I've got some MBean operations that I need to secure. I would like the users to be required to log in as the server admin and I would like this to be setup programmaticly or, preferably by a config file in the WAR, when the app is deployed. I want to avoid requiring the admin to set this up as a deployment step.
We're running glassfish, but platform neutral is preferred. However, glassfish specific config files would be fine.
By default, the Sun JDK allows you to perform access control by putting credentials in the filesystem, which would live outside your jar. See the management guide for details.
However, since you want to control things from within your app, you can use JAAS to replace the file-based configuration with your own. See the java docs on com.sun.jmx.remote.security.JMXPluggableAuthenticator for details.
You could programmatically inject your own JAAS provider, and then manage the authentication details however you like.