Java 飞行记录器:它需要 JMX 读写访问权限还是只读就足够了?
Java Flight Recorder: Does it need JMX readwrite access or is readonly enough?
JMX 允许您在名为 jmxremote.access 的文件中设置用户的访问权限(您可以在 <JAVA INSTALL>/jre/lib/management 中找到该模板)。在那里你可以为每个用户指定如果用户有..
"readonly" grants access to read attributes of MBeans.
For monitoring, this means that a remote client in this
role can read measurements but cannot perform any action
that changes the environment of the running program.
或..
"readwrite" grants access to read and write attributes of MBeans,
to invoke operations on them, and optionally
to create or remove them. This access should be granted
only to trusted clients, since they can potentially
interfere with the smooth operation of a running program.
..权限。
现在,我想为我通过 JMC 使用的 JXM 用户激活此访问控制功能,以访问飞行记录器数据——我的想法是给予该用户 尽可能少的权限必要,根据默认安全标准。
--> 授予用户 readonly 权限是否足够,或者 Java 飞行记录器是否还需要在某处写入内容?
JFR 需要一些特定的读写权限:
your-role-name-goes-here readwrite \
create com.sun.management.*,com.oracle.jrockit.* \
unregister
JMX 允许您在名为 jmxremote.access 的文件中设置用户的访问权限(您可以在 <JAVA INSTALL>/jre/lib/management 中找到该模板)。在那里你可以为每个用户指定如果用户有..
"readonly" grants access to read attributes of MBeans.
For monitoring, this means that a remote client in this
role can read measurements but cannot perform any action
that changes the environment of the running program.
或..
"readwrite" grants access to read and write attributes of MBeans,
to invoke operations on them, and optionally
to create or remove them. This access should be granted
only to trusted clients, since they can potentially
interfere with the smooth operation of a running program.
..权限。
现在,我想为我通过 JMC 使用的 JXM 用户激活此访问控制功能,以访问飞行记录器数据——我的想法是给予该用户 尽可能少的权限必要,根据默认安全标准。
--> 授予用户 readonly 权限是否足够,或者 Java 飞行记录器是否还需要在某处写入内容?
JFR 需要一些特定的读写权限:
your-role-name-goes-here readwrite \
create com.sun.management.*,com.oracle.jrockit.* \
unregister