Statistics
| Revision:

root / tmp / org.txm.setups / shared / win / jre / lib / management / jmxremote.access @ 2748

History | View | Annotate | Download (3.9 kB)

1
######################################################################
2
#     Default Access Control File for Remote JMX(TM) Monitoring
3
######################################################################
4
#
5
# Access control file for Remote JMX API access to monitoring.
6
# This file defines the allowed access for different roles.  The
7
# password file (jmxremote.password by default) defines the roles and their
8
# passwords.  To be functional, a role must have an entry in
9
# both the password and the access files.
10
#
11
# The default location of this file is $JRE/lib/management/jmxremote.access
12
# You can specify an alternate location by specifying a property in 
13
# the management config file $JRE/lib/management/management.properties
14
# (See that file for details)
15
#
16
# The file format for password and access files is syntactically the same
17
# as the Properties file format.  The syntax is described in the Javadoc
18
# for java.util.Properties.load.
19
# A typical access file has multiple lines, where each line is blank,
20
# a comment (like this one), or an access control entry.
21
#
22
# An access control entry consists of a role name, and an
23
# associated access level.  The role name is any string that does not
24
# itself contain spaces or tabs.  It corresponds to an entry in the
25
# password file (jmxremote.password).  The access level is one of the
26
# following:
27
#       "readonly" grants access to read attributes of MBeans.
28
#                   For monitoring, this means that a remote client in this
29
#                   role can read measurements but cannot perform any action
30
#                   that changes the environment of the running program.
31
#       "readwrite" grants access to read and write attributes of MBeans,
32
#                   to invoke operations on them, and optionally
33
#                   to create or remove them. This access should be granted
34
#                   only to trusted clients, since they can potentially
35
#                   interfere with the smooth operation of a running program.
36
#
37
# The "readwrite" access level can optionally be followed by the "create" and/or
38
# "unregister" keywords.  The "unregister" keyword grants access to unregister
39
# (delete) MBeans.  The "create" keyword grants access to create MBeans of a
40
# particular class or of any class matching a particular pattern.  Access
41
# should only be granted to create MBeans of known and trusted classes.
42
#
43
# For example, the following entry would grant readwrite access
44
# to "controlRole", as well as access to create MBeans of the class
45
# javax.management.monitor.CounterMonitor and to unregister any MBean:
46
#  controlRole readwrite \
47
#              create javax.management.monitor.CounterMonitorMBean \
48
#              unregister
49
# or equivalently:
50
#  controlRole readwrite unregister create javax.management.monitor.CounterMBean
51
#
52
# The following entry would grant readwrite access as well as access to create
53
# MBeans of any class in the packages javax.management.monitor and
54
# javax.management.timer:
55
#  controlRole readwrite \
56
#              create javax.management.monitor.*,javax.management.timer.* \
57
#              unregister
58
#
59
# The \ character is defined in the Properties file syntax to allow continuation
60
# lines as shown here.  A * in a class pattern matches a sequence of characters
61
# other than dot (.), so javax.management.monitor.* matches
62
# javax.management.monitor.CounterMonitor but not
63
# javax.management.monitor.foo.Bar.
64
#
65
# A given role should have at most one entry in this file.  If a role
66
# has no entry, it has no access.
67
# If multiple entries are found for the same role name, then the last
68
# access entry is used.
69
#
70
#
71
# Default access control entries:
72
# o The "monitorRole" role has readonly access.  
73
# o The "controlRole" role has readwrite access and can create the standard
74
#   Timer and Monitor MBeans defined by the JMX API.
75

    
76
monitorRole   readonly
77
controlRole   readwrite \
78
              create javax.management.monitor.*,javax.management.timer.* \
79
              unregister