electron-4/resources/java/jdk/conf/management/jmxremote.access

######################################################################
#     Default Access Control File for Remote JMX(TM) Monitoring
######################################################################
#
# Access control file for Remote JMX API access to monitoring.
# This file defines the allowed access for different roles.  The
# password file (jmxremote.password by default) defines the roles and their
# passwords.  To be functional, a role must have an entry in
# both the password and the access files.
#
# The default location of this file is $JRE/conf/management/jmxremote.access
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# (See that file for details)
#
# The file format for password and access files is syntactically the same
# as the Properties file format.  The syntax is described in the Javadoc
# for java.util.Properties.load.
# A typical access file has multiple lines, where each line is blank,
# a comment (like this one), or an access control entry.
#
# An access control entry consists of a role name, and an
# associated access level.  The role name is any string that does not
# itself contain spaces or tabs.  It corresponds to an entry in the
# password file (jmxremote.password).  The access level is one of the
# following:
#       "readonly" grants access to read attributes of MBeans.
#                   For monitoring, this means that a remote client in this
#                   role can read measurements but cannot perform any action
#                   that changes the environment of the running program.
#       "readwrite" grants access to read and write attributes of MBeans,
#                   to invoke operations on them, and optionally
#                   to create or remove them. This access should be granted
#                   only to trusted clients, since they can potentially
#                   interfere with the smooth operation of a running program.
#
# The "readwrite" access level can optionally be followed by the "create" and/or
# "unregister" keywords.  The "unregister" keyword grants access to unregister
# (delete) MBeans.  The "create" keyword grants access to create MBeans of a
# particular class or of any class matching a particular pattern.  Access
# should only be granted to create MBeans of known and trusted classes.
#
# For example, the following entry would grant readwrite access
# to "controlRole", as well as access to create MBeans of the class
# javax.management.monitor.CounterMonitor and to unregister any MBean:
#  controlRole readwrite \
#              create javax.management.monitor.CounterMonitorMBean \
#              unregister
# or equivalently:
#  controlRole readwrite unregister create javax.management.monitor.CounterMBean
#
# The following entry would grant readwrite access as well as access to create
# MBeans of any class in the packages javax.management.monitor and
# javax.management.timer:
#  controlRole readwrite \
#              create javax.management.monitor.*,javax.management.timer.* \
#              unregister
#
# The \ character is defined in the Properties file syntax to allow continuation
# lines as shown here.  A * in a class pattern matches a sequence of characters
# other than dot (.), so javax.management.monitor.* matches
# javax.management.monitor.CounterMonitor but not
# javax.management.monitor.foo.Bar.
#
# A given role should have at most one entry in this file.  If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last
# access entry is used.
#
#
# Default access control entries:
# o The "monitorRole" role has readonly access.
# o The "controlRole" role has readwrite access and can create the standard
#   Timer and Monitor MBeans defined by the JMX API.

monitorRole   readonly
controlRole   readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister
修改图幅 2025-09-28 16:03:15 +08:00			`######################################################################`
			`# Default Access Control File for Remote JMX(TM) Monitoring`
			`######################################################################`
			`#`
			`# Access control file for Remote JMX API access to monitoring.`
			`# This file defines the allowed access for different roles. The`
			`# password file (jmxremote.password by default) defines the roles and their`
			`# passwords. To be functional, a role must have an entry in`
			`# both the password and the access files.`
			`#`
			`# The default location of this file is $JRE/conf/management/jmxremote.access`
			`# You can specify an alternate location by specifying a property in`
			`# the management config file $JRE/conf/management/management.properties`
			`# (See that file for details)`
			`#`
			`# The file format for password and access files is syntactically the same`
			`# as the Properties file format. The syntax is described in the Javadoc`
			`# for java.util.Properties.load.`
			`# A typical access file has multiple lines, where each line is blank,`
			`# a comment (like this one), or an access control entry.`
			`#`
			`# An access control entry consists of a role name, and an`
			`# associated access level. The role name is any string that does not`
			`# itself contain spaces or tabs. It corresponds to an entry in the`
			`# password file (jmxremote.password). The access level is one of the`
			`# following:`
			`# "readonly" grants access to read attributes of MBeans.`
			`# For monitoring, this means that a remote client in this`
			`# role can read measurements but cannot perform any action`
			`# that changes the environment of the running program.`
			`# "readwrite" grants access to read and write attributes of MBeans,`
			`# to invoke operations on them, and optionally`
			`# to create or remove them. This access should be granted`
			`# only to trusted clients, since they can potentially`
			`# interfere with the smooth operation of a running program.`
			`#`
			`# The "readwrite" access level can optionally be followed by the "create" and/or`
			`# "unregister" keywords. The "unregister" keyword grants access to unregister`
			`# (delete) MBeans. The "create" keyword grants access to create MBeans of a`
			`# particular class or of any class matching a particular pattern. Access`
			`# should only be granted to create MBeans of known and trusted classes.`
			`#`
			`# For example, the following entry would grant readwrite access`
			`# to "controlRole", as well as access to create MBeans of the class`
			`# javax.management.monitor.CounterMonitor and to unregister any MBean:`
			`# controlRole readwrite \`
			`# create javax.management.monitor.CounterMonitorMBean \`
			`# unregister`
			`# or equivalently:`
			`# controlRole readwrite unregister create javax.management.monitor.CounterMBean`
			`#`
			`# The following entry would grant readwrite access as well as access to create`
			`# MBeans of any class in the packages javax.management.monitor and`
			`# javax.management.timer:`
			`# controlRole readwrite \`
			`# create javax.management.monitor.,javax.management.timer. \`
			`# unregister`
			`#`
			`# The \ character is defined in the Properties file syntax to allow continuation`
			`# lines as shown here. A * in a class pattern matches a sequence of characters`
			`# other than dot (.), so javax.management.monitor.* matches`
			`# javax.management.monitor.CounterMonitor but not`
			`# javax.management.monitor.foo.Bar.`
			`#`
			`# A given role should have at most one entry in this file. If a role`
			`# has no entry, it has no access.`
			`# If multiple entries are found for the same role name, then the last`
			`# access entry is used.`
			`#`
			`#`
			`# Default access control entries:`
			`# o The "monitorRole" role has readonly access.`
			`# o The "controlRole" role has readwrite access and can create the standard`
			`# Timer and Monitor MBeans defined by the JMX API.`

			`monitorRole readonly`
			`controlRole readwrite \`
			`create javax.management.monitor.,javax.management.timer. \`
			`unregister`