| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- ######################################################################
- # Default Access Control File for Remote JMX(TM) Monitoring
- ######################################################################
- #
- # Access control file for Remote JMX API access to monitoring.
- # This file defines the allowed access for different roles. The
- # password file (jmxremote.password by default) defines the roles and their
- # passwords. To be functional, a role must have an entry in
- # both the password and the access files.
- #
- # The default location of this file is $JRE/lib/management/jmxremote.access
- # You can specify an alternate location by specifying a property in
- # the management config file $JRE/lib/management/management.properties
- # (See that file for details)
- #
- # The file format for password and access files is syntactically the same
- # as the Properties file format. The syntax is described in the Javadoc
- # for java.util.Properties.load.
- # A typical access file has multiple lines, where each line is blank,
- # a comment (like this one), or an access control entry.
- #
- # An access control entry consists of a role name, and an
- # associated access level. The role name is any string that does not
- # itself contain spaces or tabs. It corresponds to an entry in the
- # password file (jmxremote.password). The access level is one of the
- # following:
- # "readonly" grants access to read attributes of MBeans.
- # For monitoring, this means that a remote client in this
- # role can read measurements but cannot perform any action
- # that changes the environment of the running program.
- # "readwrite" grants access to read and write attributes of MBeans,
- # to invoke operations on them, and optionally
- # to create or remove them. This access should be granted
- # only to trusted clients, since they can potentially
- # interfere with the smooth operation of a running program.
- #
- # The "readwrite" access level can optionally be followed by the "create" and/or
- # "unregister" keywords. The "unregister" keyword grants access to unregister
- # (delete) MBeans. The "create" keyword grants access to create MBeans of a
- # particular class or of any class matching a particular pattern. Access
- # should only be granted to create MBeans of known and trusted classes.
- #
- # For example, the following entry would grant readwrite access
- # to "controlRole", as well as access to create MBeans of the class
- # javax.management.monitor.CounterMonitor and to unregister any MBean:
- # controlRole readwrite \
- # create javax.management.monitor.CounterMonitorMBean \
- # unregister
- # or equivalently:
- # controlRole readwrite unregister create javax.management.monitor.CounterMBean
- #
- # The following entry would grant readwrite access as well as access to create
- # MBeans of any class in the packages javax.management.monitor and
- # javax.management.timer:
- # controlRole readwrite \
- # create javax.management.monitor.*,javax.management.timer.* \
- # unregister
- #
- # The \ character is defined in the Properties file syntax to allow continuation
- # lines as shown here. A * in a class pattern matches a sequence of characters
- # other than dot (.), so javax.management.monitor.* matches
- # javax.management.monitor.CounterMonitor but not
- # javax.management.monitor.foo.Bar.
- #
- # A given role should have at most one entry in this file. If a role
- # has no entry, it has no access.
- # If multiple entries are found for the same role name, then the last
- # access entry is used.
- #
- #
- # Default access control entries:
- # o The "monitorRole" role has readonly access.
- # o The "controlRole" role has readwrite access and can create the standard
- # Timer and Monitor MBeans defined by the JMX API.
- monitorRole readonly
- controlRole readwrite \
- create javax.management.monitor.*,javax.management.timer.* \
- unregister
|
