3130N/A######################################################################
3130N/A# Default Access Control File for Remote JMX(TM) Monitoring
3130N/A######################################################################
3130N/A# Access control file for Remote JMX API access to monitoring.
3130N/A# This file defines the allowed access for different roles. The
3130N/A# passwords. To be functional, a role must have an entry in
3130N/A# both the password and the access files.
3130N/A# You can specify an alternate location by specifying a property in
3130N/A# (See that file for details)
3130N/A# The file format for password and access files is syntactically the same
3130N/A# as the Properties file format. The syntax is described in the Javadoc
3130N/A# A typical access file has multiple lines, where each line is blank,
3130N/A# a comment (like this one), or an access control entry.
3130N/A# An access control entry consists of a role name, and an
3130N/A# associated access level. The role name is any string that does not
3130N/A# itself contain spaces or tabs. It corresponds to an entry in the
3130N/A# "readonly" grants access to read attributes of MBeans.
3130N/A# For monitoring, this means that a remote client in this
3130N/A# role can read measurements but cannot perform any action
3130N/A# that changes the environment of the running program.
3130N/A# "readwrite" grants access to read and write attributes of MBeans,
3130N/A# to invoke operations on them, and optionally
3130N/A# to create or remove them. This access should be granted
3130N/A# only to trusted clients, since they can potentially
3130N/A# interfere with the smooth operation of a running program.
3130N/A# The "readwrite" access level can optionally be followed by the "create"
and/or 3130N/A# "unregister" keywords. The "unregister" keyword grants access to unregister
3130N/A# (delete) MBeans. The "create" keyword grants access to create MBeans of a
3130N/A# particular class or of any class matching a particular pattern. Access
3130N/A# should only be granted to create MBeans of known and trusted classes.
3130N/A# For example, the following entry would grant readwrite access
3130N/A# to "controlRole", as well as access to create MBeans of the class
3130N/A# The following entry would grant readwrite access as well as access to create
3206N/A# The \ character is defined in the Properties file syntax to allow continuation
3130N/A# lines as shown here. A * in a class pattern matches a sequence of characters
3130N/A# A given role should have at most one entry in this file. If a role
3130N/A# has no entry, it has no access.
3130N/A# If multiple entries are found for the same role name, then the last
# Default access control entries:
# o The "monitorRole" role has readonly access.
# o The "controlRole" role has readwrite access and can create the standard
# Timer and Monitor MBeans defined by the JMX API.