source: AE/installer2/setup_win/JRE/lib/management/jmxremote.access@ 632

Last change on this file since 632 was 613, checked in by alloc, 12 years ago

AEI2:

  • Added win-installer
File size: 3.9 KB
RevLine 
[613]1######################################################################
2# Default Access Control File for Remote JMX(TM) Monitoring
3######################################################################
4#
5# Access control file for Remote JMX API access to monitoring.
6# This file defines the allowed access for different roles. The
7# password file (jmxremote.password by default) defines the roles and their
8# passwords. To be functional, a role must have an entry in
9# both the password and the access files.
10#
11# The default location of this file is $JRE/lib/management/jmxremote.access
12# You can specify an alternate location by specifying a property in
13# the management config file $JRE/lib/management/management.properties
14# (See that file for details)
15#
16# The file format for password and access files is syntactically the same
17# as the Properties file format. The syntax is described in the Javadoc
18# for java.util.Properties.load.
19# A typical access file has multiple lines, where each line is blank,
20# a comment (like this one), or an access control entry.
21#
22# An access control entry consists of a role name, and an
23# associated access level. The role name is any string that does not
24# itself contain spaces or tabs. It corresponds to an entry in the
25# password file (jmxremote.password). The access level is one of the
26# following:
27# "readonly" grants access to read attributes of MBeans.
28# For monitoring, this means that a remote client in this
29# role can read measurements but cannot perform any action
30# that changes the environment of the running program.
31# "readwrite" grants access to read and write attributes of MBeans,
32# to invoke operations on them, and optionally
33# to create or remove them. This access should be granted
34# only to trusted clients, since they can potentially
35# interfere with the smooth operation of a running program.
36#
37# The "readwrite" access level can optionally be followed by the "create" and/or
38# "unregister" keywords. The "unregister" keyword grants access to unregister
39# (delete) MBeans. The "create" keyword grants access to create MBeans of a
40# particular class or of any class matching a particular pattern. Access
41# should only be granted to create MBeans of known and trusted classes.
42#
43# For example, the following entry would grant readwrite access
44# to "controlRole", as well as access to create MBeans of the class
45# javax.management.monitor.CounterMonitor and to unregister any MBean:
46# controlRole readwrite \
47# create javax.management.monitor.CounterMonitorMBean \
48# unregister
49# or equivalently:
50# controlRole readwrite unregister create javax.management.monitor.CounterMBean
51#
52# The following entry would grant readwrite access as well as access to create
53# MBeans of any class in the packages javax.management.monitor and
54# javax.management.timer:
55# controlRole readwrite \
56# create javax.management.monitor.*,javax.management.timer.* \
57# unregister
58#
59# The \ character is defined in the Properties file syntax to allow continuation
60# lines as shown here. A * in a class pattern matches a sequence of characters
61# other than dot (.), so javax.management.monitor.* matches
62# javax.management.monitor.CounterMonitor but not
63# javax.management.monitor.foo.Bar.
64#
65# A given role should have at most one entry in this file. If a role
66# has no entry, it has no access.
67# If multiple entries are found for the same role name, then the last
68# access entry is used.
69#
70#
71# Default access control entries:
72# o The "monitorRole" role has readonly access.
73# o The "controlRole" role has readwrite access and can create the standard
74# Timer and Monitor MBeans defined by the JMX API.
75
76monitorRole readonly
77controlRole readwrite \
78 create javax.management.monitor.*,javax.management.timer.* \
79 unregister
Note: See TracBrowser for help on using the repository browser.