--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/management/namespace/namespace.policy Thu Sep 04 14:46:36 2008 +0200
@@ -0,0 +1,85 @@
+grant codebase "file:/-" {
+ permission java.util.PropertyPermission "jmx.wait", "read";
+ permission java.util.PropertyPermission "jmx.rmi.port", "read";
+ permission java.net.SocketPermission "*", "accept,connect,resolve";
+ permission java.security.SecurityPermission "*";
+
+ // Attribute Caption: allow get everywhere
+ // ==================
+
+ // allow getAttribute(*:*,Caption) in all MBeanServers
+ permission javax.management.MBeanPermission "#Caption", "getAttribute";
+ // allow getAttribute(*:*,Caption) in all namespaces recursively.
+ permission javax.management.namespace.JMXNamespacePermission "Caption",
+ "getAttribute";
+
+ // Attribute Mood: allow get only in MBeanServers named rmi*
+ // ===============
+
+ // allow to get attribute Mood of Wombat MBeans only in namespaces
+ // whose name match rmi*, wherever they are.
+ // for this we need two permissions:
+ permission javax.management.namespace.JMXNamespacePermission
+ "*::Mood[**//rmi*//wombat:*]",
+ "getAttribute";
+ permission javax.management.namespace.JMXNamespacePermission
+ "*::Mood[rmi*//wombat:*]",
+ "getAttribute";
+
+ // allow to get attribute mood in any MBeanServer whose name starts with
+ // rmi
+ permission javax.management.MBeanPermission "rmi*::#Mood",
+ "getAttribute";
+
+ // Attribute UUID:
+ // ===============
+
+ // allow to get attribute "UUID" everywhere.
+ permission javax.management.namespace.JMXNamespacePermission
+ "*::UUID[*//**//:*]",
+ "getAttribute";
+ permission javax.management.MBeanPermission
+ "#UUID[*//:*]",
+ "getAttribute";
+
+
+
+ // Let getMBeanInfo and queryNames through everywhere...
+ //
+ permission javax.management.namespace.JMXNamespacePermission "[]",
+ "getMBeanInfo,queryNames";
+ permission javax.management.MBeanPermission "*",
+ "getMBeanInfo,queryNames";
+
+ // special permission for all wombats:
+ //
+ permission javax.management.namespace.JMXNamespacePermission
+ "[**//*:type=Wombat,*]",
+ "getObjectInstance,isInstanceOf,queryMBeans";
+ permission javax.management.MBeanPermission "[*:type=Wombat,*]",
+ "getObjectInstance,isInstanceOf,queryMBeans";
+
+ // allow JMXNamespace::getDefaultDomain
+ permission javax.management.namespace.JMXNamespacePermission
+ "*::DefaultDomain",
+ "getAttribute";
+
+ // These permissions are required to connect visualvm.
+ //
+ permission javax.management.MBeanPermission "default::[java.lang:*]",
+ "getObjectInstance,isInstanceOf,getAttribute,getMBeanInfo,queryNames,queryMBeans";
+ permission javax.management.MBeanPermission "root::",
+ "isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance,getDomains";
+ permission javax.management.namespace.JMXNamespacePermission
+ "[**//JMImplementation:type=MBeanServerDelegate]",
+ "addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance";
+ permission javax.management.MBeanPermission
+ "javax.management.MBeanServerDelegate",
+ "addNotificationListener,removeNotificationListener,isInstanceOf,queryNames,queryMBeans,getAttribute,getMBeanInfo,getObjectInstance";
+
+ // Thread monitoring
+ permission java.lang.management.ManagementPermission "monitor";
+ permission javax.management.MBeanPermission "*::sun.management.*#*[java.lang:*]", "invoke";
+};
+
+