• Home
• org.jolokia
• jolokia-roo
• 1.3.3
• source code
• jolokia-access.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.jolokia.roo.jolokia-access.xml Maven / Gradle / Ivy

<?xml version="1.0" encoding="UTF-8"?>

<!--
  ~ Copyright 2009-2011 Roland Huss
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~ http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  -->

<!--
  Sample definitions for restricting the access to the j4p-agent. Adapt this
  file and copy it over to 'j4p-access.xml', which get's evaluated during
  runtime (if included in the war).

  You can restrict the available methods in principale as well as the accessible
  attributes and operations in detail.
-->

<restrict>

  <!-- List of remote hosts which are allowed to access this agent. The name can be
       given as IP or FQDN. If any of the given hosts matches, access will be allowed
      (respecting further restrictions, though). If <remote> ... </remote> is given
      without any host no access is allowed at all (probably not what you want).

      You can also specify a subnetmask behind a numeric IP adress in which case any
      host within the specified subnet is allowed to access the agent. The netmask can
      be given either in CIDR format (e.g "/16") or as a full netmask (e.g. "/255.255.0.0")
  -->
  <!--
  <remote>
    <host>127.0.0.1</host>
    <host>localhost</host>
    <host>10.0.0.0/16</host>
  </remote>
  -->

  <!--
  Access restriction based on the HTTP method with which an Jolokia request was received.
  The following example allows only HTTP POST requests. If the section is missing, all 
  HTTP requests methods are allowed.
  -->
  <!--
  <http>
    <method>post</method>
  </http>
  -->

  <!--
  List of allowed commands.

  If this sections is present, it influence the following section.

  For each command type present, the principle behaviour is allow this command for all
  MBeans. To remove an MBean (attribute/operation), a <deny> section has to be added.

  For each command type missing, the command is disabled by default. For certain MBeans
  it can be selectively by enabled by using an <allow> section below

  Known types are:

  * read
  * write
  * exec
  * list
  * version
  * search

  A missing <commands> section implies that every operation type is allowed (and can
  be selectively controlled by a <deny> section)
  -->

  <commands>
    <command>read</command>
    <command>write</command>
    <command>exec</command>
    <command>list</command>
    <command>version</command>
    <command>search</command>
  </commands>

  <!-- For each command type missing in a given <commands> section, for certain MBeans (which
       be a pattern, too) an command be alloed. Note that an <allow> entry e.g. for reading
       an attribute of an certain MBean has no influence if reading is enabled globally anyway -->
  <allow>

    <!-- Allow for this MBean the attribute "HeapMemoryUsage" for reading and writing, the attribute
         "Verbose" for reading only and the operation "gc". "read", "write" and/or "exec" has to be omitted
          in the <commands> section above.

         Example: ->
    <mbean>
      <name>java.lang:type=Memory</name>
      <attribute>HeapMemoryUsage</attribute>
      <attribute mode="read">Verbose</attribute>
      <operation>gc</operation>
    </mbean>
    <mbean>
      <name>java.lang:type=Threading</name>
      <attribute>ThreadCount</attribute>
    </mbean>
    -->

    <!-- Allow access to the j4p configuration operations, which are needed for proper check_jmx4perl
         operation -->
    <mbean>
      <name>jolokia:type=Config</name>
      <operation>*</operation>
      <attribute>*</attribute>
    </mbean>
    <mbean>
      <name>java.lang:type=Threading</name>
      <operation>findDeadlockedThreads</operation>
    </mbean>
  </allow>

  <!-- MBean access can be restricted by a <deny> section for commands enabled in a <commands> section
       (or when the <commands> section is missing completely in which case all commands are allowed)
  -->
  <deny>
    <mbean>
      <!-- Exposes user/password of data source, so we forbid this one -->
      <name>com.mchange.v2.c3p0:type=PooledDataSource,*</name>
      <attribute>properties</attribute>
    </mbean>
  </deny>
</restrict>