I programmatically use my server's authenticator MBean to get
information about group membership (saves me from having to query LDAP
directly). In order to do this I must establish a context as an admin
user. I don't like doing this because I must specify the password for
this account in my code, which means that if someone were to have access
to my code they would find the password which would allow them to
completely hijack my app server.

So...2 questions from this:
1-is it all possible to establish a context as admin without explicitly
providing the password? (for example, by using a context instantiated by
the server at some other point in time)
2-can i define a new role & user that only has read access to the server
MBeans (and preferably only to the security MBeans)?