寫了一個簡單的jmx client 去連接配接websphere 7 的 jmx server:
Properties props = new Properties();
props.setProperty(AdminClient.CONNECTOR_HOST, "localhost");
props.setProperty(AdminClient.CONNECTOR_PORT, "8883");
props.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP);
props.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");
props.setProperty(AdminClient.USERNAME, "wasadmin");
props.setProperty(AdminClient.PASSWORD, "password");
props.setProperty(SECURITY_TRUST_STORE, "D://Program Files//IBM//WebSphere//AppServer//profiles//13SProfile2//etc//" + SECURITY_DUMMY_CLIENT_TRUST_FILE);
props.setProperty(SECURITY_KEY_STORE, "D://Program Files//IBM//WebSphere//AppServer//profiles//13SProfile2//etc//" + SECURITY_DUMMY_CLIENT_KEY_FILE);
props.setProperty(SECURITY_TRUST_STORE_PASSWD, "WebAS");
props.setProperty(SECURITY_KEY_STORE_PASSWD, "WebAS");
AdminClient adminClient = AdminClientFactory.createAdminClient(props);
系統總是報錯:
CWPKI0040I: An SSL handshake failure occurred from a secure client. The server'
s SSL signer has to be added to the client's trust store. A retrieveSigners uti
lity is provided to download signers from the server but requires administrative
permission. Check with your administrator to have this utility run to setup th
e secure enviroment before running the client. Alternatively, the com.ibm.ssl.e
nableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSett
ings" in order to allow acceptance of the signer during the connection attempt.
com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: The system
cannot create a SOAP connector to connect to host localhost at port 8883 with S
OAP connector security enabled.
at com.ibm.websphere.management.AdminClientFactory.createAdminClient(Adm
inClientFactory.java:476)
java.security.cert.CertPathValidatorException: Certificate chaining erro
r; targetException=java.lang.IllegalArgumentException: Error opening socket: jav
ax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building faile
d: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could no
t build a valid CertPath.; internal cause is:
這個問題困擾了半天,懷疑是server與 client通訊中的signer問題,後來在連接配接的property裡面加上一個屬性:props.setProperty(AdminClient.CONNECTOR_AUTO_ACCEPT_SIGNER, "true"),問題解決了。
查了一下官方說法:
autoAcceptSignerForThisConnectionOnly
autoAcceptSignerForThisConnectionOnly=true