thin clients.

The Administration Thin Client on the z/OS® platform does not use localcomm.

For tracing and logging information for the Administration Thin Client, see Enabling trace on client and stand-alone applications.

Procedure

  1. Make the Administration Thin-Client JAR files available by copying com.ibm.ws.admin.clientXXX.jar from a WebSphere® Application Server environment to an environment outside of WebSphere Application Server, for example, c:\MyThinClient.
    The com.ibm.ws.admin.client_9.0.jar and the com.ibm.ws.admin.client.forJython21_9.0.jar Administration Thin Client JAR files are located in one of the following locations:
    • The AppServer/runtimes directory.
    • The AppClient/runtimes directory, if you optionally selected the Administration Thin Client when you installed the application client.

    The com.ibm.ws.admin.client_9.0.jar need to be used for jython27 and com.ibm.ws.admin.client.forJython21_9.0.jar need to be used for jython21.

    Note: In Version 9, wsadmin will use jython27 by default. Jython21 is still supported and to use jython21, you need to either use wsadmin argument -usejython21 true or update com.ibm.ws.scripting.usejython21=true in wsadmin.properties file.
    Avoid trouble: If you are seeing an error and jython will not load, you have something misconfigured, such as you are using jython21 but you set the class path to com.ibm.ws.admin.client_9.0.jar or you are using jython27 but you set the java class path to com.ibm.ws.admin.client.forJython21_9.0.jar. Make sure that you are setting the java class path to the correct jar. Jython27 does not support Java7 or lower. You must use the same Java level as the WebSphere server you are attempting to connect to.
  2. Use the Administration Thin-Client JAR files to compile and test administration client programs. For Java applications, you can compile and run the JAR files within a standard Java 2 Platform, Standard Edition environment.
  3. Copy the messages directory from the app_server_root/properties directory to the C:\MyThinClient\properties directory.
  4. If security is turned on, you also need the following files:
    • Copy the com.ibm.ws.security.crypto.jar file from either the AppServer/plugins directory or the AppClient/plugins directory and put it in the C:\MyThinClient directory.
    • If you are using the IPC connector, optionally copy the ipc.client.props file from the AppServer\profiles\profileName/properties or the AppClient\properties directory and put it in the C:\MyThinClient\properties directory. Alternatively, you can set the properties in the ipc.client.props file programmatically in your Java code.
    • If you are using the SOAP connector, optionally copy the soap.client.props file from the AppServer\profiles\profileName\properties directory and put it in the C:\MyThinClient\properties directory. Then, enable the client security by setting the com.ibm.CORBA.securityEnabled property to true. Alternatively, you can set the properties in the soap.client.props file programmatically in your Java code.
    • If you are using RMI or JSR160RMI connectors, copy the sas.client.props file from the AppServer/profiles/profileName/properties directory and put it in the C:\MyThinClient\properties directory.

      If there is a firewall in your installation and your application client uses RMI to receive notifications, you might get a RemoteException error after trying to deploy an application. A notifications listener with RMI does not work across a firewall because it requires a listener port on the client listening for notifications. This listener port is not directly accessible when the server tries to send notifications back to the client port. Instead of RMI, use a SOAP connector, which polls for notifications.

    • Copy the wsjaas_client.conf files from either the AppServer\profiles\profileName/properties directory or the AppClient/properties directory, and put them in the C:\MyThinClient\properties directory.
    • Copy or generate the ssl.client.props file from either the AppServer\profiles\profileName/properties directory or the AppClient/properties directory and put it in the C:\MyThinClient\properties directory.
      Attention: This file contains the user.root property. You must modify the value to your thin-client directory, for example, C:\MyThinClient.
    • If you are using the IBM SDK, copy the key.p12 and trust.p12 files from AppServer\profiles\profileName\etc directory and put it to C:\MyThinClient\etc directory. To complete this task, copy the file to your thin client directory or run a script to generate the file. For more information, see the following topics:
      • ssl.client.props client configuration file
      • Interoperating with previous product versions
      • retrieveSigners command
      • Secure installation for client signer retrieval in SSL
    • If you are using the Sun JDK, change the following properties in the ssl.client.props file so that it uses JKS key and truststores and Sun Microsystems implementations on the key and trust managers (This change assumes that you have the JKS files available for use. If you do not have the JKS files, you can create them using the ikeyman tool.):
      com.ibm.ssl.alias=DefaultSSLSettings
      com.ibm.ssl.protocol=TLS
      com.ibm.ssl.securityLevel=HIGH
      com.ibm.ssl.trustManager=PKIX
      com.ibm.ssl.keyManager=SunX509
      com.ibm.ssl.contextProvider=SunJSSE
      com.ibm.ssl.enableSignerExchangePrompt=gui
      
      # Keystore information
      com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
      com.ibm.ssl.keyStore=${user.root}/etc/keystore.jks
      com.ibm.ssl.keyStorePassword=keystore_password
      com.ibm.ssl.keyStoreType=JKS
      com.ibm.ssl.keyStoreProvider=SUN
      com.ibm.ssl.keyStoreFileBased=true
      
      # Truststore information
      com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
      com.ibm.ssl.trustStore=${user.root}/etc/truststore.jks
      com.ibm.ssl.trustStorePassword=truststore_password
      com.ibm.ssl.trustStoreType=JKS
      com.ibm.ssl.trustStoreProvider=SUN
      com.ibm.ssl.trustStoreFileBased=true
  5. Launch the Administration Thin Client or run the wsadmin tool remotely in a Java 2 Platform, Standard Edition environment.
    To launch your administration application, use the following sample launch scripts:
    Note: If you are using the Oracle JDK, set the com.ibm.websphere.thinclient JVM property to true.
    [Windows]
    set WAS_HOME=c:\MyThinClient 
    set USER_INSTALL_ROOT=%WAS_HOME% 
    set JAVA_HOME=location_of_the_JRE_file 
    
    REM C_PATH is the class path. Add to it as needed. 
    REM Classpath to use for jython27 (comment this out if using jython21)
    set C_PATH=%WAS_HOME%\com.ibm.ws.admin.client_9.0.jar;%WAS_HOME%\com.ibm.ws.security.crypto.jar 
    
    REM Classpath to use for jython21 (uncomment this to use jython21)
    REM set C_PATH=%WAS_HOME%\com.ibm.ws.admin.client.forJython21_9.0.jar;%WAS_HOME%\com.ibm.ws.security.crypto.jar 
    
    set SOAPURL=-Dcom.ibm.SOAP.ConfigURL=%WAS_HOME%\properties\soap.client.props 
    set TC=-Dcom.ibm.websphere.thinclient=true 
    
    if exist %JAVA_HOME%\bin\java.exe ( 
           set JAVA_EXE=%JAVA_HOME%\bin\java 
    ) else ( 
           set JAVA_EXE=%JAVA_HOME%\jre\bin\java 
    ) 
    
    %JAVA_EXE% -classpath "%C_PATH%" %TC% -Duser.install.root=%USER_INSTALL_ROOT% -Dcom.ibm.SSL.ConfigURL=file %WAS_HOME%/properties/ssl.client.props %SOAPURL% your_class_file#
    [IBM i][Linux][AIX][Solaris][HP-UX]
    !/bin/bash 
    WAS_HOME=/MyThinClient 
    USER_INSTALL_ROOT=${WAS_HOME} 
    JAVA_HOME=location_of_the_JRE_file 
    
    # C_PATH is the class path. Add to it as needed. 
    # Classpath to use for jython27 (comment this out if using jython21)
    C_PATH=${WAS_HOME}/com.ibm.ws.admin.client_9.0.jar:${WAS_HOME}/com.ibm.ws.security.crypto.jar 
    
    # Classpath to use for jython27 (comment this out if using jython27)
    C_PATH=${WAS_HOME}/com.ibm.ws.admin.client.forJython21_9.0.jar:${WAS_HOME}/com.ibm.ws.security.crypto.jar 
    
    SOAPURL=-Dcom.ibm.SOAP.ConfigURL=${WAS_HOME}/properties/soap.client.props 
    TC=-Dcom.ibm.websphere.thinclient=true 
    
    if [[ -f ${JAVA_HOME}/bin/java ]]; then 
           JAVA_EXE="${JAVA_HOME}/bin/java" 
    else 
           JAVA_EXE="${JAVA_HOME}/jre/bin/java" 
    fi 
    
    ${JAVA_EXE} -classpath "${C_PATH}" $TC -Duser.install.root=${USER_INSTALL_ROOT} -Dcom.ibm.SSL.ConfigURL=file:${WAS_HOME}/properties/ssl.client.props ${SOAPURL} your_class_file