You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
80 lines
3.9 KiB
Plaintext
80 lines
3.9 KiB
Plaintext
2 years ago
|
######################################################################
|
||
|
# Default Access Control File for Remote JMX(TM) Monitoring
|
||
|
######################################################################
|
||
|
#
|
||
|
# Access control file for Remote JMX API access to monitoring.
|
||
|
# This file defines the allowed access for different roles. The
|
||
|
# password file (jmxremote.password by default) defines the roles and their
|
||
|
# passwords. To be functional, a role must have an entry in
|
||
|
# both the password and the access files.
|
||
|
#
|
||
|
# The default location of this file is $JRE/conf/management/jmxremote.access
|
||
|
# You can specify an alternate location by specifying a property in
|
||
|
# the management config file $JRE/conf/management/management.properties
|
||
|
# (See that file for details)
|
||
|
#
|
||
|
# The file format for password and access files is syntactically the same
|
||
|
# as the Properties file format. The syntax is described in the Javadoc
|
||
|
# for java.util.Properties.load.
|
||
|
# A typical access file has multiple lines, where each line is blank,
|
||
|
# a comment (like this one), or an access control entry.
|
||
|
#
|
||
|
# An access control entry consists of a role name, and an
|
||
|
# associated access level. The role name is any string that does not
|
||
|
# itself contain spaces or tabs. It corresponds to an entry in the
|
||
|
# password file (jmxremote.password). The access level is one of the
|
||
|
# following:
|
||
|
# "readonly" grants access to read attributes of MBeans.
|
||
|
# For monitoring, this means that a remote client in this
|
||
|
# role can read measurements but cannot perform any action
|
||
|
# that changes the environment of the running program.
|
||
|
# "readwrite" grants access to read and write attributes of MBeans,
|
||
|
# to invoke operations on them, and optionally
|
||
|
# to create or remove them. This access should be granted
|
||
|
# only to trusted clients, since they can potentially
|
||
|
# interfere with the smooth operation of a running program.
|
||
|
#
|
||
|
# The "readwrite" access level can optionally be followed by the "create" and/or
|
||
|
# "unregister" keywords. The "unregister" keyword grants access to unregister
|
||
|
# (delete) MBeans. The "create" keyword grants access to create MBeans of a
|
||
|
# particular class or of any class matching a particular pattern. Access
|
||
|
# should only be granted to create MBeans of known and trusted classes.
|
||
|
#
|
||
|
# For example, the following entry would grant readwrite access
|
||
|
# to "controlRole", as well as access to create MBeans of the class
|
||
|
# javax.management.monitor.CounterMonitor and to unregister any MBean:
|
||
|
# controlRole readwrite \
|
||
|
# create javax.management.monitor.CounterMonitorMBean \
|
||
|
# unregister
|
||
|
# or equivalently:
|
||
|
# controlRole readwrite unregister create javax.management.monitor.CounterMBean
|
||
|
#
|
||
|
# The following entry would grant readwrite access as well as access to create
|
||
|
# MBeans of any class in the packages javax.management.monitor and
|
||
|
# javax.management.timer:
|
||
|
# controlRole readwrite \
|
||
|
# create javax.management.monitor.*,javax.management.timer.* \
|
||
|
# unregister
|
||
|
#
|
||
|
# The \ character is defined in the Properties file syntax to allow continuation
|
||
|
# lines as shown here. A * in a class pattern matches a sequence of characters
|
||
|
# other than dot (.), so javax.management.monitor.* matches
|
||
|
# javax.management.monitor.CounterMonitor but not
|
||
|
# javax.management.monitor.foo.Bar.
|
||
|
#
|
||
|
# A given role should have at most one entry in this file. If a role
|
||
|
# has no entry, it has no access.
|
||
|
# If multiple entries are found for the same role name, then the last
|
||
|
# access entry is used.
|
||
|
#
|
||
|
#
|
||
|
# Default access control entries:
|
||
|
# o The "monitorRole" role has readonly access.
|
||
|
# o The "controlRole" role has readwrite access and can create the standard
|
||
|
# Timer and Monitor MBeans defined by the JMX API.
|
||
|
|
||
|
monitorRole readonly
|
||
|
controlRole readwrite \
|
||
|
create javax.management.monitor.*,javax.management.timer.* \
|
||
|
unregister
|