Search

Deploying Contrast's Java agent in a Websphere container

  • Updated

 

Objective

The Contrast Java agent must run within the JVM started by Websphere. Our documentation here describes the usual methods for adding the agent by modifying the Generic JVM Options via the admin console or editing the server.xml file, but when deploying WebSphere in a Docker container, it is more convenient to automatically deploy the necessary components into the deployment.

This article describes that process.


Process

To make the Java agent files available to the container, the latest agent can be acquired from the Contrast UI (TeamServer) via curl:

RUN curl -X GET <Teamserver URL>/Contrast/api/ng/<OrganizationID>/agents/default/JAVA?jvm=1_8 -H 'Authorization: <Authorization>' -H 'API-Key: <API KEY>' -o contrast.jar

Note: The <Authorization> and the <API KEY> can be downloaded from TeamServer under User Menu > User settings > Profile.


Alternatively, the jar can be copied:

COPY --chown=was:root contrast.jar /home/was/contrast.jar

or hosted in a persistent volume.

Note: Utilizing a persistent volume can improve startup times as the agent will not have to rebuild its cache from scratch each time. 


The agent can be configured via JVM properties, a YAML config file, or environment variables (see https://docs.contrastsecurity.com/en/java-configuration.html for options). An organization-specific contrast_security.yaml  can be downloaded via the following curl:

curl -HAuthorization:<AUTHORIZATION> -HAPI-Key:<API_KEY> -Haccept:'application/json' -Hcontent-type:'application/json' 'https://<SERVER>/Contrast/api/ng/<ORG_ID>/agents/external/default/JAVA' --data-binary '{"metadata":[]}' -OJ

 or downloaded from the Contrast UI and copied in:

COPY --chown=was:root contrast_security.yaml /home/was/contrast_security.yaml

 

Adding the Java agent into Websphere's JVM:

Contrast can be added via the server.xml:

${WEBSPHERE_DIR}\AppServer\profiles\AppSrv01\config\cells\<CellName>\nodes\<NodeName>\servers\server1\server.xml
<jvmEntries genericJvmArguments="-javaagent:${DOWNLOADS}/contrast.jar -Xshareclasses:none -Xmx512m">
   ...
</jvmEntries>

 Alternatively, it can be added using jython within the Dockerfile:

RUN wsadmin.sh -lang jython -conntype NONE -c "AdminConfig.modify(AdminConfig.list('JavaVirtualMachine', \
AdminConfig.list('Server')), [['genericJvmArguments', \
'-Xshareclasses:none -javaagent:/home/was/contrast.jar -Dcontrast.config.path=/home/was/contrast_security.yaml']])"

 

 

 
 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request