使用AdminClient 连接Websphere 7

写了一个简单的jmx client 去连接websphere 7 的 jmx server:

 

           Properties props = new Properties();
           props.setProperty(AdminClient.CONNECTOR_HOST, "localhost");
           props.setProperty(AdminClient.CONNECTOR_PORT, "8883");
           props.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP);
           props.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");
           props.setProperty(AdminClient.USERNAME, "wasadmin");
           props.setProperty(AdminClient.PASSWORD, "password");
         
           props.setProperty(SECURITY_TRUST_STORE, "D://Program Files//IBM//WebSphere//AppServer//profiles//13SProfile2//etc//" + SECURITY_DUMMY_CLIENT_TRUST_FILE);
           props.setProperty(SECURITY_KEY_STORE, "D://Program Files//IBM//WebSphere//AppServer//profiles//13SProfile2//etc//"    + SECURITY_DUMMY_CLIENT_KEY_FILE);
           props.setProperty(SECURITY_TRUST_STORE_PASSWD, "WebAS");
           props.setProperty(SECURITY_KEY_STORE_PASSWD, "WebAS");


             AdminClient adminClient = AdminClientFactory.createAdminClient(props);

 

系统总是报错：

CWPKI0040I: An SSL handshake failure occurred from a secure client.  The server'
s SSL signer has to be added to the client's trust store.  A retrieveSigners uti
lity is provided to download signers from the server but requires administrative
 permission.  Check with your administrator to have this utility run to setup th
e secure enviroment before running the client.  Alternatively, the com.ibm.ssl.e
nableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSett
ings" in order to allow acceptance of the signer during the connection attempt.

com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: The system
 cannot create a SOAP connector to connect to host localhost at port 8883 with S
OAP connector security enabled.
        at com.ibm.websphere.management.AdminClientFactory.createAdminClient(Adm
inClientFactory.java:476)

 

        java.security.cert.CertPathValidatorException: Certificate chaining erro
r; targetException=java.lang.IllegalArgumentException: Error opening socket: jav
ax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building faile
d: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could no
t build a valid CertPath.; internal cause is:

 

这个问题困扰了半天，怀疑是server与 client通讯中的signer问题，后来在连接的property里面加上一个属性：props.setProperty(AdminClient.CONNECTOR_AUTO_ACCEPT_SIGNER, "true"),问题解决了。

 

查了一下官方说法：

autoAcceptSignerForThisConnectionOnly

Specifies whether the WebSphere administration client programmatically trusts the connection, without storing the signer in the local truststore. This property is internal to the WebSphere administration client. Do not modify it. For example:

autoAcceptSignerForThisConnectionOnly=true