You can deploy the HTTP or HTTPS tunnel servlet on Sun GlassFish Application Server either from the command line or by using the Application Server’s Web-based administration GUI. In either case, you must then modify the Application Server’s security policy file to grant permissions for the tunnel servlet.
To deploy the tunnel servlet from the command line, use the deploy subcommand of the Application Server administration utility (asadmin): for example,
asadmin deploy --user admin --passwordfile pfile.txt --force=true /local/tmp/imqhttps/imqhttps.war
The procedure below shows how to use the Web-based GUI to deploy the servlet.
After deploying the tunnel servlet (whether from the command line or with the Web-based GUI), proceed to Modifying the Application Server’s Security Policy File for instructions on how to grant it the appropriate permissions.
Deploy the tunnel servlet:
Specify the .war file location:
Enter the location of the tunnel servlet’s Web archive file (imqhttp.war or imqhttps.war) in the File Path text field.
The file is located in the Message Queue installation directory containing .jar, .war, and .rar files, depending on your operating system platform (see Appendix A, Distribution-Specific Locations of Message Queue Data).
Click the OK button.
Specify the context root directory:
Enter the /contextRoot portion of the tunnel servlet’s URL.
The URL has the form
http://hostName:portNumber/contextRoot/tunnel
or
https://hostName:portNumber/contextRoot/tunnel
For example, if the URL for the tunnel servlet is
http://hostName:portNumber/imq/tunnel
the value you enter would be
/imq
Click the OK button.
A confirmation screen appears, showing that the tunnel servlet has been successfully deployed and is enabled by default. The servlet is now available at the URL
http://hostName:portNumber/contextRoot/tunnel
or
https://hostName:portNumber/contextRoot/tunnel
where contextRoot is the context root directory you specified in step a above. Clients can now use this URL to connect to the message service using an HTTP or HTTPS connection.
Modify the server’s security policy file
Once you have deployed the HTTP or HTTPS tunnel servlet, you must grant it the appropriate permissions by modifying the Application Server’s security policy file, as described in the next procedure.
Each Application Server instance has a security policy file specifying its security policies or rules. Unless modified, the default security policies would prevent the HTTP or HTTPS tunnel servlet from accepting connections from the Message Queue message broker. In order for the broker to connect to the tunnel servlet, you must add an additional entry to this policy file:
Open the security policy file.
The file is named server.policy and resides at a location that varies depending on your operating system platform. On the Solaris platform, for example, the policy file for server jeeves would be located at
appServerRoot/glassfish/domains/domain1/jeeves/config/server.policy
where appServerRoot is the root directory in which Sun GlassFish Application Server is installed.
Add the following entry to the file:
grant codeBase "file:appServerRoot/glassfish/domains/domain1/jeeves /applications/j2ee-modules/imqhttps/- { permission java.net.SocketPermission "*","connect,accept,resolve"; };
Save and close the security policy file.