使用AdminClient 連接配接Websphere 7

寫了一個簡單的jmx client 去連接配接websphere 7 的 jmx server:

           Properties props = new Properties();

           props.setProperty(AdminClient.CONNECTOR_HOST, "localhost");

           props.setProperty(AdminClient.CONNECTOR_PORT, "8883");

           props.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP);

           props.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");

           props.setProperty(AdminClient.USERNAME, "wasadmin");

           props.setProperty(AdminClient.PASSWORD, "password");

           props.setProperty(SECURITY_TRUST_STORE, "D://Program Files//IBM//WebSphere//AppServer//profiles//13SProfile2//etc//" + SECURITY_DUMMY_CLIENT_TRUST_FILE);

           props.setProperty(SECURITY_KEY_STORE, "D://Program Files//IBM//WebSphere//AppServer//profiles//13SProfile2//etc//"    + SECURITY_DUMMY_CLIENT_KEY_FILE);

           props.setProperty(SECURITY_TRUST_STORE_PASSWD, "WebAS");

           props.setProperty(SECURITY_KEY_STORE_PASSWD, "WebAS");

             AdminClient adminClient = AdminClientFactory.createAdminClient(props);

系統總是報錯：

CWPKI0040I: An SSL handshake failure occurred from a secure client.  The server'

s SSL signer has to be added to the client's trust store.  A retrieveSigners uti

lity is provided to download signers from the server but requires administrative

 permission.  Check with your administrator to have this utility run to setup th

e secure enviroment before running the client.  Alternatively, the com.ibm.ssl.e

nableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSett

ings" in order to allow acceptance of the signer during the connection attempt.

com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: The system

 cannot create a SOAP connector to connect to host localhost at port 8883 with S

OAP connector security enabled.

        at com.ibm.websphere.management.AdminClientFactory.createAdminClient(Adm

inClientFactory.java:476)

        java.security.cert.CertPathValidatorException: Certificate chaining erro

r; targetException=java.lang.IllegalArgumentException: Error opening socket: jav

ax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building faile

d: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could no

t build a valid CertPath.; internal cause is:

這個問題困擾了半天，懷疑是server與 client通訊中的signer問題，後來在連接配接的property裡面加上一個屬性：props.setProperty(AdminClient.CONNECTOR_AUTO_ACCEPT_SIGNER, "true"),問題解決了。

查了一下官方說法：

autoAcceptSignerForThisConnectionOnly

Specifies whether the WebSphere administration client programmatically trusts the connection, without storing the signer in the local truststore. This property is internal to the WebSphere administration client. Do not modify it. For example:

autoAcceptSignerForThisConnectionOnly=true