Deploying Contrast's Java agent in a Websphere container

  • Updated

 

Objective

Auto-deploy Contrast's Java agent within an IBM Websphere container. 


Process

The Contrast Java agent must run within the JVM started by Websphere. This can be done by adding the -javaagent:jarpath parameter into the generic JVM options. Normally this can be achieved via the Administrator console (see https://www.ibm.com/support/pages/node/397841 for details).


Adding Contrast in Docker environments:

To make the Java agent files available to the container, the latest agent can be acquired from the Contrast UI (TeamServer) via curl:

RUN curl -X GET <Teamserver URL>/Contrast/api/ng/<OrganizationID>/agents/default/JAVA?jvm=1_8 -H 'Authorization: <Authorization>' -H 'API-Key: <API KEY>' -o contrast.jar

Note: The <Authorization> and the <API KEY> can be downloaded from TeamServer under User Menu > User settings > Profile.


Alternatively, the jar can be copied:

COPY --chown=was:root contrast.jar /home/was/contrast.jar

or hosted in a persistent volume.

Note: Utilizing a persistent volume can improve startup times as the agent will not have to rebuild its cache from scratch each time. 


The agent can be configured via JVM properties, a YAML config file, or environment variables (see https://docs.contrastsecurity.com/en/java-configuration.html for options). An organization-specific contrast_security.yaml  can be downloaded via the following curl:
curl -HAuthorization:<AUTHORIZATION> -HAPI-Key:<API_KEY> -Haccept:'application/json' -Hcontent-type:'application/json' 'https://<SERVER>/Contrast/api/ng/<ORG_ID>/agents/external/default/JAVA' --data-binary '{"metadata":[]}' -OJ

 or downloaded from the Contrast UI and copied in:

COPY --chown=was:root contrast_security.yaml /home/was/contrast_security.yaml

 

Adding the Java agent into Websphere's JVM:

Contrast can be added via the server.xml:

${WEBSPHERE_DIR}\AppServer\profiles\AppSrv01\config\cells\<CellName>\nodes\<NodeName>\servers\server1\server.xml
<jvmEntries genericJvmArguments="-javaagent:${DOWNLOADS}/contrast.jar -Xshareclasses:none -Xmx512m">
   ...
</jvmEntries>

 Alternatively, it can be added using jython within the Dockerfile:

RUN wsadmin.sh -lang jython -conntype NONE -c "AdminConfig.modify(AdminConfig.list('JavaVirtualMachine', \
AdminConfig.list('Server')), [['genericJvmArguments', \
'-Xshareclasses:none -javaagent:/home/was/contrast.jar -Dcontrast.config.path=/home/was/contrast_security.yaml']])"

 

 

 
 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request