Java Agent articles:

Deploying Contrast's Java agent in a Websphere container

Avatar
Mark LaCasse
  • Updated
License Type SaaS & On-Premise
Agent Mode Assess & Protect
Main Product Category    Java Agent 
Sub Category Containerization 

 

Objective

Auto-deploy Contrast's Java agent within an IBM Websphere container. 

Process

 Contrast's Java agent must run within the JVM started by Websphere. This can be done by adding the javaagent: parameter into the generic JVM options. Normally this can be achieved via the Administrator console  https://www.ibm.com/support/pages/node/397841

 

Adding Contrast in Docker environments:

Make the Java agent files available to the container.

The latest agent can be acquired from the teamserver via curl.

RUN curl -X GET <Teamserver URL>/Contrast/api/ng/<OrganizationID>/agents/default/JAVA?jvm=1_8 -H 'Authorization: <Authorization>' -H 'API-Key: <API KEY>' -o contrast.jar

(see our Opendocs for more information on the API and authorization)

Alternatively they can be copied in:

COPY --chown=was:root contrast.jar /home/was/contrast.jar

Or hosted in a persistent volume. Utilizing a persistent volume can improve startup times as the agent will not have to rebuild its cache from scratch each time. 

For agent configuration, done via the JVM properties, YAML config or Environmental variables. 

The contrast_security.yaml file can be downloaded with curl 

RUN curl '<Teamserver URL>/Contrast/api/ng/<OrganizationID>/agents/external/default/JSON' -HAuthorization:<Authorization> -HAPI-Key:<API KEY> -H 'content-type: application/json' -H 'accept: application/json' --data-binary '{"metadata":[]}' —compressed -o <output file>

Or downloaded from the Contrast UI and copied in:

COPY --chown=was:root contrast_security.yaml /home/was/contrast_security.yaml

 

Adding the Java agent into Websphere's JVM

 
Contrast can be added via the server.xml
${WEBSPHERE_DIR}\AppServer\profiles\AppSrv01\config\cells\<CellName>\nodes\<NodeName>\servers\server1\server.xml

<jvmEntries genericJvmArguments="-javaagent:${DOWNLOADS}/contrast.jar -Xshareclasses:none -Xmx512m">
   ...
</jvmEntries>

Alternatively using jython within the Dockerfile

RUN wsadmin.sh -lang jython -conntype NONE -c "AdminConfig.modify(AdminConfig.list('JavaVirtualMachine', \
AdminConfig.list('Server')), [['genericJvmArguments', \
'-Xshareclasses:none -javaagent:/home/was/contrast.jar -Dcontrast.config.path=/home/was/contrast_security.yaml']])"
 
 
 
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles