IBM WebSphere LP plugin

The Deploy WebSphere Liberty profile server (WLP) plugin adds capability for managing deployments and resources on Liberty profile server. It works out of the box for deploying/upgrading/undeploying application artifacts, features, and resources like datasources, libraries and filesets.

The plugin is implemented using Deploy rules and Jython scripts, so you can easily extend it to support more deployment options and management of new artifacts and resources.

For information about Liberty profile requirements and the configuration items (CIs) that the plugin supports, refer to the Liberty Profile Plugin Reference.


  • Deploy applications:

    • Web application (WAR)
    • Enterprise application (EAR)
    • Enterprise JavaBean (EJB)
  • Deploy security roles:

    • Users
    • Groups
    • Special subject
    • Run As User
  • Deploy resources:

    • Library
    • Fileset
    • Connection Manager
  • Deploy datasources:

    • GenericDataSource
    • DB2DataSource
    • MicrosoftSQLServerDataSource
    • OracleDataSource
    • SybaseDataSource
  • Deploy Liberty features
  • Restart strategies:

    • None
    • Stop Start
  • Run control tasks:

    • Server status
    • Start/Stop server
    • Create/Delete server
    • Generate plugin configuration
    • Reload configuration


The plugin manages the Liberty profile server through the secure Java Management Extensions (JMX) REST connector. To enable the REST connector, include the restConnector-1.0 feature in the server.xml file on the Liberty server. The instructions for configuring REST connector are available at Configuring secure JMX connection to the Liberty profile.

To keep communication confidential, configure SSL certificates on the Liberty profile and on the Deploy instance connecting to the server. For information about configuring certificates on the Liberty profile server, refer to Enabling SSL communication for the Liberty profile.

You can use the following sample server.xml configuration to set up the Liberty profile server with the plugin on an overthere.LocalHost. The Liberty profile server location is /opt/IBM/wlp/usr/servers/defaultServer and the Deploy installation directory is /opt/xl-deploy-server.

<server description="new server">
    <httpEndpoint host="*" httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint"/>
  <quickStartSecurity userName="wlpadmin" userPassword="wlpadmin" />
  <keyStore id="defaultKeyStore" password="mypass" />


Based on the configuration defined in server.xml, the Liberty profile server will automatically generate key.jks in the /opt/IBM/wlp/usr/servers/defaultServer/resources/security directory. The following commands can be executed to generate trust store which is configured in Deploy. The generated truststore.ts is copied to /opt/xl-deploy-server/certs directory.

keytool -export -alias default -file mycert.crt -keystore key.jks

keytool -import -trustcacerts -alias default -file mycert.crt -keystore truststore.ts -storepass mypass -noprompt

Plugin configuration

The basic plugin configuration is:

Basic plugin configuration

Sample connector properties:

Connector Properties

The value of the Password property is wlpadmin, and the Trust store password is mypass.


The server can be configured to accept all hosts and certificates by setting the hidden attributes trustAllHostnames and trustAllCertificates to true in XL_DEPLOY_SERVER_HOME/conf/

# Ignores certificate verification checks, use in development environments only.
# Ignores host verification checks, use in development environments only.

Note: These settings should only be used in development environment. can also be used to define values for connectTimeout and readTimeout to resolve connection issues.

Use in deployment packages

The plugin works with the standard deployment package (DAR) format. The following is a sample deployit-manifest.xml file that can be used to create a Liberty profile-specific deployment package. It contains declarations for a WAR file (wlp.WebApplicationSpec) and a datasource (wlp.GenericDataSourceSpec) with the related driver, fileset, library, and connection manager.

<?xml version="1.0" encoding="UTF-8"?>
<udm.DeploymentPackage version="1.0" application="app">
        <wlp.WebApplicationSpec name="sampleWeb" file="sampleWeb/sampleWeb-1.0.war">
        <wlp.GenericDataSourceSpec name="dbDatasource">
        <wlp.JdbcDriverSpec name="dbDriver">
        <wlp.FilesetSpec name="dbFileset">
        <wlp.LibrarySpec name="dbLibrary">
        <wlp.ConnectionManagerSpec name="dbConnectionManager">

Server container

The wlp.Server CI defines an instance of a stand-alone Liberty profile server. Use the Connector tab on the server configuration to configure the client for the JMX REST connector, the SSL truststore path, and password. Use the Reloading attribute to enable reloading of the server configuration when the server.xml file is changed (enabled by default).

Control options such as status, start, and stop are available on the server instance. You can also create or delete a server instance using control tasks.

Deploying applications

The way an application is deployed to a container can be influenced by modifying properties of the corresponding deployed. The following deployed properties determine how the application is deployed to the container:

  • location: Location of an application expressed as an absolute path or a path relative to the server-level apps directory in the server. For example, for the defaultServer location, application file with the name specified will be copied to <installation directory>/usr/servers/defaultServer/apps/.


    • Absolute path should be like /opt/wlp/usr/servers/defaultServer/apps/{applicationName}.
    • Relative path should be like tmp/{applicationName} or {applicationName}.
  • Restart strategy: This attribute can be set to NONE or STOP_START. When the STOP_START strategy is used, an existing application will be stopped before undeployment or upgrading, and a new application version will be started after an initial deployment or an upgrade.
  • wlp.ApplicationBndSpec: This is available as an embedded configuration item on an application. It is used to bind general deployment information included in the application to security roles. There are security role types for users, groups, “special subject”, and “run as user”.

    The following sample deployit-manifest.xml file creates a Deploy deployment package which deploys a Web application with role bindings to the WebSphere Liberty Profile server instance:

    <?xml version="1.0" encoding="UTF-8"?>
    <udm.DeploymentPackage version="1.0" application="secure">
            <wlp.WebApplicationSpec name="auth" file="auth/auth-war-1.0.war">
                    <wlp.ApplicationBndSpec name="auth/bnd">
                            <wlp.SecurityRoleSpec name="auth/bnd/samplerole">
                                    <wlp.UserRoleSpec name="auth/bnd/samplerole/sampleuser">
  • wlp.ClassloaderSpec: This configuration is used to configure references of shared libraries required by an application.


The plugin supports the deployment and undeployment of resources such as fileset, library, connection managers, and datasources.

Liberty features

Liberty features that enable loading of units of functionality in Liberty profile server runtime can also be installed and uninstalled using the plugin.