JSR-160 access to a secured WebSphere AppServer

Question

I'm trying to access a WebSphere 7 AppServer, which has security enabled, using JSR-160 classes. I can get a connection going with the following, provided I define the java.ext.dirs system property pointing at various WebSphere lib directories:

Hashtable env = new Hashtable();
env.put("java.naming.factory.initial", "com.ibm.websphere.naming.WsnInitialContextFactory");
env.put("java.naming.provider.url", "corbaloc:iiop:myhost:2809/WsnAdminNameService");
env.put("jmx.remote.credentials", new String[] { "admin", "password" });
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL("service:jmx:rmi:///jndi/JMXConnector"), env);

But as soon as I access something like the stats attribute on an MBean, I get the following error:

javax.management.JMRuntimeException:
        >> SERVER (id=4773e3aa, host=myhost) TRACE START:
        >>    javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getStats operation on J2CResourceAdapter MBean because of insufficient or empty credentials.

I've Googled for solutions to this every way I can imagine for the last two days and nothing works.

Is it actually possible to query MBean attributes in a secured WebSphere AppServer via JSR-160?

Answer 1

Using JSR-160 to connect to an unsecured WebSphere instance is pretty easy. As you have noticed, things get more complicated when connecting to a secured instance. You need to have the right libraries in the classpath and you also need to set up some configuration files (sas.client.props and ssl.client.props). Personally, I was able to configure this on my computer, but when a colleague asked me to set this up on his computer, we were unable to get this working.

If you want to avoid these troubles and if your only requirement is to use standard JMX APIs (but you don't care about the underlying protocol), then you could use the approach described in the following document:

http://code.google.com/p/xm4was/wiki/JmxClientConnector