Registering the MBean 
Use
The last step in the registration of the resource MBean(s) is to call the following method:
mbs.registerMBean(mBeanObject, monitoringObjectName); |
For more information about how you can register an MBean, see Registering MBeans.
Procedure
As the MBean server allows administrators only to work with it, you have to make sure that the code is executed with administrative rights. This is a common problem for the applications, because they are generally not executed with administrative rights. That is why, if you do not use an explicit call to give administrative rights to the thread registering the resource MBean, you can declare a security role and map it to the administrators group. To do this, follow the steps below:
...
1. In the web.xml of a Servlet, add a security role:
<security-role> <description>Role for accessing MBean server</description> <role-name>MBeanCreator</role-name> </security-role> |
2. Make the Servlet run using this role with the following lines added to the Servlet’s description:
<run-as> <role-name>MBeanCreator</role-name> </run-as> |
3. In the web-j2ee-engine.xml (situated in the /META-INF sub-folder of the WAR file), map the role declared in the web.xml to the J2EE Engine “administrators” group:
<web-j2ee-engine> <security-role-map> <role-name> MBeanCreator </role-name> <server-role-name> administrators </server-role-name> </security-role-map> </web-j2ee-engine> |
Typically, you use a dedicated Servlet for the registration of the resource MBean(s) and put all the necessary coding in the init() method of this Servlet because the init() method is executed when the application starts. It is not good practice to give administrative rights to a Servlet that performs other tasks besides registering MBeans, because this may turn into a security hole under certain circumstances.
See also:
Sending Monitoring Data Actively Via JMX Notifications