1#####################################################################
2#	Default Configuration File for Java Platform Management
3#####################################################################
4#
5# The Management Configuration file (in java.util.Properties format)
6# will be read if one of the following system properties is set:
7#    -Dcom.sun.management.jmxremote.port=<port-number>
8# or -Dcom.sun.management.snmp.port=<port-number>
9# or -Dcom.sun.management.config.file=<this-file>
10#
11# The default Management Configuration file is:
12#
13#       $JRE/lib/management/management.properties
14#
15# Another location for the Management Configuration File can be specified
16# by the following property on the Java command line:
17#
18#    -Dcom.sun.management.config.file=<this-file>
19#
20# If -Dcom.sun.management.config.file=<this-file> is set, the port
21# number for the management agent can be specified in the config file
22# using the following lines:
23#
24# ################ Management Agent Port #########################
25#
26# For setting the JMX RMI agent port use the following line
27# com.sun.management.jmxremote.port=<port-number>
28#
29# For setting the SNMP agent port use the following line
30# com.sun.management.snmp.port=<port-number>
31
32#####################################################################
33#                   Optional Instrumentation
34#####################################################################
35#
36# By default only the basic instrumentation with low overhead is on.
37# The following properties allow to selectively turn on optional
38# instrumentation which are off by default and may have some
39# additional overhead.
40#
41# com.sun.management.enableThreadContentionMonitoring
42#
43#      This option enables thread contention monitoring if the
44#      Java virtual machine supports such instrumentation.
45#      Refer to the specification for the java.lang.management.ThreadMBean
46#      interface - see isThreadContentionMonitoringSupported() method.
47#
48
49# To enable thread contention monitoring, uncomment the following line
50# com.sun.management.enableThreadContentionMonitoring
51
52#####################################################################
53#			SNMP Management Properties
54#####################################################################
55#
56# If the system property -Dcom.sun.management.snmp.port=<port-number>
57# is set then
58#	- The SNMP agent (with the Java virtual machine MIB) is started
59#	  that listens on the specified port for incoming SNMP requests.
60#	- the following properties for read for SNMP management.
61#
62# The configuration can be specified only at startup time.
63# Later changes to the above system property (e.g. via setProperty method), this
64# config file, or the ACL file has no effect to the running SNMP agent.
65#
66
67#
68# ##################### SNMP Trap Port #########################
69#
70# com.sun.management.snmp.trap=<trap-destination-port-number>
71#      Specifies the remote port number at which managers are expected
72#      to listen for trap. For each host defined in the ACL file,
73#      the SNMP agent will send traps at <host>:<trap-destination-port-number>
74#      Default for this property is 162.
75#
76
77# To set port for sending traps to a different port use the following line
78# com.sun.management.snmp.trap=<trap-destination-port-number>
79
80#
81# ################ SNMP listen interface #########################
82#
83# com.sun.management.snmp.interface=<InetAddress>
84#      Specifies the local interface on which the SNMP agent will bind.
85#      This is useful when running on machines which have several
86#      interfaces defined. It makes it possible to listen to a specific
87#      subnet accessible through that interface.
88#      Default for this property is "localhost".
89#
90#      The format of the value for that property is any string accepted
91#      by java.net.InetAddress.getByName(String).
92#
93
94# For restricting the port on which SNMP agent listens use the following line
95# com.sun.management.snmp.interface=<InetAddress>
96
97#
98# #################### SNMP ACL file #########################
99#
100# com.sun.management.snmp.acl=true|false
101#      Default for this property is true. (Case for true/false ignored)
102#      If this property is specified as false then the ACL file
103#      is not checked:  all manager hosts are allowed all access.
104#
105
106# For SNMP without checking ACL file uncomment the following line
107# com.sun.management.snmp.acl=false
108
109#
110# com.sun.management.snmp.acl.file=filepath
111#      Specifies location for ACL file
112#      This is optional - default location is
113#      $JRE/lib/management/snmp.acl
114#
115#      If the property "com.sun.management.snmp.acl" is set to false,
116#      then this property and the ACL file are ignored.
117#      Otherwise the ACL file must exist and be in the valid format.
118#      If the ACL file is empty or non existent then no access is allowed.
119#
120#      The SNMP agent will read the ACL file at startup time.
121#      Modification to the ACL file has no effect to any running SNMP
122#      agents which read that ACL file at startup.
123#
124
125# For a non-default acl file location use the following line
126# com.sun.management.snmp.acl.file=filepath
127
128#####################################################################
129#			RMI Management Properties
130#####################################################################
131#
132# If system property -Dcom.sun.management.jmxremote.port=<port-number>
133# is set then
134#     - A MBean server is started
135#     - JRE Platform MBeans are registered in the MBean server
136#     - RMI connector is published  in a private readonly registry at
137#       specified port using a well known name, "jmxrmi"
138#     - the following properties are read for JMX remote management.
139#
140# The configuration can be specified only at startup time.
141# Later changes to above system property (e.g. via setProperty method),
142# this config file, the password file, or the access file have no effect to the
143# running MBean server, the connector, or the registry.
144#
145
146#
147# ########## RMI connector settings for local management ##########
148#
149# com.sun.management.jmxremote.local.only=true|false
150#      Default for this property is true. (Case for true/false ignored)
151#      If this property is specified as true then the local JMX RMI connector
152#      server will only accept connection requests from clients running on
153#      the host where the out-of-the-box JMX management agent is running.
154#      In order to ensure backwards compatibility this property could be
155#      set to false. However, deploying the local management agent in this
156#      way is discouraged because the local JMX RMI connector server will
157#      accept connection requests from any client either local or remote.
158#      For remote management the remote JMX RMI connector server should
159#      be used instead with authentication and SSL/TLS encryption enabled.
160#
161
162# For allowing the local management agent accept local
163# and remote connection requests use the following line
164# com.sun.management.jmxremote.local.only=false
165
166#
167# ###################### RMI SSL #############################
168#
169# com.sun.management.jmxremote.ssl=true|false
170#      Default for this property is true. (Case for true/false ignored)
171#      If this property is specified as false then SSL is not used.
172#
173
174# For RMI monitoring without SSL use the following line
175# com.sun.management.jmxremote.ssl=false
176
177# com.sun.management.jmxremote.ssl.config.file=filepath
178#      Specifies the location of the SSL configuration file. A properties
179#      file can be used to supply the keystore and truststore location and
180#      password settings thus avoiding to pass them as cleartext in the
181#      command-line.
182#
183#      The current implementation of the out-of-the-box management agent will
184#      look up and use the properties specified below to configure the SSL
185#      keystore and truststore, if present:
186#          javax.net.ssl.keyStore=<keystore-location>
187#          javax.net.ssl.keyStorePassword=<keystore-password>
188#          javax.net.ssl.trustStore=<truststore-location>
189#          javax.net.ssl.trustStorePassword=<truststore-password>
190#      Any other properties in the file will be ignored. This will allow us
191#      to extend the property set in the future if required by the default
192#      SSL implementation.
193#
194#      If the property "com.sun.management.jmxremote.ssl" is set to false,
195#      then this property is ignored.
196#
197
198# For supplying the keystore settings in a file use the following line
199# com.sun.management.jmxremote.ssl.config.file=filepath
200
201# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
202#      The value of this property is a string that is a comma-separated list
203#      of SSL/TLS cipher suites to enable. This property can be specified in
204#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
205#      in order to control which particular SSL/TLS cipher suites are enabled
206#      for use by accepted connections. If this property is not specified then
207#      the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
208#      are enabled by default.
209#
210
211# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
212#      The value of this property is a string that is a comma-separated list
213#      of SSL/TLS protocol versions to enable. This property can be specified in
214#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
215#      in order to control which particular SSL/TLS protocol versions are
216#      enabled for use by accepted connections. If this property is not
217#      specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
218#      protocol versions that are enabled by default.
219#
220
221# com.sun.management.jmxremote.ssl.need.client.auth=true|false
222#      Default for this property is false. (Case for true/false ignored)
223#      If this property is specified as true in conjunction with the previous
224#      property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
225#      Socket Factory will require client authentication.
226#
227
228# For RMI monitoring with SSL client authentication use the following line
229# com.sun.management.jmxremote.ssl.need.client.auth=true
230
231# com.sun.management.jmxremote.registry.ssl=true|false
232#      Default for this property is false. (Case for true/false ignored)
233#      If this property is specified as true then the RMI registry used
234#      to bind the RMIServer remote object is protected with SSL/TLS
235#      RMI Socket Factories that can be configured with the properties:
236#          com.sun.management.jmxremote.ssl.config.file
237#          com.sun.management.jmxremote.ssl.enabled.cipher.suites
238#          com.sun.management.jmxremote.ssl.enabled.protocols
239#          com.sun.management.jmxremote.ssl.need.client.auth
240#      If the two properties below are true at the same time, i.e.
241#          com.sun.management.jmxremote.ssl=true
242#          com.sun.management.jmxremote.registry.ssl=true
243#      then the RMIServer remote object and the RMI registry are
244#      both exported with the same SSL/TLS RMI Socket Factories.
245#
246
247# For using an SSL/TLS protected RMI registry use the following line
248# com.sun.management.jmxremote.registry.ssl=true
249
250#
251# ################ RMI User authentication ################
252#
253# com.sun.management.jmxremote.authenticate=true|false
254#      Default for this property is true. (Case for true/false ignored)
255#      If this property is specified as false then no authentication is
256#      performed and all users are allowed all access.
257#
258
259# For RMI monitoring without any checking use the following line
260# com.sun.management.jmxremote.authenticate=false
261
262#
263# ################ RMI Login configuration ###################
264#
265# com.sun.management.jmxremote.login.config=<config-name>
266#      Specifies the name of a JAAS login configuration entry to use when
267#      authenticating users of RMI monitoring.
268#
269#      Setting this property is optional - the default login configuration
270#      specifies a file-based authentication that uses the password file.
271#
272#      When using this property to override the default login configuration
273#      then the named configuration entry must be in a file that gets loaded
274#      by JAAS. In addition, the login module(s) specified in the configuration
275#      should use the name and/or password callbacks to acquire the user's
276#      credentials. See the NameCallback and PasswordCallback classes in the
277#      javax.security.auth.callback package for more details.
278#
279#      If the property "com.sun.management.jmxremote.authenticate" is set to
280#      false, then this property and the password & access files are ignored.
281#
282
283# For a non-default login configuration use the following line
284# com.sun.management.jmxremote.login.config=<config-name>
285
286#
287# ################ RMI Password file location ##################
288#
289# com.sun.management.jmxremote.password.file=filepath
290#      Specifies location for password file
291#      This is optional - default location is
292#      $JRE/lib/management/jmxremote.password
293#
294#      If the property "com.sun.management.jmxremote.authenticate" is set to
295#      false, then this property and the password & access files are ignored.
296#      Otherwise the password file must exist and be in the valid format.
297#      If the password file is empty or non-existent then no access is allowed.
298#
299
300# For a non-default password file location use the following line
301# com.sun.management.jmxremote.password.file=filepath
302
303#
304# ################ RMI Access file location #####################
305#
306# com.sun.management.jmxremote.access.file=filepath
307#      Specifies location for access  file
308#      This is optional - default location is
309#      $JRE/lib/management/jmxremote.access
310#
311#      If the property "com.sun.management.jmxremote.authenticate" is set to
312#      false, then this property and the password & access files are ignored.
313#      Otherwise, the access file must exist and be in the valid format.
314#      If the access file is empty or non-existent then no access is allowed.
315#
316
317# For a non-default password file location use the following line
318# com.sun.management.jmxremote.access.file=filepath
319#
320
321# ################ Management agent listen interface #########################
322#
323# com.sun.management.jmxremote.host=<host-or-interface-name>
324#      Specifies the local interface on which the JMX RMI agent will bind.
325#      This is useful when running on machines which have several
326#      interfaces defined. It makes it possible to listen to a specific
327#      subnet accessible through that interface.
328#
329#      The format of the value for that property is any string accepted
330#      by java.net.InetAddress.getByName(String).
331#
332