1#####################################################################
2#	Default Configuration File for Java Platform Management
3#####################################################################
4#
5# The Management Configuration file (in java.util.Properties format)
6# will be read if one of the following system properties is set:
7#    -Dcom.sun.management.jmxremote.port=<port-number>
8# or -Dcom.sun.management.config.file=<this-file>
9#
10# The default Management Configuration file is:
11#
12#       $JRE/conf/management/management.properties
13#
14# Another location for the Management Configuration File can be specified
15# by the following property on the Java command line:
16#
17#    -Dcom.sun.management.config.file=<this-file>
18#
19# If -Dcom.sun.management.config.file=<this-file> is set, the port
20# number for the management agent can be specified in the config file
21# using the following lines:
22#
23# ################ Management Agent Port #########################
24#
25# For setting the JMX RMI agent port use the following line
26# com.sun.management.jmxremote.port=<port-number>
27#
28# For setting the JMX local server port use the following line
29# com.sun.management.jmxremote.local.port=<port-number>
30
31#####################################################################
32#                   Optional Instrumentation
33#####################################################################
34#
35# By default only the basic instrumentation with low overhead is on.
36# The following properties allow to selectively turn on optional
37# instrumentation which are off by default and may have some
38# additional overhead.
39#
40# com.sun.management.enableThreadContentionMonitoring
41#
42#      This option enables thread contention monitoring if the
43#      Java virtual machine supports such instrumentation.
44#      Refer to the specification for the java.lang.management.ThreadMXBean
45#      interface - see isThreadContentionMonitoringSupported() method.
46#
47
48# To enable thread contention monitoring, uncomment the following line
49# com.sun.management.enableThreadContentionMonitoring
50
51#####################################################################
52#			RMI Management Properties
53#####################################################################
54#
55# If system property -Dcom.sun.management.jmxremote.port=<port-number>
56# is set then
57#     - A MBean server is started
58#     - JRE Platform MBeans are registered in the MBean server
59#     - RMI connector is published  in a private readonly registry at
60#       specified port using a well known name, "jmxrmi"
61#     - the following properties are read for JMX remote management.
62#
63# The configuration can be specified only at startup time.
64# Later changes to above system property (e.g. via setProperty method),
65# this config file, the password file, or the access file have no effect to the
66# running MBean server, the connector, or the registry.
67#
68
69#
70# ########## RMI connector settings for local management ##########
71#
72# com.sun.management.jmxremote.local.only=true|false
73#      Default for this property is true. (Case for true/false ignored)
74#      If this property is specified as true then the local JMX RMI connector
75#      server will only accept connection requests from clients running on
76#      the host where the out-of-the-box JMX management agent is running.
77#      In order to ensure backwards compatibility this property could be
78#      set to false. However, deploying the local management agent in this
79#      way is discouraged because the local JMX RMI connector server will
80#      accept connection requests from any client either local or remote.
81#      For remote management the remote JMX RMI connector server should
82#      be used instead with authentication and SSL/TLS encryption enabled.
83#
84
85# For allowing the local management agent accept local
86# and remote connection requests use the following line
87# com.sun.management.jmxremote.local.only=false
88
89#
90# ###################### RMI SSL #############################
91#
92# com.sun.management.jmxremote.ssl=true|false
93#      Default for this property is true. (Case for true/false ignored)
94#      If this property is specified as false then SSL is not used.
95#
96
97# For RMI monitoring without SSL use the following line
98# com.sun.management.jmxremote.ssl=false
99
100# com.sun.management.jmxremote.ssl.config.file=filepath
101#      Specifies the location of the SSL configuration file. A properties
102#      file can be used to supply the keystore and truststore location and
103#      password settings thus avoiding to pass them as cleartext in the
104#      command-line.
105#
106#      The current implementation of the out-of-the-box management agent will
107#      look up and use the properties specified below to configure the SSL
108#      keystore and truststore, if present:
109#          javax.net.ssl.keyStore=<keystore-location>
110#          javax.net.ssl.keyStorePassword=<keystore-password>
111#          javax.net.ssl.trustStore=<truststore-location>
112#          javax.net.ssl.trustStorePassword=<truststore-password>
113#      Any other properties in the file will be ignored. This will allow us
114#      to extend the property set in the future if required by the default
115#      SSL implementation.
116#
117#      If the property "com.sun.management.jmxremote.ssl" is set to false,
118#      then this property is ignored.
119#
120
121# For supplying the keystore settings in a file use the following line
122# com.sun.management.jmxremote.ssl.config.file=filepath
123
124# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
125#      The value of this property is a string that is a comma-separated list
126#      of SSL/TLS cipher suites to enable. This property can be specified in
127#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
128#      in order to control which particular SSL/TLS cipher suites are enabled
129#      for use by accepted connections. If this property is not specified then
130#      the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
131#      are enabled by default.
132#
133
134# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
135#      The value of this property is a string that is a comma-separated list
136#      of SSL/TLS protocol versions to enable. This property can be specified in
137#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
138#      in order to control which particular SSL/TLS protocol versions are
139#      enabled for use by accepted connections. If this property is not
140#      specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
141#      protocol versions that are enabled by default.
142#
143
144# com.sun.management.jmxremote.ssl.need.client.auth=true|false
145#      Default for this property is false. (Case for true/false ignored)
146#      If this property is specified as true in conjunction with the previous
147#      property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
148#      Socket Factory will require client authentication.
149#
150
151# For RMI monitoring with SSL client authentication use the following line
152# com.sun.management.jmxremote.ssl.need.client.auth=true
153
154# com.sun.management.jmxremote.registry.ssl=true|false
155#      Default for this property is false. (Case for true/false ignored)
156#      If this property is specified as true then the RMI registry used
157#      to bind the RMIServer remote object is protected with SSL/TLS
158#      RMI Socket Factories that can be configured with the properties:
159#          com.sun.management.jmxremote.ssl.config.file
160#          com.sun.management.jmxremote.ssl.enabled.cipher.suites
161#          com.sun.management.jmxremote.ssl.enabled.protocols
162#          com.sun.management.jmxremote.ssl.need.client.auth
163#      If the two properties below are true at the same time, i.e.
164#          com.sun.management.jmxremote.ssl=true
165#          com.sun.management.jmxremote.registry.ssl=true
166#      then the RMIServer remote object and the RMI registry are
167#      both exported with the same SSL/TLS RMI Socket Factories.
168#
169
170# For using an SSL/TLS protected RMI registry use the following line
171# com.sun.management.jmxremote.registry.ssl=true
172
173#
174# ################ RMI User authentication ################
175#
176# com.sun.management.jmxremote.authenticate=true|false
177#      Default for this property is true. (Case for true/false ignored)
178#      If this property is specified as false then no authentication is
179#      performed and all users are allowed all access.
180#
181
182# For RMI monitoring without any checking use the following line
183# com.sun.management.jmxremote.authenticate=false
184
185#
186# ################ RMI Login configuration ###################
187#
188# com.sun.management.jmxremote.login.config=<config-name>
189#      Specifies the name of a JAAS login configuration entry to use when
190#      authenticating users of RMI monitoring.
191#
192#      Setting this property is optional - the default login configuration
193#      specifies a file-based authentication that uses the password file.
194#
195#      When using this property to override the default login configuration
196#      then the named configuration entry must be in a file that gets loaded
197#      by JAAS. In addition, the login module(s) specified in the configuration
198#      should use the name and/or password callbacks to acquire the user's
199#      credentials. See the NameCallback and PasswordCallback classes in the
200#      javax.security.auth.callback package for more details.
201#
202#      If the property "com.sun.management.jmxremote.authenticate" is set to
203#      false, then this property and the password & access files are ignored.
204#
205
206# For a non-default login configuration use the following line
207# com.sun.management.jmxremote.login.config=<config-name>
208
209#
210# ################ RMI Password file location ##################
211#
212# com.sun.management.jmxremote.password.file=filepath
213#      Specifies location for password file
214#      This is optional - default location is
215#      $JRE/conf/management/jmxremote.password
216#
217#      If the property "com.sun.management.jmxremote.authenticate" is set to
218#      false, then this property and the password & access files are ignored.
219#      Otherwise the password file must exist and be in the valid format.
220#      If the password file is empty or non-existent then no access is allowed.
221#
222
223# For a non-default password file location use the following line
224# com.sun.management.jmxremote.password.file=filepath
225
226#
227# ################# Hash passwords in password file ##############
228# com.sun.management.jmxremote.password.toHashes = true|false
229#      Default for this property is true.
230#      Specifies if passwords in the password file should be hashed or not.
231#      If this property is true, and if the password file is writable, and if the
232#      system security policy allows writing into the password file,
233#      all the clear passwords in the password file will be replaced by
234#      their SHA3-512 hash when the file is read by the server
235#
236
237#
238# ################ RMI Access file location #####################
239#
240# com.sun.management.jmxremote.access.file=filepath
241#      Specifies location for access  file
242#      This is optional - default location is
243#      $JRE/conf/management/jmxremote.access
244#
245#      If the property "com.sun.management.jmxremote.authenticate" is set to
246#      false, then this property and the password & access files are ignored.
247#      Otherwise, the access file must exist and be in the valid format.
248#      If the access file is empty or non-existent then no access is allowed.
249#
250
251# For a non-default password file location use the following line
252# com.sun.management.jmxremote.access.file=filepath
253#
254
255# ################ Management agent listen interface #########################
256#
257# com.sun.management.jmxremote.host=<host-or-interface-name>
258#      Specifies the local interface on which the JMX RMI agent will bind.
259#      This is useful when running on machines which have several
260#      interfaces defined. It makes it possible to listen to a specific
261#      subnet accessible through that interface.
262#
263#      The format of the value for that property is any string accepted
264#      by java.net.InetAddress.getByName(String).
265#
266
267# ################ Filter for ObjectInputStream #############################
268# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
269#   A filter, if configured, is used by java.io.ObjectInputStream during
270#   deserialization of parameters sent to the JMX default agent to validate the
271#   contents of the stream.
272#   A filter is configured as a sequence of patterns, each pattern is either
273#   matched against the name of a class in the stream or defines a limit.
274#   Patterns are separated by ";" (semicolon).
275#   Whitespace is significant and is considered part of the pattern.
276#
277#   If a pattern includes a "=", it sets a limit.
278#   If a limit appears more than once the last value is used.
279#   Limits are checked before classes regardless of the order in the sequence of patterns.
280#   If any of the limits are exceeded, the filter status is REJECTED.
281#
282#       maxdepth=value - the maximum depth of a graph
283#       maxrefs=value  - the maximum number of internal references
284#       maxbytes=value - the maximum number of bytes in the input stream
285#       maxarray=value - the maximum array length allowed
286#
287#   Other patterns, from left to right, match the class or package name as
288#   returned from Class.getName.
289#   If the class is an array type, the class or package to be matched is the element type.
290#   Arrays of any number of dimensions are treated the same as the element type.
291#   For example, a pattern of "!example.Foo", rejects creation of any instance or
292#   array of example.Foo.
293#
294#   If the pattern starts with "!", the status is REJECTED if the remaining pattern
295#       is matched; otherwise the status is ALLOWED if the pattern matches.
296#   If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
297#       if the module name matches the module name of the class then
298#       the remaining pattern is matched with the class name.
299#   If there is no "/", the module name is not compared.
300#   If the pattern ends with ".**" it matches any class in the package and all subpackages.
301#   If the pattern ends with ".*" it matches any class in the package.
302#   If the pattern ends with "*", it matches any class with the pattern as a prefix.
303#   If the pattern is equal to the class name, it matches.
304#   Otherwise, the status is UNDECIDED.
305#
306#   Ending with !* ensures we reject classes which are otherwise unmatched.
307com.sun.management.jmxremote.serial.filter.pattern=\
308java.lang.*;\
309java.lang.reflect.Proxy;\
310java.math.BigInteger;\
311java.math.BigDecimal;\
312java.util.*;\
313javax.management.*;\
314javax.management.modelmbean.*;\
315javax.management.monitor.*;\
316javax.management.openmbean.*;\
317javax.management.relation.*;\
318javax.management.remote.*;\
319javax.management.remote.rmi.*;\
320javax.management.timer.*;\
321javax.rmi.ssl.*;\
322java.rmi.MarshalledObject;\
323java.rmi.dgc.*;\
324java.rmi.server.*;\
325javax.security.auth.Subject;\
326!*
327
328