80 lines
		
	
	
		
			3.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			80 lines
		
	
	
		
			3.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| ######################################################################
 | |
| #     Default Access Control File for Remote JMX(TM) Monitoring
 | |
| ######################################################################
 | |
| #
 | |
| # Access control file for Remote JMX API access to monitoring.
 | |
| # This file defines the allowed access for different roles.  The
 | |
| # password file (jmxremote.password by default) defines the roles and their
 | |
| # passwords.  To be functional, a role must have an entry in
 | |
| # both the password and the access files.
 | |
| #
 | |
| # The default location of this file is $JRE/conf/management/jmxremote.access
 | |
| # You can specify an alternate location by specifying a property in
 | |
| # the management config file $JRE/conf/management/management.properties
 | |
| # (See that file for details)
 | |
| #
 | |
| # The file format for password and access files is syntactically the same
 | |
| # as the Properties file format.  The syntax is described in the Javadoc
 | |
| # for java.util.Properties.load.
 | |
| # A typical access file has multiple lines, where each line is blank,
 | |
| # a comment (like this one), or an access control entry.
 | |
| #
 | |
| # An access control entry consists of a role name, and an
 | |
| # associated access level.  The role name is any string that does not
 | |
| # itself contain spaces or tabs.  It corresponds to an entry in the
 | |
| # password file (jmxremote.password).  The access level is one of the
 | |
| # following:
 | |
| #       "readonly" grants access to read attributes of MBeans.
 | |
| #                   For monitoring, this means that a remote client in this
 | |
| #                   role can read measurements but cannot perform any action
 | |
| #                   that changes the environment of the running program.
 | |
| #       "readwrite" grants access to read and write attributes of MBeans,
 | |
| #                   to invoke operations on them, and optionally
 | |
| #                   to create or remove them. This access should be granted
 | |
| #                   only to trusted clients, since they can potentially
 | |
| #                   interfere with the smooth operation of a running program.
 | |
| #
 | |
| # The "readwrite" access level can optionally be followed by the "create" and/or
 | |
| # "unregister" keywords.  The "unregister" keyword grants access to unregister
 | |
| # (delete) MBeans.  The "create" keyword grants access to create MBeans of a
 | |
| # particular class or of any class matching a particular pattern.  Access
 | |
| # should only be granted to create MBeans of known and trusted classes.
 | |
| #
 | |
| # For example, the following entry would grant readwrite access
 | |
| # to "controlRole", as well as access to create MBeans of the class
 | |
| # javax.management.monitor.CounterMonitor and to unregister any MBean:
 | |
| #  controlRole readwrite \
 | |
| #              create javax.management.monitor.CounterMonitorMBean \
 | |
| #              unregister
 | |
| # or equivalently:
 | |
| #  controlRole readwrite unregister create javax.management.monitor.CounterMBean
 | |
| #
 | |
| # The following entry would grant readwrite access as well as access to create
 | |
| # MBeans of any class in the packages javax.management.monitor and
 | |
| # javax.management.timer:
 | |
| #  controlRole readwrite \
 | |
| #              create javax.management.monitor.*,javax.management.timer.* \
 | |
| #              unregister
 | |
| #
 | |
| # The \ character is defined in the Properties file syntax to allow continuation
 | |
| # lines as shown here.  A * in a class pattern matches a sequence of characters
 | |
| # other than dot (.), so javax.management.monitor.* matches
 | |
| # javax.management.monitor.CounterMonitor but not
 | |
| # javax.management.monitor.foo.Bar.
 | |
| #
 | |
| # A given role should have at most one entry in this file.  If a role
 | |
| # has no entry, it has no access.
 | |
| # If multiple entries are found for the same role name, then the last
 | |
| # access entry is used.
 | |
| #
 | |
| #
 | |
| # Default access control entries:
 | |
| # o The "monitorRole" role has readonly access.
 | |
| # o The "controlRole" role has readwrite access and can create the standard
 | |
| #   Timer and Monitor MBeans defined by the JMX API.
 | |
| 
 | |
| monitorRole   readonly
 | |
| controlRole   readwrite \
 | |
|               create javax.management.monitor.*,javax.management.timer.* \
 | |
|               unregister
 |