+++ /dev/null
-######################################################################
-# Default Access Control File for Remote JMX(TM) Monitoring
-######################################################################
-#
-# Access control file for Remote JMX API access to monitoring.
-# This file defines the allowed access for different roles. The
-# password file (jmxremote.password by default) defines the roles and their
-# passwords. To be functional, a role must have an entry in
-# both the password and the access files.
-#
-# The default location of this file is $JRE/lib/management/jmxremote.access
-# You can specify an alternate location by specifying a property in
-# the management config file $JRE/lib/management/management.properties
-# (See that file for details)
-#
-# The file format for password and access files is syntactically the same
-# as the Properties file format. The syntax is described in the Javadoc
-# for java.util.Properties.load.
-# A typical access file has multiple lines, where each line is blank,
-# a comment (like this one), or an access control entry.
-#
-# An access control entry consists of a role name, and an
-# associated access level. The role name is any string that does not
-# itself contain spaces or tabs. It corresponds to an entry in the
-# password file (jmxremote.password). The access level is one of the
-# following:
-# "readonly" grants access to read attributes of MBeans.
-# For monitoring, this means that a remote client in this
-# role can read measurements but cannot perform any action
-# that changes the environment of the running program.
-# "readwrite" grants access to read and write attributes of MBeans,
-# to invoke operations on them, and optionally
-# to create or remove them. This access should be granted
-# only to trusted clients, since they can potentially
-# interfere with the smooth operation of a running program.
-#
-# The "readwrite" access level can optionally be followed by the "create" and/or
-# "unregister" keywords. The "unregister" keyword grants access to unregister
-# (delete) MBeans. The "create" keyword grants access to create MBeans of a
-# particular class or of any class matching a particular pattern. Access
-# should only be granted to create MBeans of known and trusted classes.
-#
-# For example, the following entry would grant readwrite access
-# to "controlRole", as well as access to create MBeans of the class
-# javax.management.monitor.CounterMonitor and to unregister any MBean:
-# controlRole readwrite \
-# create javax.management.monitor.CounterMonitorMBean \
-# unregister
-# or equivalently:
-# controlRole readwrite unregister create javax.management.monitor.CounterMBean
-#
-# The following entry would grant readwrite access as well as access to create
-# MBeans of any class in the packages javax.management.monitor and
-# javax.management.timer:
-# controlRole readwrite \
-# create javax.management.monitor.*,javax.management.timer.* \
-# unregister
-#
-# The \ character is defined in the Properties file syntax to allow continuation
-# lines as shown here. A * in a class pattern matches a sequence of characters
-# other than dot (.), so javax.management.monitor.* matches
-# javax.management.monitor.CounterMonitor but not
-# javax.management.monitor.foo.Bar.
-#
-# A given role should have at most one entry in this file. If a role
-# has no entry, it has no access.
-# If multiple entries are found for the same role name, then the last
-# access entry is used.
-#
-#
-# Default access control entries:
-# o The "monitorRole" role has readonly access.
-# o The "controlRole" role has readwrite access and can create the standard
-# Timer and Monitor MBeans defined by the JMX API.
-
-monitorRole readonly
-controlRole readwrite \
- create javax.management.monitor.*,javax.management.timer.* \
- unregister