1##################################################################### 2# Default Configuration File for Java Platform Management 3##################################################################### 4# 5# The Management Configuration file (in java.util.Properties format) 6# will be read if one of the following system properties is set: 7# -Dcom.sun.management.jmxremote.port=<port-number> 8# or -Dcom.sun.management.config.file=<this-file> 9# 10# The default Management Configuration file is: 11# 12# $JRE/conf/management/management.properties 13# 14# Another location for the Management Configuration File can be specified 15# by the following property on the Java command line: 16# 17# -Dcom.sun.management.config.file=<this-file> 18# 19# If -Dcom.sun.management.config.file=<this-file> is set, the port 20# number for the management agent can be specified in the config file 21# using the following lines: 22# 23# ################ Management Agent Port ######################### 24# 25# For setting the JMX RMI agent port use the following line 26# com.sun.management.jmxremote.port=<port-number> 27# 28 29##################################################################### 30# Optional Instrumentation 31##################################################################### 32# 33# By default only the basic instrumentation with low overhead is on. 34# The following properties allow to selectively turn on optional 35# instrumentation which are off by default and may have some 36# additional overhead. 37# 38# com.sun.management.enableThreadContentionMonitoring 39# 40# This option enables thread contention monitoring if the 41# Java virtual machine supports such instrumentation. 42# Refer to the specification for the java.lang.management.ThreadMBean 43# interface - see isThreadContentionMonitoringSupported() method. 44# 45 46# To enable thread contention monitoring, uncomment the following line 47# com.sun.management.enableThreadContentionMonitoring 48 49##################################################################### 50# RMI Management Properties 51##################################################################### 52# 53# If system property -Dcom.sun.management.jmxremote.port=<port-number> 54# is set then 55# - A MBean server is started 56# - JRE Platform MBeans are registered in the MBean server 57# - RMI connector is published in a private readonly registry at 58# specified port using a well known name, "jmxrmi" 59# - the following properties are read for JMX remote management. 60# 61# The configuration can be specified only at startup time. 62# Later changes to above system property (e.g. via setProperty method), 63# this config file, the password file, or the access file have no effect to the 64# running MBean server, the connector, or the registry. 65# 66 67# 68# ########## RMI connector settings for local management ########## 69# 70# com.sun.management.jmxremote.local.only=true|false 71# Default for this property is true. (Case for true/false ignored) 72# If this property is specified as true then the local JMX RMI connector 73# server will only accept connection requests from clients running on 74# the host where the out-of-the-box JMX management agent is running. 75# In order to ensure backwards compatibility this property could be 76# set to false. However, deploying the local management agent in this 77# way is discouraged because the local JMX RMI connector server will 78# accept connection requests from any client either local or remote. 79# For remote management the remote JMX RMI connector server should 80# be used instead with authentication and SSL/TLS encryption enabled. 81# 82 83# For allowing the local management agent accept local 84# and remote connection requests use the following line 85# com.sun.management.jmxremote.local.only=false 86 87# 88# ###################### RMI SSL ############################# 89# 90# com.sun.management.jmxremote.ssl=true|false 91# Default for this property is true. (Case for true/false ignored) 92# If this property is specified as false then SSL is not used. 93# 94 95# For RMI monitoring without SSL use the following line 96# com.sun.management.jmxremote.ssl=false 97 98# com.sun.management.jmxremote.ssl.config.file=filepath 99# Specifies the location of the SSL configuration file. A properties 100# file can be used to supply the keystore and truststore location and 101# password settings thus avoiding to pass them as cleartext in the 102# command-line. 103# 104# The current implementation of the out-of-the-box management agent will 105# look up and use the properties specified below to configure the SSL 106# keystore and truststore, if present: 107# javax.net.ssl.keyStore=<keystore-location> 108# javax.net.ssl.keyStorePassword=<keystore-password> 109# javax.net.ssl.trustStore=<truststore-location> 110# javax.net.ssl.trustStorePassword=<truststore-password> 111# Any other properties in the file will be ignored. This will allow us 112# to extend the property set in the future if required by the default 113# SSL implementation. 114# 115# If the property "com.sun.management.jmxremote.ssl" is set to false, 116# then this property is ignored. 117# 118 119# For supplying the keystore settings in a file use the following line 120# com.sun.management.jmxremote.ssl.config.file=filepath 121 122# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites> 123# The value of this property is a string that is a comma-separated list 124# of SSL/TLS cipher suites to enable. This property can be specified in 125# conjunction with the previous property "com.sun.management.jmxremote.ssl" 126# in order to control which particular SSL/TLS cipher suites are enabled 127# for use by accepted connections. If this property is not specified then 128# the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that 129# are enabled by default. 130# 131 132# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions> 133# The value of this property is a string that is a comma-separated list 134# of SSL/TLS protocol versions to enable. This property can be specified in 135# conjunction with the previous property "com.sun.management.jmxremote.ssl" 136# in order to control which particular SSL/TLS protocol versions are 137# enabled for use by accepted connections. If this property is not 138# specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS 139# protocol versions that are enabled by default. 140# 141 142# com.sun.management.jmxremote.ssl.need.client.auth=true|false 143# Default for this property is false. (Case for true/false ignored) 144# If this property is specified as true in conjunction with the previous 145# property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server 146# Socket Factory will require client authentication. 147# 148 149# For RMI monitoring with SSL client authentication use the following line 150# com.sun.management.jmxremote.ssl.need.client.auth=true 151 152# com.sun.management.jmxremote.registry.ssl=true|false 153# Default for this property is false. (Case for true/false ignored) 154# If this property is specified as true then the RMI registry used 155# to bind the RMIServer remote object is protected with SSL/TLS 156# RMI Socket Factories that can be configured with the properties: 157# com.sun.management.jmxremote.ssl.config.file 158# com.sun.management.jmxremote.ssl.enabled.cipher.suites 159# com.sun.management.jmxremote.ssl.enabled.protocols 160# com.sun.management.jmxremote.ssl.need.client.auth 161# If the two properties below are true at the same time, i.e. 162# com.sun.management.jmxremote.ssl=true 163# com.sun.management.jmxremote.registry.ssl=true 164# then the RMIServer remote object and the RMI registry are 165# both exported with the same SSL/TLS RMI Socket Factories. 166# 167 168# For using an SSL/TLS protected RMI registry use the following line 169# com.sun.management.jmxremote.registry.ssl=true 170 171# 172# ################ RMI User authentication ################ 173# 174# com.sun.management.jmxremote.authenticate=true|false 175# Default for this property is true. (Case for true/false ignored) 176# If this property is specified as false then no authentication is 177# performed and all users are allowed all access. 178# 179 180# For RMI monitoring without any checking use the following line 181# com.sun.management.jmxremote.authenticate=false 182 183# 184# ################ RMI Login configuration ################### 185# 186# com.sun.management.jmxremote.login.config=<config-name> 187# Specifies the name of a JAAS login configuration entry to use when 188# authenticating users of RMI monitoring. 189# 190# Setting this property is optional - the default login configuration 191# specifies a file-based authentication that uses the password file. 192# 193# When using this property to override the default login configuration 194# then the named configuration entry must be in a file that gets loaded 195# by JAAS. In addition, the login module(s) specified in the configuration 196# should use the name and/or password callbacks to acquire the user's 197# credentials. See the NameCallback and PasswordCallback classes in the 198# javax.security.auth.callback package for more details. 199# 200# If the property "com.sun.management.jmxremote.authenticate" is set to 201# false, then this property and the password & access files are ignored. 202# 203 204# For a non-default login configuration use the following line 205# com.sun.management.jmxremote.login.config=<config-name> 206 207# 208# ################ RMI Password file location ################## 209# 210# com.sun.management.jmxremote.password.file=filepath 211# Specifies location for password file 212# This is optional - default location is 213# $JRE/conf/management/jmxremote.password 214# 215# If the property "com.sun.management.jmxremote.authenticate" is set to 216# false, then this property and the password & access files are ignored. 217# Otherwise the password file must exist and be in the valid format. 218# If the password file is empty or non-existent then no access is allowed. 219# 220 221# For a non-default password file location use the following line 222# com.sun.management.jmxremote.password.file=filepath 223 224# 225# ################# Hash passwords in password file ############## 226# com.sun.management.jmxremote.password.toHashes = true|false 227# Default for this property is true. 228# Specifies if passwords in the password file should be hashed or not. 229# If this property is true, and if the password file is writable, and if the 230# system security policy allows writing into the password file, 231# all the clear passwords in the password file will be replaced by 232# their SHA3-512 hash when the file is read by the server 233# 234 235# 236# ################ RMI Access file location ##################### 237# 238# com.sun.management.jmxremote.access.file=filepath 239# Specifies location for access file 240# This is optional - default location is 241# $JRE/conf/management/jmxremote.access 242# 243# If the property "com.sun.management.jmxremote.authenticate" is set to 244# false, then this property and the password & access files are ignored. 245# Otherwise, the access file must exist and be in the valid format. 246# If the access file is empty or non-existent then no access is allowed. 247# 248 249# For a non-default password file location use the following line 250# com.sun.management.jmxremote.access.file=filepath 251# 252 253# ################ Management agent listen interface ######################### 254# 255# com.sun.management.jmxremote.host=<host-or-interface-name> 256# Specifies the local interface on which the JMX RMI agent will bind. 257# This is useful when running on machines which have several 258# interfaces defined. It makes it possible to listen to a specific 259# subnet accessible through that interface. 260# 261# The format of the value for that property is any string accepted 262# by java.net.InetAddress.getByName(String). 263# 264 265# ################ Filter for ObjectInputStream ############################# 266# com.sun.management.jmxremote.serial.filter.pattern=<filter-string> 267# A filter, if configured, is used by java.io.ObjectInputStream during 268# deserialization of parameters sent to the JMX default agent to validate the 269# contents of the stream. 270# A filter is configured as a sequence of patterns, each pattern is either 271# matched against the name of a class in the stream or defines a limit. 272# Patterns are separated by ";" (semicolon). 273# Whitespace is significant and is considered part of the pattern. 274# 275# If a pattern includes a "=", it sets a limit. 276# If a limit appears more than once the last value is used. 277# Limits are checked before classes regardless of the order in the sequence of patterns. 278# If any of the limits are exceeded, the filter status is REJECTED. 279# 280# maxdepth=value - the maximum depth of a graph 281# maxrefs=value - the maximum number of internal references 282# maxbytes=value - the maximum number of bytes in the input stream 283# maxarray=value - the maximum array length allowed 284# 285# Other patterns, from left to right, match the class or package name as 286# returned from Class.getName. 287# If the class is an array type, the class or package to be matched is the element type. 288# Arrays of any number of dimensions are treated the same as the element type. 289# For example, a pattern of "!example.Foo", rejects creation of any instance or 290# array of example.Foo. 291# 292# If the pattern starts with "!", the status is REJECTED if the remaining pattern 293# is matched; otherwise the status is ALLOWED if the pattern matches. 294# If the pattern contains "/", the non-empty prefix up to the "/" is the module name; 295# if the module name matches the module name of the class then 296# the remaining pattern is matched with the class name. 297# If there is no "/", the module name is not compared. 298# If the pattern ends with ".**" it matches any class in the package and all subpackages. 299# If the pattern ends with ".*" it matches any class in the package. 300# If the pattern ends with "*", it matches any class with the pattern as a prefix. 301# If the pattern is equal to the class name, it matches. 302# Otherwise, the status is UNDECIDED. 303