| ##################################################################### |
| # Default Configuration File for Java Platform Management |
| ##################################################################### |
| # |
| # The Management Configuration file (in java.util.Properties format) |
| # will be read if one of the following system properties is set: |
| # -Dcom.sun.management.jmxremote.port=<port-number> |
| # or -Dcom.sun.management.config.file=<this-file> |
| # |
| # The default Management Configuration file is: |
| # |
| # $JRE/conf/management/management.properties |
| # |
| # Another location for the Management Configuration File can be specified |
| # by the following property on the Java command line: |
| # |
| # -Dcom.sun.management.config.file=<this-file> |
| # |
| # If -Dcom.sun.management.config.file=<this-file> is set, the port |
| # number for the management agent can be specified in the config file |
| # using the following lines: |
| # |
| # ################ Management Agent Port ######################### |
| # |
| # For setting the JMX RMI agent port use the following line |
| # com.sun.management.jmxremote.port=<port-number> |
| # |
| # For setting the JMX local server port use the following line |
| # com.sun.management.jmxremote.local.port=<port-number> |
| |
| ##################################################################### |
| # Optional Instrumentation |
| ##################################################################### |
| # |
| # By default only the basic instrumentation with low overhead is on. |
| # The following properties allow to selectively turn on optional |
| # instrumentation which are off by default and may have some |
| # additional overhead. |
| # |
| # com.sun.management.enableThreadContentionMonitoring |
| # |
| # This option enables thread contention monitoring if the |
| # Java virtual machine supports such instrumentation. |
| # Refer to the specification for the java.lang.management.ThreadMXBean |
| # interface - see isThreadContentionMonitoringSupported() method. |
| # |
| |
| # To enable thread contention monitoring, uncomment the following line |
| # com.sun.management.enableThreadContentionMonitoring |
| |
| ##################################################################### |
| # RMI Management Properties |
| ##################################################################### |
| # |
| # If system property -Dcom.sun.management.jmxremote.port=<port-number> |
| # is set then |
| # - A MBean server is started |
| # - JRE Platform MBeans are registered in the MBean server |
| # - RMI connector is published in a private readonly registry at |
| # specified port using a well known name, "jmxrmi" |
| # - the following properties are read for JMX remote management. |
| # |
| # The configuration can be specified only at startup time. |
| # Later changes to above system property (e.g. via setProperty method), |
| # this config file, the password file, or the access file have no effect to the |
| # running MBean server, the connector, or the registry. |
| # |
| |
| # |
| # ########## RMI connector settings for local management ########## |
| # |
| # com.sun.management.jmxremote.local.only=true|false |
| # Default for this property is true. (Case for true/false ignored) |
| # If this property is specified as true then the local JMX RMI connector |
| # server will only accept connection requests from clients running on |
| # the host where the out-of-the-box JMX management agent is running. |
| # In order to ensure backwards compatibility this property could be |
| # set to false. However, deploying the local management agent in this |
| # way is discouraged because the local JMX RMI connector server will |
| # accept connection requests from any client either local or remote. |
| # For remote management the remote JMX RMI connector server should |
| # be used instead with authentication and SSL/TLS encryption enabled. |
| # |
| |
| # For allowing the local management agent accept local |
| # and remote connection requests use the following line |
| # com.sun.management.jmxremote.local.only=false |
| |
| # |
| # ###################### RMI SSL ############################# |
| # |
| # com.sun.management.jmxremote.ssl=true|false |
| # Default for this property is true. (Case for true/false ignored) |
| # If this property is specified as false then SSL is not used. |
| # |
| |
| # For RMI monitoring without SSL use the following line |
| # com.sun.management.jmxremote.ssl=false |
| |
| # com.sun.management.jmxremote.ssl.config.file=filepath |
| # Specifies the location of the SSL configuration file. A properties |
| # file can be used to supply the keystore and truststore location and |
| # password settings thus avoiding to pass them as cleartext in the |
| # command-line. |
| # |
| # The current implementation of the out-of-the-box management agent will |
| # look up and use the properties specified below to configure the SSL |
| # keystore and truststore, if present: |
| # javax.net.ssl.keyStore=<keystore-location> |
| # javax.net.ssl.keyStorePassword=<keystore-password> |
| # javax.net.ssl.trustStore=<truststore-location> |
| # javax.net.ssl.trustStorePassword=<truststore-password> |
| # Any other properties in the file will be ignored. This will allow us |
| # to extend the property set in the future if required by the default |
| # SSL implementation. |
| # |
| # If the property "com.sun.management.jmxremote.ssl" is set to false, |
| # then this property is ignored. |
| # |
| |
| # For supplying the keystore settings in a file use the following line |
| # com.sun.management.jmxremote.ssl.config.file=filepath |
| |
| # com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites> |
| # The value of this property is a string that is a comma-separated list |
| # of SSL/TLS cipher suites to enable. This property can be specified in |
| # conjunction with the previous property "com.sun.management.jmxremote.ssl" |
| # in order to control which particular SSL/TLS cipher suites are enabled |
| # for use by accepted connections. If this property is not specified then |
| # the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that |
| # are enabled by default. |
| # |
| |
| # com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions> |
| # The value of this property is a string that is a comma-separated list |
| # of SSL/TLS protocol versions to enable. This property can be specified in |
| # conjunction with the previous property "com.sun.management.jmxremote.ssl" |
| # in order to control which particular SSL/TLS protocol versions are |
| # enabled for use by accepted connections. If this property is not |
| # specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS |
| # protocol versions that are enabled by default. |
| # |
| |
| # com.sun.management.jmxremote.ssl.need.client.auth=true|false |
| # Default for this property is false. (Case for true/false ignored) |
| # If this property is specified as true in conjunction with the previous |
| # property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server |
| # Socket Factory will require client authentication. |
| # |
| |
| # For RMI monitoring with SSL client authentication use the following line |
| # com.sun.management.jmxremote.ssl.need.client.auth=true |
| |
| # com.sun.management.jmxremote.registry.ssl=true|false |
| # Default for this property is false. (Case for true/false ignored) |
| # If this property is specified as true then the RMI registry used |
| # to bind the RMIServer remote object is protected with SSL/TLS |
| # RMI Socket Factories that can be configured with the properties: |
| # com.sun.management.jmxremote.ssl.config.file |
| # com.sun.management.jmxremote.ssl.enabled.cipher.suites |
| # com.sun.management.jmxremote.ssl.enabled.protocols |
| # com.sun.management.jmxremote.ssl.need.client.auth |
| # If the two properties below are true at the same time, i.e. |
| # com.sun.management.jmxremote.ssl=true |
| # com.sun.management.jmxremote.registry.ssl=true |
| # then the RMIServer remote object and the RMI registry are |
| # both exported with the same SSL/TLS RMI Socket Factories. |
| # |
| |
| # For using an SSL/TLS protected RMI registry use the following line |
| # com.sun.management.jmxremote.registry.ssl=true |
| |
| # |
| # ################ RMI User authentication ################ |
| # |
| # com.sun.management.jmxremote.authenticate=true|false |
| # Default for this property is true. (Case for true/false ignored) |
| # If this property is specified as false then no authentication is |
| # performed and all users are allowed all access. |
| # |
| |
| # For RMI monitoring without any checking use the following line |
| # com.sun.management.jmxremote.authenticate=false |
| |
| # |
| # ################ RMI Login configuration ################### |
| # |
| # com.sun.management.jmxremote.login.config=<config-name> |
| # Specifies the name of a JAAS login configuration entry to use when |
| # authenticating users of RMI monitoring. |
| # |
| # Setting this property is optional - the default login configuration |
| # specifies a file-based authentication that uses the password file. |
| # |
| # When using this property to override the default login configuration |
| # then the named configuration entry must be in a file that gets loaded |
| # by JAAS. In addition, the login module(s) specified in the configuration |
| # should use the name and/or password callbacks to acquire the user's |
| # credentials. See the NameCallback and PasswordCallback classes in the |
| # javax.security.auth.callback package for more details. |
| # |
| # If the property "com.sun.management.jmxremote.authenticate" is set to |
| # false, then this property and the password & access files are ignored. |
| # |
| |
| # For a non-default login configuration use the following line |
| # com.sun.management.jmxremote.login.config=<config-name> |
| |
| # |
| # ################ RMI Password file location ################## |
| # |
| # com.sun.management.jmxremote.password.file=filepath |
| # Specifies location for password file |
| # This is optional - default location is |
| # $JRE/conf/management/jmxremote.password |
| # |
| # If the property "com.sun.management.jmxremote.authenticate" is set to |
| # false, then this property and the password & access files are ignored. |
| # Otherwise the password file must exist and be in the valid format. |
| # If the password file is empty or non-existent then no access is allowed. |
| # |
| |
| # For a non-default password file location use the following line |
| # com.sun.management.jmxremote.password.file=filepath |
| |
| # |
| # ################# Hash passwords in password file ############## |
| # com.sun.management.jmxremote.password.toHashes = true|false |
| # Default for this property is true. |
| # Specifies if passwords in the password file should be hashed or not. |
| # If this property is true, and if the password file is writable, and if the |
| # system security policy allows writing into the password file, |
| # all the clear passwords in the password file will be replaced by |
| # their SHA3-512 hash when the file is read by the server |
| # |
| |
| # |
| # ################ RMI Access file location ##################### |
| # |
| # com.sun.management.jmxremote.access.file=filepath |
| # Specifies location for access file |
| # This is optional - default location is |
| # $JRE/conf/management/jmxremote.access |
| # |
| # If the property "com.sun.management.jmxremote.authenticate" is set to |
| # false, then this property and the password & access files are ignored. |
| # Otherwise, the access file must exist and be in the valid format. |
| # If the access file is empty or non-existent then no access is allowed. |
| # |
| |
| # For a non-default password file location use the following line |
| # com.sun.management.jmxremote.access.file=filepath |
| # |
| |
| # ################ Management agent listen interface ######################### |
| # |
| # com.sun.management.jmxremote.host=<host-or-interface-name> |
| # Specifies the local interface on which the JMX RMI agent will bind. |
| # This is useful when running on machines which have several |
| # interfaces defined. It makes it possible to listen to a specific |
| # subnet accessible through that interface. |
| # |
| # The format of the value for that property is any string accepted |
| # by java.net.InetAddress.getByName(String). |
| # |
| |
| # ################ Filter for ObjectInputStream ############################# |
| # com.sun.management.jmxremote.serial.filter.pattern=<filter-string> |
| # A filter, if configured, is used by java.io.ObjectInputStream during |
| # deserialization of parameters sent to the JMX default agent to validate the |
| # contents of the stream. |
| # A filter is configured as a sequence of patterns, each pattern is either |
| # matched against the name of a class in the stream or defines a limit. |
| # Patterns are separated by ";" (semicolon). |
| # Whitespace is significant and is considered part of the pattern. |
| # |
| # If a pattern includes a "=", it sets a limit. |
| # If a limit appears more than once the last value is used. |
| # Limits are checked before classes regardless of the order in the sequence of patterns. |
| # If any of the limits are exceeded, the filter status is REJECTED. |
| # |
| # maxdepth=value - the maximum depth of a graph |
| # maxrefs=value - the maximum number of internal references |
| # maxbytes=value - the maximum number of bytes in the input stream |
| # maxarray=value - the maximum array length allowed |
| # |
| # Other patterns, from left to right, match the class or package name as |
| # returned from Class.getName. |
| # If the class is an array type, the class or package to be matched is the element type. |
| # Arrays of any number of dimensions are treated the same as the element type. |
| # For example, a pattern of "!example.Foo", rejects creation of any instance or |
| # array of example.Foo. |
| # |
| # If the pattern starts with "!", the status is REJECTED if the remaining pattern |
| # is matched; otherwise the status is ALLOWED if the pattern matches. |
| # If the pattern contains "/", the non-empty prefix up to the "/" is the module name; |
| # if the module name matches the module name of the class then |
| # the remaining pattern is matched with the class name. |
| # If there is no "/", the module name is not compared. |
| # If the pattern ends with ".**" it matches any class in the package and all subpackages. |
| # If the pattern ends with ".*" it matches any class in the package. |
| # If the pattern ends with "*", it matches any class with the pattern as a prefix. |
| # If the pattern is equal to the class name, it matches. |
| # Otherwise, the status is UNDECIDED. |
| # |
| # Ending with !* ensures we reject classes which are otherwise unmatched. |
| com.sun.management.jmxremote.serial.filter.pattern=\ |
| java.lang.*;\ |
| java.lang.reflect.Proxy;\ |
| java.math.BigInteger;\ |
| java.math.BigDecimal;\ |
| java.util.*;\ |
| javax.management.*;\ |
| javax.management.modelmbean.*;\ |
| javax.management.monitor.*;\ |
| javax.management.openmbean.*;\ |
| javax.management.relation.*;\ |
| javax.management.remote.*;\ |
| javax.management.remote.rmi.*;\ |
| javax.management.timer.*;\ |
| javax.rmi.ssl.*;\ |
| java.rmi.MarshalledObject;\ |
| java.rmi.dgc.*;\ |
| java.rmi.server.*;\ |
| javax.security.auth.Subject;\ |
| !* |
| |
