Sun GlassFish Message Queue 4.4 Administration Guide

Step 4 (HTTP and HTTPS): Deploying the Tunnel Servlet

You can deploy the HTTP or HTTPS tunnel servlet on Sun GlassFish Application Server either from the command line or by using the Application Server’s Web-based administration GUI. In either case, you must then modify the Application Server’s security policy file to grant permissions for the tunnel servlet.

To deploy the tunnel servlet from the command line, use the deploy subcommand of the Application Server administration utility (asadmin): for example,

   asadmin deploy  --user admin  --passwordfile pfile.txt  --force=true

The procedure below shows how to use the Web-based GUI to deploy the servlet.

After deploying the tunnel servlet (whether from the command line or with the Web-based GUI), proceed to Modifying the Application Server’s Security Policy File for instructions on how to grant it the appropriate permissions.

ProcedureTo Deploy the HTTP or HTTPS Tunnel Servlet

  1. Deploy the tunnel servlet:

    1. In the Web-based administration GUI, choose

         App Server>Instances>appServerInstance>Applications>Web Applications

      where appServerInstance is the Application Server instance on which you are deploying the tunnel servlet.

    2. Click the Deploy button.

  2. Specify the .war file location:

    1. Enter the location of the tunnel servlet’s Web archive file (imqhttp.war or imqhttps.war) in the File Path text field.

      The file is located in the Message Queue installation directory containing .jar, .war, and .rar files, depending on your operating system platform (see Appendix A, Distribution-Specific Locations of Message Queue Data).

    2. Click the OK button.

  3. Specify the context root directory:

    1. Enter the /contextRoot portion of the tunnel servlet’s URL.

      The URL has the form




      For example, if the URL for the tunnel servlet is


      the value you enter would be

    2. Click the OK button.

      A confirmation screen appears, showing that the tunnel servlet has been successfully deployed and is enabled by default. The servlet is now available at the URL




      where contextRoot is the context root directory you specified in step a above. Clients can now use this URL to connect to the message service using an HTTP or HTTPS connection.

  4. Modify the server’s security policy file

    Once you have deployed the HTTP or HTTPS tunnel servlet, you must grant it the appropriate permissions by modifying the Application Server’s security policy file, as described in the next procedure.

ProcedureModifying the Application Server’s Security Policy File

Each Application Server instance has a security policy file specifying its security policies or rules. Unless modified, the default security policies would prevent the HTTP or HTTPS tunnel servlet from accepting connections from the Message Queue message broker. In order for the broker to connect to the tunnel servlet, you must add an additional entry to this policy file:

  1. Open the security policy file.

    The file is named server.policy and resides at a location that varies depending on your operating system platform. On the Solaris platform, for example, the policy file for server jeeves would be located at


    where appServerRoot is the root directory in which Sun GlassFish Application Server is installed.

  2. Add the following entry to the file:

       grant codeBase
                permission "*","connect,accept,resolve";
  3. Save and close the security policy file.