|
1 grant codebase "file:/-" { |
|
2 permission java.util.PropertyPermission "jmx.wait", "read"; |
|
3 permission java.util.PropertyPermission "jmx.rmi.port", "read"; |
|
4 permission java.net.SocketPermission "*", "accept,connect,resolve"; |
|
5 permission java.security.SecurityPermission "*"; |
|
6 |
|
7 // Attribute Caption: allow get everywhere |
|
8 // ================== |
|
9 |
|
10 // allow getAttribute(*:*,Caption) in all MBeanServers |
|
11 permission javax.management.MBeanPermission "#Caption", "getAttribute"; |
|
12 // allow getAttribute(*:*,Caption) in all namespaces recursively. |
|
13 permission javax.management.namespace.JMXNamespacePermission "Caption", |
|
14 "getAttribute"; |
|
15 |
|
16 // Attribute Mood: allow get only in MBeanServers named rmi* |
|
17 // =============== |
|
18 |
|
19 // allow to get attribute Mood of Wombat MBeans only in namespaces |
|
20 // whose name match rmi*, wherever they are. |
|
21 // for this we need two permissions: |
|
22 permission javax.management.namespace.JMXNamespacePermission |
|
23 "*::Mood[**//rmi*//wombat:*]", |
|
24 "getAttribute"; |
|
25 permission javax.management.namespace.JMXNamespacePermission |
|
26 "*::Mood[rmi*//wombat:*]", |
|
27 "getAttribute"; |
|
28 |
|
29 // allow to get attribute mood in any MBeanServer whose name starts with |
|
30 // rmi |
|
31 permission javax.management.MBeanPermission "rmi*::#Mood", |
|
32 "getAttribute"; |
|
33 |
|
34 // Attribute UUID: |
|
35 // =============== |
|
36 |
|
37 // allow to get attribute "UUID" everywhere. |
|
38 permission javax.management.namespace.JMXNamespacePermission |
|
39 "*::UUID[*//**//:*]", |
|
40 "getAttribute"; |
|
41 permission javax.management.MBeanPermission |
|
42 "#UUID[*//:*]", |
|
43 "getAttribute"; |
|
44 |
|
45 |
|
46 |
|
47 // Let getMBeanInfo and queryNames through everywhere... |
|
48 // |
|
49 permission javax.management.namespace.JMXNamespacePermission "[]", |
|
50 "getMBeanInfo,queryNames"; |
|
51 permission javax.management.MBeanPermission "*", |
|
52 "getMBeanInfo,queryNames"; |
|
53 |
|
54 // special permission for all wombats: |
|
55 // |
|
56 permission javax.management.namespace.JMXNamespacePermission |
|
57 "[**//*:type=Wombat,*]", |
|
58 "getObjectInstance,isInstanceOf,queryMBeans"; |
|
59 permission javax.management.MBeanPermission "[*:type=Wombat,*]", |
|
60 "getObjectInstance,isInstanceOf,queryMBeans"; |
|
61 |
|
62 // allow JMXNamespace::getDefaultDomain |
|
63 permission javax.management.namespace.JMXNamespacePermission |
|
64 "*::DefaultDomain", |
|
65 "getAttribute"; |
|
66 |
|
67 // These permissions are required to connect visualvm. |
|
68 // |
|
69 permission javax.management.MBeanPermission "default::[java.lang:*]", |
|
70 "getObjectInstance,isInstanceOf,getAttribute,getMBeanInfo,queryNames,queryMBeans"; |
|
71 permission javax.management.MBeanPermission "root::", |
|
72 "isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance,getDomains"; |
|
73 permission javax.management.namespace.JMXNamespacePermission |
|
74 "[**//JMImplementation:type=MBeanServerDelegate]", |
|
75 "addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance"; |
|
76 permission javax.management.MBeanPermission |
|
77 "javax.management.MBeanServerDelegate", |
|
78 "addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance"; |
|
79 |
|
80 // Thread monitoring |
|
81 permission java.lang.management.ManagementPermission "monitor"; |
|
82 permission javax.management.MBeanPermission "*::sun.management.*#*[java.lang:*]", "invoke"; |
|
83 }; |
|
84 |
|
85 |