programmatic authentication for JMX in Websphere

Question

We would like to make JMX calls to other deployed applications within Websphere Application Server. This works fine if you do this within a web application where a user does a login with the right credentials. However if you try to make JMX calls, say, from a timer triggered part of the application that has no connection to any logged in user, you get a javax.management.JMRuntimeException: ADMN0022E that says you don't have the rights to use JMX.

So my question is: how can I provide some credentials to the JMX operation? Is there a way to "simulate" a login programmatically, or some way to provide a authentication subject such that the call is done? And how can I avoid to put the username and password of an actual user into the code / a property file?

In case that matters: we use Websphere 6.1, and work with Spring.

Answer 1

The IBM WebSphere Application Server V6.1 Security Handbook Chapter 9.6 enlightened me:

CallbackHandler loginHandler = new com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl("username","password");
LoginContext lc = new LoginContext("WSLogin", loginHandler);
lc.login();
Subject subject = lc.getSubject();
PrivilegedAction<Whateverresulttype> action = new PrivilegedAction<Whateverresulttype>() {
    public Health run() {
        return Health.valueOf(mbean.whatevercall());
    }
};
Whateverresulttype res = (Whateverresulttype) com.ibm.websphere.security.auth.WSSubject.doAs(subject, action);

The only thing I need to find out now is how I can avoid to put credentials of an actual user into the code. 8-)