86 lines
3.6 KiB
Plaintext
Raw Normal View History

grant codebase "file:/-" {
permission java.util.PropertyPermission "jmx.wait", "read";
permission java.util.PropertyPermission "jmx.rmi.port", "read";
permission java.net.SocketPermission "*", "accept,connect,resolve";
permission java.security.SecurityPermission "*";
// Attribute Caption: allow get everywhere
// ==================
// allow getAttribute(*:*,Caption) in all MBeanServers
permission javax.management.MBeanPermission "#Caption", "getAttribute";
// allow getAttribute(*:*,Caption) in all namespaces recursively.
permission javax.management.namespace.JMXNamespacePermission "Caption",
"getAttribute";
// Attribute Mood: allow get only in MBeanServers named rmi*
// ===============
// allow to get attribute Mood of Wombat MBeans only in namespaces
// whose name match rmi*, wherever they are.
// for this we need two permissions:
permission javax.management.namespace.JMXNamespacePermission
"*::Mood[**//rmi*//wombat:*]",
"getAttribute";
permission javax.management.namespace.JMXNamespacePermission
"*::Mood[rmi*//wombat:*]",
"getAttribute";
// allow to get attribute mood in any MBeanServer whose name starts with
// rmi
permission javax.management.MBeanPermission "rmi*::#Mood",
"getAttribute";
// Attribute UUID:
// ===============
// allow to get attribute "UUID" everywhere.
permission javax.management.namespace.JMXNamespacePermission
"*::UUID[*//**//:*]",
"getAttribute";
permission javax.management.MBeanPermission
"#UUID[*//:*]",
"getAttribute";
// Let getMBeanInfo and queryNames through everywhere...
//
permission javax.management.namespace.JMXNamespacePermission "[]",
"getMBeanInfo,queryNames";
permission javax.management.MBeanPermission "*",
"getMBeanInfo,queryNames";
// special permission for all wombats:
//
permission javax.management.namespace.JMXNamespacePermission
"[**//*:type=Wombat,*]",
"getObjectInstance,isInstanceOf,queryMBeans";
permission javax.management.MBeanPermission "[*:type=Wombat,*]",
"getObjectInstance,isInstanceOf,queryMBeans";
// allow JMXNamespace::getDefaultDomain
permission javax.management.namespace.JMXNamespacePermission
"*::DefaultDomain",
"getAttribute";
// These permissions are required to connect visualvm.
//
permission javax.management.MBeanPermission "default::[java.lang:*]",
"getObjectInstance,isInstanceOf,getAttribute,getMBeanInfo,queryNames,queryMBeans";
permission javax.management.MBeanPermission "root::",
"isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance,getDomains";
permission javax.management.namespace.JMXNamespacePermission
"[**//JMImplementation:type=MBeanServerDelegate]",
"addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance";
permission javax.management.MBeanPermission
"javax.management.MBeanServerDelegate",
"addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance";
// Thread monitoring
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanPermission "*::sun.management.*#*[java.lang:*]", "invoke";
};