86 lines
3.6 KiB
Plaintext
86 lines
3.6 KiB
Plaintext
|
grant codebase "file:/-" {
|
||
|
permission java.util.PropertyPermission "jmx.wait", "read";
|
||
|
permission java.util.PropertyPermission "jmx.rmi.port", "read";
|
||
|
permission java.net.SocketPermission "*", "accept,connect,resolve";
|
||
|
permission java.security.SecurityPermission "*";
|
||
|
|
||
|
// Attribute Caption: allow get everywhere
|
||
|
// ==================
|
||
|
|
||
|
// allow getAttribute(*:*,Caption) in all MBeanServers
|
||
|
permission javax.management.MBeanPermission "#Caption", "getAttribute";
|
||
|
// allow getAttribute(*:*,Caption) in all namespaces recursively.
|
||
|
permission javax.management.namespace.JMXNamespacePermission "Caption",
|
||
|
"getAttribute";
|
||
|
|
||
|
// Attribute Mood: allow get only in MBeanServers named rmi*
|
||
|
// ===============
|
||
|
|
||
|
// allow to get attribute Mood of Wombat MBeans only in namespaces
|
||
|
// whose name match rmi*, wherever they are.
|
||
|
// for this we need two permissions:
|
||
|
permission javax.management.namespace.JMXNamespacePermission
|
||
|
"*::Mood[**//rmi*//wombat:*]",
|
||
|
"getAttribute";
|
||
|
permission javax.management.namespace.JMXNamespacePermission
|
||
|
"*::Mood[rmi*//wombat:*]",
|
||
|
"getAttribute";
|
||
|
|
||
|
// allow to get attribute mood in any MBeanServer whose name starts with
|
||
|
// rmi
|
||
|
permission javax.management.MBeanPermission "rmi*::#Mood",
|
||
|
"getAttribute";
|
||
|
|
||
|
// Attribute UUID:
|
||
|
// ===============
|
||
|
|
||
|
// allow to get attribute "UUID" everywhere.
|
||
|
permission javax.management.namespace.JMXNamespacePermission
|
||
|
"*::UUID[*//**//:*]",
|
||
|
"getAttribute";
|
||
|
permission javax.management.MBeanPermission
|
||
|
"#UUID[*//:*]",
|
||
|
"getAttribute";
|
||
|
|
||
|
|
||
|
|
||
|
// Let getMBeanInfo and queryNames through everywhere...
|
||
|
//
|
||
|
permission javax.management.namespace.JMXNamespacePermission "[]",
|
||
|
"getMBeanInfo,queryNames";
|
||
|
permission javax.management.MBeanPermission "*",
|
||
|
"getMBeanInfo,queryNames";
|
||
|
|
||
|
// special permission for all wombats:
|
||
|
//
|
||
|
permission javax.management.namespace.JMXNamespacePermission
|
||
|
"[**//*:type=Wombat,*]",
|
||
|
"getObjectInstance,isInstanceOf,queryMBeans";
|
||
|
permission javax.management.MBeanPermission "[*:type=Wombat,*]",
|
||
|
"getObjectInstance,isInstanceOf,queryMBeans";
|
||
|
|
||
|
// allow JMXNamespace::getDefaultDomain
|
||
|
permission javax.management.namespace.JMXNamespacePermission
|
||
|
"*::DefaultDomain",
|
||
|
"getAttribute";
|
||
|
|
||
|
// These permissions are required to connect visualvm.
|
||
|
//
|
||
|
permission javax.management.MBeanPermission "default::[java.lang:*]",
|
||
|
"getObjectInstance,isInstanceOf,getAttribute,getMBeanInfo,queryNames,queryMBeans";
|
||
|
permission javax.management.MBeanPermission "root::",
|
||
|
"isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance,getDomains";
|
||
|
permission javax.management.namespace.JMXNamespacePermission
|
||
|
"[**//JMImplementation:type=MBeanServerDelegate]",
|
||
|
"addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance";
|
||
|
permission javax.management.MBeanPermission
|
||
|
"javax.management.MBeanServerDelegate",
|
||
|
"addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance";
|
||
|
|
||
|
// Thread monitoring
|
||
|
permission java.lang.management.ManagementPermission "monitor";
|
||
|
permission javax.management.MBeanPermission "*::sun.management.*#*[java.lang:*]", "invoke";
|
||
|
};
|
||
|
|
||
|
|