easy examples in different languagess

This commit is contained in:
Sam 2023-07-17 01:22:27 +02:00
parent e45ab18f5d
commit 9b0c8ffc86
224 changed files with 11562 additions and 133 deletions

View File

@ -1,23 +0,0 @@
#N canvas 468 143 709 527 10;
#X msg 60 237 disconnect;
#X floatatom 27 294 0 0 0 0 - - -;
#X text 22 315 Outlet is nonzero if connection is open \, zero otherwise.
;
#X msg 37 60 send mytext trololo;
#X obj 28 267 netsend 1;
#X msg 51 125 send /pl/0/0 (150 2300 65280) (170 170 65280) (230 170
65280) (210 230 65280) (150 230 65280);
#X text 258 29 LJ Sender;
#X msg 46 84 send /pl/0/0 150 2300 65280 170 170 65280 230 170 65280
210 230 65280 150 230 65280;
#X msg 26 39 connect 127.0.0.1 8083;
#X msg 58 165 send /pl/0/0 [(150.0:230.0:65280) (170.0:170.0:65280)
(230.0:170.0:65280) (210.0:230.0:65280) (150.0:230.0:65280)];
#X text 444 174 <- le mieux;
#X connect 0 0 4 0;
#X connect 3 0 4 0;
#X connect 4 0 1 0;
#X connect 5 0 4 0;
#X connect 7 0 4 0;
#X connect 8 0 4 0;
#X connect 9 0 4 0;

View File

@ -1,106 +0,0 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# -*- mode: Python -*-
'''
LJPD
Udp server to redis
v0.1b
'''
import traceback, time
import argparse
import socket
import _thread
import redis
print()
print ("LJPD")
print ("Arguments parsing if needed...")
argsparser = argparse.ArgumentParser(description="dumpUDP v0.1b help mode")
argsparser.add_argument("-i","--IP",help="IP to bind to (0.0.0.0 by default)", type=str)
argsparser.add_argument("-p","--port",help="UDP port to bind to (9000 by default)", type=str)
argsparser.add_argument("-l","--lj",help="LJ IP address (127.0.0.1 by default)", type=str)
args = argsparser.parse_args()
# LJ server IP name
if args.IP:
ljIP = lj.IP
else:
ljIP = "127.0.0.1"
# Server
if args.IP:
serverIP = args.IP
else:
serverIP = "0.0.0.0"
# ORCA destination device
if args.port:
UDPORT = int(args.port)
else:
UDPORT = 8083
print("Connecting to Redis...")
r = redis.StrictRedis(host= ljIP, port=6379, db=0)
def GetTime():
return time.strftime("%a, %d %b %Y %H:%M:%S", time.localtime())
def udp_thread():
while True:
payload, client_address = sock.recvfrom(1024)
udpath = payload.decode('utf_8')
print(GetTime(),"From", str(client_address),"got", udpath )
#r.set('/pl/0/0', "/pl/"+str(clientnumber)+"/")
#print(udpath[0:1], " ",udpath[1:2], " ",udpath[2:3], " ",udpath[3:4], " " )
# Reply to client
bytesToSend = str.encode("ACK :"+str(payload))
serverAddressPort = (client_address, UDPORT)
bufferSize = 1024
#sock.sendto(bytesToSend, serverAddressPort)
sock.sendto(bytesToSend, client_address)
time.sleep(0.005)
def Start(serverIP, UDPORT):
global sock
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
server = ( serverIP,UDPORT)
sock.bind(server)
_thread.start_new_thread(udp_thread, ())
# Launch server in another thread.
print("Launching UDP Server", serverIP,':', UDPORT)
Start(serverIP, UDPORT)
# Do something else
try:
while True:
time.sleep(0.005)
except Exception:
traceback.print_exc()
finally:
print("")
print("ljpd stopped.")

View File

@ -0,0 +1,85 @@
<?xml version="1.0" ?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>mousedot</string>
<key>CFBundleIconFile</key>
<string>application.icns</string>
<key>CFBundleIdentifier</key>
<string>mousedot</string>
<key>CFBundleDisplayName</key>
<string>mousedot</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>mousedot</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<!-- Customize this set as you wish -->
<key>CFBundleShortVersionString</key>
<string>1</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>NSHumanReadableCopyright</key>
<string>Your copyright here</string>
<key>CFBundleGetInfoString</key>
<string>Created with Processing</string>
<!-- End of the set that can be customized -->
<key>JVMRuntime</key>
<string>jdk-17.0.6+10</string>
<key>JVMMainClassName</key>
<string>mousedot</string>
<key>JVMVersion</key>
<string>17</string>
<key>LSMinimumSystemVersion</key>
<string>10.14.6</string>
<key>NSHighResolutionCapable</key>
<true/>
<key>LSArchitecturePriority</key>
<array>
<string>x86_64</string>
</array>
<key>LSEnvironment</key>
<dict>
<key>LC_CTYPE</key>
<string>UTF-8</string>
</dict>
<key>LSUIPresentationMode</key>
<integer>4</integer>
<key>JVMOptions</key>
<array>
<string>-Djna.nosys=true</string>
<string>-Xdock:icon=$APP_ROOT/Contents/Resources/application.icns</string>
<string>-Djava.library.path=$APP_ROOT/Contents/Java:$APP_ROOT/Contents/Java/core/library</string>
<string>-Dapple.laf.useScreenMenuBar=true</string>
<string>-Dcom.apple.macos.use-file-dialog-packages=true</string>
<string>-Dcom.apple.macos.useScreenMenuBar=true</string>
<string>-Dcom.apple.mrj.application.apple.menu.about.name=mousedot</string>
<string>-Dcom.apple.smallTabs=true</string>
</array>
<key>JVMArguments</key>
<array>
</array>
<key>NSCameraUsageDescription</key>
<string>This app uses video camera input.</string>
<key>NSMicrophoneUsageDescription</key>
<string>This app uses microphone input.</string>
</dict>
</plist>

View File

@ -0,0 +1 @@
APPL????

View File

@ -0,0 +1,63 @@
############################################################
# Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
# For example, java -Djava.util.logging.config.file=myfile
############################################################
############################################################
# Global properties
############################################################
# "handlers" specifies a comma-separated list of log Handler
# classes. These handlers will be installed during VM startup.
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
handlers= java.util.logging.ConsoleHandler
# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
# Default global logging level.
# This specifies which kinds of events are logged across
# all loggers. For any given facility this global level
# can be overridden by a facility-specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
.level= INFO
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
# Default number of locks FileHandler can obtain synchronously.
# This specifies maximum number of attempts to obtain lock file by FileHandler
# implemented by incrementing the unique field %u as per FileHandler API documentation.
java.util.logging.FileHandler.maxLocks = 100
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the messages that are printed on the console to INFO and above.
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
# Example to customize the SimpleFormatter output format
# to print one-line log message like this:
# <level>: <log message> [<date/time>]
#
# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n
############################################################
# Facility-specific properties.
# Provides extra control for each logger.
############################################################
# For example, set the com.xyz.foo logger to only log SEVERE
# messages:
# com.xyz.foo.level = SEVERE

View File

@ -0,0 +1,79 @@
######################################################################
# Default Access Control File for Remote JMX(TM) Monitoring
######################################################################
#
# Access control file for Remote JMX API access to monitoring.
# This file defines the allowed access for different roles. The
# password file (jmxremote.password by default) defines the roles and their
# passwords. To be functional, a role must have an entry in
# both the password and the access files.
#
# The default location of this file is $JRE/conf/management/jmxremote.access
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# (See that file for details)
#
# The file format for password and access files is syntactically the same
# as the Properties file format. The syntax is described in the Javadoc
# for java.util.Properties.load.
# A typical access file has multiple lines, where each line is blank,
# a comment (like this one), or an access control entry.
#
# An access control entry consists of a role name, and an
# associated access level. The role name is any string that does not
# itself contain spaces or tabs. It corresponds to an entry in the
# password file (jmxremote.password). The access level is one of the
# following:
# "readonly" grants access to read attributes of MBeans.
# For monitoring, this means that a remote client in this
# role can read measurements but cannot perform any action
# that changes the environment of the running program.
# "readwrite" grants access to read and write attributes of MBeans,
# to invoke operations on them, and optionally
# to create or remove them. This access should be granted
# only to trusted clients, since they can potentially
# interfere with the smooth operation of a running program.
#
# The "readwrite" access level can optionally be followed by the "create" and/or
# "unregister" keywords. The "unregister" keyword grants access to unregister
# (delete) MBeans. The "create" keyword grants access to create MBeans of a
# particular class or of any class matching a particular pattern. Access
# should only be granted to create MBeans of known and trusted classes.
#
# For example, the following entry would grant readwrite access
# to "controlRole", as well as access to create MBeans of the class
# javax.management.monitor.CounterMonitor and to unregister any MBean:
# controlRole readwrite \
# create javax.management.monitor.CounterMonitorMBean \
# unregister
# or equivalently:
# controlRole readwrite unregister create javax.management.monitor.CounterMBean
#
# The following entry would grant readwrite access as well as access to create
# MBeans of any class in the packages javax.management.monitor and
# javax.management.timer:
# controlRole readwrite \
# create javax.management.monitor.*,javax.management.timer.* \
# unregister
#
# The \ character is defined in the Properties file syntax to allow continuation
# lines as shown here. A * in a class pattern matches a sequence of characters
# other than dot (.), so javax.management.monitor.* matches
# javax.management.monitor.CounterMonitor but not
# javax.management.monitor.foo.Bar.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last
# access entry is used.
#
#
# Default access control entries:
# o The "monitorRole" role has readonly access.
# o The "controlRole" role has readwrite access and can create the standard
# Timer and Monitor MBeans defined by the JMX API.
monitorRole readonly
controlRole readwrite \
create javax.management.monitor.*,javax.management.timer.* \
unregister

View File

@ -0,0 +1,115 @@
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to be accessible
# only by the owner.
# o The jmxremote.passwords file will be re-written by the server
# to replace all plain text passwords with hashed passwords when
# the file is read by the server.
#
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring. This
# file defines the different roles and their passwords. The access
# control file (jmxremote.access by default) defines the allowed
# access for each role. To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
# File format of the jmxremote.password file
##############################################################
#
# The file contains multiple lines where each line is blank,
# a comment (like this one), or a password entry.
#
# password entry follows the below syntax
# role_name W [clearPassword|hashedPassword]
#
# role_name is any string that does not itself contain spaces or tabs.
# W = spaces or tabs
#
# Passwords can be specified via clear text or via a hash. Clear text password
# is any string that does not contain spaces or tabs. Hashed passwords must
# follow the below format.
# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
# where,
# base64_encoded_64_byte_salt = 64 byte random salt
# base64_encoded_hash = Hash_algorithm(password + salt)
# W = spaces or tabs
# hash_algorithm = Algorithm string specified using the format below
# https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#messagedigest-algorithms
# This is an optional field. If not specified, SHA3-512 will be assumed.
#
# If passwords are in clear, they will be overwritten by their hash if all of
# the below criteria are met.
# * com.sun.management.jmxremote.password.toHashes property is set to true in
# management.properties file
# * the password file is writable
# * the system security policy allows writing into the password file, if a
# security manager is configured
#
# In order to change the password for a role, replace the hashed password entry
# with a new clear text password or a new hashed password. If the new password
# is in clear, it will be replaced with its hash when a new login attempt is made.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# A user generated hashed password file can also be used instead of clear-text
# password file. If generated by the user, hashed passwords must follow the
# format specified above.
#
# Caution: It is recommended not to edit the password file while the
# agent is running, as edits could be lost if a client connection triggers the
# hashing of the password file at the same time that the file is externally modified.
# The integrity of the file is guaranteed, but any external edits made to the
# file during the short period between the time that the agent reads the file
# and the time that it writes it back might get lost
##############################################################
# File permissions of the jmxremote.password file
##############################################################
# This file must be made accessible by ONLY the owner,
# otherwise the program will exit with an error.
#
# In a typical installation, this file can be accessed by anybody on the
# local machine, and possibly by people on other machines.
# For security, you should either restrict the access to this file except for owner,
# or specify another, less accessible file in the management config file
# as described above.
#
# In order to prevent inadverent edits to the password file in the
# production environment, it is recommended to deploy a read-only
# hashed password file. The hashed entries for clear passwords can be generated
# in advance by running the JMX agent.
#
##############################################################
# Sample of the jmxremote.password file
##############################################################
# Following are two commented-out entries. The "monitorRole" role has
# password "QED". The "controlRole" role has password "R&D". This is an example
# of specifying passwords in the clear
#
# monitorRole QED
# controlRole R&D
#
# Once a login attempt is made, passwords will be hashed and the file will have
# below entries with clear passwords overwritten by their respective
# SHA3-512 hash
#
# monitorRole trilby APzBTt34rV2l+OMbuvbnOQ4si8UZmfRCVbIY1+fAofV5CkQzXS/FDMGteQQk/R3q1wtt104qImzJEA7gCwl6dw== 4EeTdSJ7X6Imu0Mb+dWqIns7a7QPIBoM3NB/XlpMQSPSicE7PnlALVWn2pBY3Q3pGDHyAb32Hd8GUToQbUhAjA== SHA3-512
# controlRole roHEJSbRqSSTII4Z4+NOCV2OJaZVQ/dw153Fy2u4ILDP9XiZ426GwzCzc3RtpoqNMwqYIcfdd74xWXSMrWtGaA== w9qDsekgKn0WOVJycDyU0kLBa081zbStcCjUAVEqlfon5Sgx7XHtaodbmzpLegA1jT7Ag36T0zHaEWRHJe2fdA== SHA3-512
#

View File

@ -0,0 +1,304 @@
#####################################################################
# Default Configuration File for Java Platform Management
#####################################################################
#
# The Management Configuration file (in java.util.Properties format)
# will be read if one of the following system properties is set:
# -Dcom.sun.management.jmxremote.port=<port-number>
# or -Dcom.sun.management.config.file=<this-file>
#
# The default Management Configuration file is:
#
# $JRE/conf/management/management.properties
#
# Another location for the Management Configuration File can be specified
# by the following property on the Java command line:
#
# -Dcom.sun.management.config.file=<this-file>
#
# If -Dcom.sun.management.config.file=<this-file> is set, the port
# number for the management agent can be specified in the config file
# using the following lines:
#
# ################ Management Agent Port #########################
#
# For setting the JMX RMI agent port use the following line
# com.sun.management.jmxremote.port=<port-number>
#
# For setting the JMX local server port use the following line
# com.sun.management.jmxremote.local.port=<port-number>
#####################################################################
# Optional Instrumentation
#####################################################################
#
# By default only the basic instrumentation with low overhead is on.
# The following properties allow to selectively turn on optional
# instrumentation which are off by default and may have some
# additional overhead.
#
# com.sun.management.enableThreadContentionMonitoring
#
# This option enables thread contention monitoring if the
# Java virtual machine supports such instrumentation.
# Refer to the specification for the java.lang.management.ThreadMXBean
# interface - see isThreadContentionMonitoringSupported() method.
#
# To enable thread contention monitoring, uncomment the following line
# com.sun.management.enableThreadContentionMonitoring
#####################################################################
# RMI Management Properties
#####################################################################
#
# If system property -Dcom.sun.management.jmxremote.port=<port-number>
# is set then
# - A MBean server is started
# - JRE Platform MBeans are registered in the MBean server
# - RMI connector is published in a private readonly registry at
# specified port using a well known name, "jmxrmi"
# - the following properties are read for JMX remote management.
#
# The configuration can be specified only at startup time.
# Later changes to above system property (e.g. via setProperty method),
# this config file, the password file, or the access file have no effect to the
# running MBean server, the connector, or the registry.
#
#
# ########## RMI connector settings for local management ##########
#
# com.sun.management.jmxremote.local.only=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as true then the local JMX RMI connector
# server will only accept connection requests from clients running on
# the host where the out-of-the-box JMX management agent is running.
# In order to ensure backwards compatibility this property could be
# set to false. However, deploying the local management agent in this
# way is discouraged because the local JMX RMI connector server will
# accept connection requests from any client either local or remote.
# For remote management the remote JMX RMI connector server should
# be used instead with authentication and SSL/TLS encryption enabled.
#
# For allowing the local management agent accept local
# and remote connection requests use the following line
# com.sun.management.jmxremote.local.only=false
#
# ###################### RMI SSL #############################
#
# com.sun.management.jmxremote.ssl=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then SSL is not used.
#
# For RMI monitoring without SSL use the following line
# com.sun.management.jmxremote.ssl=false
# com.sun.management.jmxremote.ssl.config.file=filepath
# Specifies the location of the SSL configuration file. A properties
# file can be used to supply the keystore and truststore location and
# password settings thus avoiding to pass them as cleartext in the
# command-line.
#
# The current implementation of the out-of-the-box management agent will
# look up and use the properties specified below to configure the SSL
# keystore and truststore, if present:
# javax.net.ssl.keyStore=<keystore-location>
# javax.net.ssl.keyStorePassword=<keystore-password>
# javax.net.ssl.trustStore=<truststore-location>
# javax.net.ssl.trustStorePassword=<truststore-password>
# Any other properties in the file will be ignored. This will allow us
# to extend the property set in the future if required by the default
# SSL implementation.
#
# If the property "com.sun.management.jmxremote.ssl" is set to false,
# then this property is ignored.
#
# For supplying the keystore settings in a file use the following line
# com.sun.management.jmxremote.ssl.config.file=filepath
# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
# The value of this property is a string that is a comma-separated list
# of SSL/TLS cipher suites to enable. This property can be specified in
# conjunction with the previous property "com.sun.management.jmxremote.ssl"
# in order to control which particular SSL/TLS cipher suites are enabled
# for use by accepted connections. If this property is not specified then
# the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
# are enabled by default.
#
# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
# The value of this property is a string that is a comma-separated list
# of SSL/TLS protocol versions to enable. This property can be specified in
# conjunction with the previous property "com.sun.management.jmxremote.ssl"
# in order to control which particular SSL/TLS protocol versions are
# enabled for use by accepted connections. If this property is not
# specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
# protocol versions that are enabled by default.
#
# com.sun.management.jmxremote.ssl.need.client.auth=true|false
# Default for this property is false. (Case for true/false ignored)
# If this property is specified as true in conjunction with the previous
# property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
# Socket Factory will require client authentication.
#
# For RMI monitoring with SSL client authentication use the following line
# com.sun.management.jmxremote.ssl.need.client.auth=true
# com.sun.management.jmxremote.registry.ssl=true|false
# Default for this property is false. (Case for true/false ignored)
# If this property is specified as true then the RMI registry used
# to bind the RMIServer remote object is protected with SSL/TLS
# RMI Socket Factories that can be configured with the properties:
# com.sun.management.jmxremote.ssl.config.file
# com.sun.management.jmxremote.ssl.enabled.cipher.suites
# com.sun.management.jmxremote.ssl.enabled.protocols
# com.sun.management.jmxremote.ssl.need.client.auth
# If the two properties below are true at the same time, i.e.
# com.sun.management.jmxremote.ssl=true
# com.sun.management.jmxremote.registry.ssl=true
# then the RMIServer remote object and the RMI registry are
# both exported with the same SSL/TLS RMI Socket Factories.
#
# For using an SSL/TLS protected RMI registry use the following line
# com.sun.management.jmxremote.registry.ssl=true
#
# ################ RMI User authentication ################
#
# com.sun.management.jmxremote.authenticate=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then no authentication is
# performed and all users are allowed all access.
#
# For RMI monitoring without any checking use the following line
# com.sun.management.jmxremote.authenticate=false
#
# ################ RMI Login configuration ###################
#
# com.sun.management.jmxremote.login.config=<config-name>
# Specifies the name of a JAAS login configuration entry to use when
# authenticating users of RMI monitoring.
#
# Setting this property is optional - the default login configuration
# specifies a file-based authentication that uses the password file.
#
# When using this property to override the default login configuration
# then the named configuration entry must be in a file that gets loaded
# by JAAS. In addition, the login module(s) specified in the configuration
# should use the name and/or password callbacks to acquire the user's
# credentials. See the NameCallback and PasswordCallback classes in the
# javax.security.auth.callback package for more details.
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
#
# For a non-default login configuration use the following line
# com.sun.management.jmxremote.login.config=<config-name>
#
# ################ RMI Password file location ##################
#
# com.sun.management.jmxremote.password.file=filepath
# Specifies location for password file
# This is optional - default location is
# $JRE/conf/management/jmxremote.password
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
# Otherwise the password file must exist and be in the valid format.
# If the password file is empty or non-existent then no access is allowed.
#
# For a non-default password file location use the following line
# com.sun.management.jmxremote.password.file=filepath
#
# ################# Hash passwords in password file ##############
# com.sun.management.jmxremote.password.toHashes = true|false
# Default for this property is true.
# Specifies if passwords in the password file should be hashed or not.
# If this property is true, and if the password file is writable, and if the
# system security policy allows writing into the password file,
# all the clear passwords in the password file will be replaced by
# their SHA3-512 hash when the file is read by the server
#
#
# ################ RMI Access file location #####################
#
# com.sun.management.jmxremote.access.file=filepath
# Specifies location for access file
# This is optional - default location is
# $JRE/conf/management/jmxremote.access
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
# Otherwise, the access file must exist and be in the valid format.
# If the access file is empty or non-existent then no access is allowed.
#
# For a non-default password file location use the following line
# com.sun.management.jmxremote.access.file=filepath
#
# ################ Management agent listen interface #########################
#
# com.sun.management.jmxremote.host=<host-or-interface-name>
# Specifies the local interface on which the JMX RMI agent will bind.
# This is useful when running on machines which have several
# interfaces defined. It makes it possible to listen to a specific
# subnet accessible through that interface.
#
# The format of the value for that property is any string accepted
# by java.net.InetAddress.getByName(String).
#
# ################ Filter for ObjectInputStream #############################
# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
# A filter, if configured, is used by java.io.ObjectInputStream during
# deserialization of parameters sent to the JMX default agent to validate the
# contents of the stream.
# A filter is configured as a sequence of patterns, each pattern is either
# matched against the name of a class in the stream or defines a limit.
# Patterns are separated by ";" (semicolon).
# Whitespace is significant and is considered part of the pattern.
#
# If a pattern includes a "=", it sets a limit.
# If a limit appears more than once the last value is used.
# Limits are checked before classes regardless of the order in the sequence of patterns.
# If any of the limits are exceeded, the filter status is REJECTED.
#
# maxdepth=value - the maximum depth of a graph
# maxrefs=value - the maximum number of internal references
# maxbytes=value - the maximum number of bytes in the input stream
# maxarray=value - the maximum array length allowed
#
# Other patterns, from left to right, match the class or package name as
# returned from Class.getName.
# If the class is an array type, the class or package to be matched is the element type.
# Arrays of any number of dimensions are treated the same as the element type.
# For example, a pattern of "!example.Foo", rejects creation of any instance or
# array of example.Foo.
#
# If the pattern starts with "!", the status is REJECTED if the remaining pattern
# is matched; otherwise the status is ALLOWED if the pattern matches.
# If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
# if the module name matches the module name of the class then
# the remaining pattern is matched with the class name.
# If there is no "/", the module name is not compared.
# If the pattern ends with ".**" it matches any class in the package and all subpackages.
# If the pattern ends with ".*" it matches any class in the package.
# If the pattern ends with "*", it matches any class with the pattern as a prefix.
# If the pattern is equal to the class name, it matches.
# Otherwise, the status is UNDECIDED.

View File

@ -0,0 +1,147 @@
############################################################
# Default Networking Configuration File
#
# This file may contain default values for the networking system properties.
# These values are only used when the system properties are not specified
# on the command line or set programmatically.
# For now, only the various proxy settings can be configured here.
############################################################
# Whether or not the DefaultProxySelector will default to System Proxy
# settings when they do exist.
# Set it to 'true' to enable this feature and check for platform
# specific proxy settings
# Note that the system properties that do explicitly set proxies
# (like http.proxyHost) do take precedence over the system settings
# even if java.net.useSystemProxies is set to true.
java.net.useSystemProxies=false
#------------------------------------------------------------------------
# Proxy configuration for the various protocol handlers.
# DO NOT uncomment these lines if you have set java.net.useSystemProxies
# to true as the protocol specific properties will take precedence over
# system settings.
#------------------------------------------------------------------------
# HTTP Proxy settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
# should be accessed directly, ignoring the proxy server (default value is
# localhost & 127.0.0.1).
#
# http.proxyHost=
# http.proxyPort=80
http.nonProxyHosts=localhost|127.*|[::1]
#
# HTTPS Proxy Settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 443). The HTTPS protocol handlers uses the http nonProxyHosts list.
#
# https.proxyHost=
# https.proxyPort=443
#
# FTP Proxy settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
# should be accessed directly, ignoring the proxy server (default value is
# localhost & 127.0.0.1).
#
# ftp.proxyHost=
# ftp.proxyPort=80
ftp.nonProxyHosts=localhost|127.*|[::1]
#
# Socks proxy settings. socksProxyHost is the name of the proxy server
# (e.g. socks.domain.com), socksProxyPort is the port number to use
# (default value is 1080)
#
# socksProxyHost=
# socksProxyPort=1080
#
# HTTP Keep Alive settings. remainingData is the maximum amount of data
# in kilobytes that will be cleaned off the underlying socket so that it
# can be reused (default value is 512K), queuedConnections is the maximum
# number of Keep Alive connections to be on the queue for clean up (default
# value is 10).
# http.KeepAlive.remainingData=512
# http.KeepAlive.queuedConnections=10
# Authentication Scheme restrictions for HTTP and HTTPS.
#
# In some environments certain authentication schemes may be undesirable
# when proxying HTTP or HTTPS. For example, "Basic" results in effectively the
# cleartext transmission of the user's password over the physical network.
# This section describes the mechanism for disabling authentication schemes
# based on the scheme name. Disabled schemes will be treated as if they are not
# supported by the implementation.
#
# The 'jdk.http.auth.tunneling.disabledSchemes' property lists the authentication
# schemes that will be disabled when tunneling HTTPS over a proxy, HTTP CONNECT.
# The 'jdk.http.auth.proxying.disabledSchemes' property lists the authentication
# schemes that will be disabled when proxying HTTP.
#
# In both cases the property is a comma-separated list of, case-insensitive,
# authentication scheme names, as defined by their relevant RFCs. An
# implementation may, but is not required to, support common schemes whose names
# include: 'Basic', 'Digest', 'NTLM', 'Kerberos', 'Negotiate'. A scheme that
# is not known, or not supported, by the implementation is ignored.
#
# Note: This property is currently used by the JDK Reference implementation. It
# is not guaranteed to be examined and used by other implementations.
#
#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic
#
# Allow restricted HTTP request headers
#
# By default, the following request headers are not allowed to be set by user code
# in HttpRequests: "connection", "content-length", "expect", "host" and "upgrade".
# The 'jdk.httpclient.allowRestrictedHeaders' property allows one or more of these
# headers to be specified as a comma separated list to override the default restriction.
# The names are case-insensitive and white-space is ignored (removed before processing
# the list). Note, this capability is mostly intended for testing and isn't expected
# to be used in real deployments. Protocol errors or other undefined behavior is likely
# to occur when using them. The property is not set by default.
# Note also, that there may be other headers that are restricted from being set
# depending on the context. This includes the "Authorization" header when the
# relevant HttpClient has an authenticator set. These restrictions cannot be
# overridden by this property.
#
# jdk.httpclient.allowRestrictedHeaders=host
#
#
# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
# can be used for the NTLM scheme, where the security credentials based on the
# currently logged in user's name and password can be obtained directly from the
# operating system, without prompting the user. This property has three possible
# values which regulate the behavior as shown below. Other unrecognized values
# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
# strongly secure authentication scheme and care should be taken before enabling
# this mechanism.
#
# Transparent authentication never used.
#jdk.http.ntlm.transparentAuth=disabled
#
# Enabled for all hosts.
#jdk.http.ntlm.transparentAuth=allHosts
#
# Enabled for hosts that are trusted in Windows Internet settings
#jdk.http.ntlm.transparentAuth=trustedHosts
#
jdk.http.ntlm.transparentAuth=disabled
#
# Default directory where automatically bound Unix domain server
# sockets are stored. Sockets are automatically bound when bound
# with a null address.
#
# On Unix the search order to determine this directory is:
#
# 1. System property jdk.net.unixdomain.tmpdir
#
# 2. Networking property jdk.net.unixdomain.tmpdir specified
# in this file (effective default)
#
# 3. System property java.io.tmpdir
#
jdk.net.unixdomain.tmpdir=/tmp

View File

@ -0,0 +1,44 @@
//
// This system policy file grants a set of default permissions to all domains
// and can be configured to grant additional permissions to modules and other
// code sources. The code source URL scheme for modules linked into a
// run-time image is "jrt".
//
// For example, to grant permission to read the "foo" property to the module
// "com.greetings", the grant entry is:
//
// grant codeBase "jrt:/com.greetings" {
// permission java.util.PropertyPermission "foo", "read";
// };
//
// default permissions granted to all domains
grant {
// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission
"java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission
"java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};

View File

@ -0,0 +1,54 @@
Java(TM) Cryptography Extension Policy Files
for the Java(TM) Platform, Standard Edition Runtime Environment
README
------------------------------------------------------------------------
Import and export control rules on cryptographic software vary from
country to country. The Java Cryptography Extension (JCE) architecture
allows flexible cryptographic key strength to be configured via the
jurisdiction policy files which are referenced by the "crypto.policy"
security property in the <java-home>/conf/security/java.security file.
By default, Java provides two different sets of cryptographic policy
files:
unlimited: These policy files contain no restrictions on cryptographic
strengths or algorithms
limited: These policy files contain more restricted cryptographic
strengths
These files reside in <java-home>/conf/security/policy in the "unlimited"
or "limited" subdirectories respectively.
Each subdirectory contains a complete policy configuration,
and subdirectories can be added/edited/removed to reflect your
import or export control product requirements.
Within a subdirectory, the effective policy is the combined minimum
permissions of the grant statements in the file(s) matching the filename
pattern "default_*.policy". At least one grant is required. For example:
limited = Export (all) + Import (limited) = Limited
unlimited = Export (all) + Import (all) = Unlimited
The effective exemption policy is the combined minimum permissions
of the grant statements in the file(s) matching the filename pattern
"exempt_*.policy". Exemption grants are optional. For example:
limited = grants exemption permissions, by which the
effective policy can be circumvented.
e.g. KeyRecovery/KeyEscrow/KeyWeakening.
Please see the Java Cryptography Architecture (JCA) documentation for
additional information on these files and formats.
YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
TO DETERMINE THE EXACT REQUIREMENTS.
Please note that the JCE for Java SE, including the JCE framework,
cryptographic policy files, and standard JCE providers provided with
the Java SE, have been reviewed and approved for export as mass market
encryption item by the US Bureau of Industry and Security.

View File

@ -0,0 +1,6 @@
// Default US Export policy file.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};

View File

@ -0,0 +1,14 @@
// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};

View File

@ -0,0 +1,13 @@
// Some countries have import limits on crypto strength, but may allow for
// these exemptions if the exemption mechanism is used.
grant {
// There is no restriction to any algorithms if KeyRecovery is enforced.
permission javax.crypto.CryptoPermission *, "KeyRecovery";
// There is no restriction to any algorithms if KeyEscrow is enforced.
permission javax.crypto.CryptoPermission *, "KeyEscrow";
// There is no restriction to any algorithms if KeyWeakening is enforced.
permission javax.crypto.CryptoPermission *, "KeyWeakening";
};

View File

@ -0,0 +1,6 @@
// Default US Export policy file.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};

View File

@ -0,0 +1,6 @@
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};

View File

@ -0,0 +1,39 @@
############################################################
# Sound Configuration File
############################################################
#
# This properties file is used to specify default service
# providers for javax.sound.midi.MidiSystem and
# javax.sound.sampled.AudioSystem.
#
# The following keys are recognized by MidiSystem methods:
#
# javax.sound.midi.Receiver
# javax.sound.midi.Sequencer
# javax.sound.midi.Synthesizer
# javax.sound.midi.Transmitter
#
# The following keys are recognized by AudioSystem methods:
#
# javax.sound.sampled.Clip
# javax.sound.sampled.Port
# javax.sound.sampled.SourceDataLine
# javax.sound.sampled.TargetDataLine
#
# The values specify the full class name of the service
# provider, or the device name.
#
# See the class descriptions for details.
#
# Example 1:
# Use MyDeviceProvider as default for SourceDataLines:
# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider
#
# Example 2:
# Specify the default Synthesizer by its name "InternalSynth".
# javax.sound.midi.Synthesizer=#InternalSynth
#
# Example 3:
# Specify the default Receiver by provider and name:
# javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1
#

View File

@ -0,0 +1,63 @@
############################################################
# Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
# For example, java -Djava.util.logging.config.file=myfile
############################################################
############################################################
# Global properties
############################################################
# "handlers" specifies a comma-separated list of log Handler
# classes. These handlers will be installed during VM startup.
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
handlers= java.util.logging.ConsoleHandler
# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
# Default global logging level.
# This specifies which kinds of events are logged across
# all loggers. For any given facility this global level
# can be overridden by a facility-specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
.level= INFO
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
# Default number of locks FileHandler can obtain synchronously.
# This specifies maximum number of attempts to obtain lock file by FileHandler
# implemented by incrementing the unique field %u as per FileHandler API documentation.
java.util.logging.FileHandler.maxLocks = 100
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the messages that are printed on the console to INFO and above.
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
# Example to customize the SimpleFormatter output format
# to print one-line log message like this:
# <level>: <log message> [<date/time>]
#
# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n
############################################################
# Facility-specific properties.
# Provides extra control for each logger.
############################################################
# For example, set the com.xyz.foo logger to only log SEVERE
# messages:
# com.xyz.foo.level = SEVERE

View File

@ -0,0 +1,79 @@
######################################################################
# Default Access Control File for Remote JMX(TM) Monitoring
######################################################################
#
# Access control file for Remote JMX API access to monitoring.
# This file defines the allowed access for different roles. The
# password file (jmxremote.password by default) defines the roles and their
# passwords. To be functional, a role must have an entry in
# both the password and the access files.
#
# The default location of this file is $JRE/conf/management/jmxremote.access
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# (See that file for details)
#
# The file format for password and access files is syntactically the same
# as the Properties file format. The syntax is described in the Javadoc
# for java.util.Properties.load.
# A typical access file has multiple lines, where each line is blank,
# a comment (like this one), or an access control entry.
#
# An access control entry consists of a role name, and an
# associated access level. The role name is any string that does not
# itself contain spaces or tabs. It corresponds to an entry in the
# password file (jmxremote.password). The access level is one of the
# following:
# "readonly" grants access to read attributes of MBeans.
# For monitoring, this means that a remote client in this
# role can read measurements but cannot perform any action
# that changes the environment of the running program.
# "readwrite" grants access to read and write attributes of MBeans,
# to invoke operations on them, and optionally
# to create or remove them. This access should be granted
# only to trusted clients, since they can potentially
# interfere with the smooth operation of a running program.
#
# The "readwrite" access level can optionally be followed by the "create" and/or
# "unregister" keywords. The "unregister" keyword grants access to unregister
# (delete) MBeans. The "create" keyword grants access to create MBeans of a
# particular class or of any class matching a particular pattern. Access
# should only be granted to create MBeans of known and trusted classes.
#
# For example, the following entry would grant readwrite access
# to "controlRole", as well as access to create MBeans of the class
# javax.management.monitor.CounterMonitor and to unregister any MBean:
# controlRole readwrite \
# create javax.management.monitor.CounterMonitorMBean \
# unregister
# or equivalently:
# controlRole readwrite unregister create javax.management.monitor.CounterMBean
#
# The following entry would grant readwrite access as well as access to create
# MBeans of any class in the packages javax.management.monitor and
# javax.management.timer:
# controlRole readwrite \
# create javax.management.monitor.*,javax.management.timer.* \
# unregister
#
# The \ character is defined in the Properties file syntax to allow continuation
# lines as shown here. A * in a class pattern matches a sequence of characters
# other than dot (.), so javax.management.monitor.* matches
# javax.management.monitor.CounterMonitor but not
# javax.management.monitor.foo.Bar.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last
# access entry is used.
#
#
# Default access control entries:
# o The "monitorRole" role has readonly access.
# o The "controlRole" role has readwrite access and can create the standard
# Timer and Monitor MBeans defined by the JMX API.
monitorRole readonly
controlRole readwrite \
create javax.management.monitor.*,javax.management.timer.* \
unregister

View File

@ -0,0 +1,115 @@
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to be accessible
# only by the owner.
# o The jmxremote.passwords file will be re-written by the server
# to replace all plain text passwords with hashed passwords when
# the file is read by the server.
#
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring. This
# file defines the different roles and their passwords. The access
# control file (jmxremote.access by default) defines the allowed
# access for each role. To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
# File format of the jmxremote.password file
##############################################################
#
# The file contains multiple lines where each line is blank,
# a comment (like this one), or a password entry.
#
# password entry follows the below syntax
# role_name W [clearPassword|hashedPassword]
#
# role_name is any string that does not itself contain spaces or tabs.
# W = spaces or tabs
#
# Passwords can be specified via clear text or via a hash. Clear text password
# is any string that does not contain spaces or tabs. Hashed passwords must
# follow the below format.
# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
# where,
# base64_encoded_64_byte_salt = 64 byte random salt
# base64_encoded_hash = Hash_algorithm(password + salt)
# W = spaces or tabs
# hash_algorithm = Algorithm string specified using the format below
# https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#messagedigest-algorithms
# This is an optional field. If not specified, SHA3-512 will be assumed.
#
# If passwords are in clear, they will be overwritten by their hash if all of
# the below criteria are met.
# * com.sun.management.jmxremote.password.toHashes property is set to true in
# management.properties file
# * the password file is writable
# * the system security policy allows writing into the password file, if a
# security manager is configured
#
# In order to change the password for a role, replace the hashed password entry
# with a new clear text password or a new hashed password. If the new password
# is in clear, it will be replaced with its hash when a new login attempt is made.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# A user generated hashed password file can also be used instead of clear-text
# password file. If generated by the user, hashed passwords must follow the
# format specified above.
#
# Caution: It is recommended not to edit the password file while the
# agent is running, as edits could be lost if a client connection triggers the
# hashing of the password file at the same time that the file is externally modified.
# The integrity of the file is guaranteed, but any external edits made to the
# file during the short period between the time that the agent reads the file
# and the time that it writes it back might get lost
##############################################################
# File permissions of the jmxremote.password file
##############################################################
# This file must be made accessible by ONLY the owner,
# otherwise the program will exit with an error.
#
# In a typical installation, this file can be accessed by anybody on the
# local machine, and possibly by people on other machines.
# For security, you should either restrict the access to this file except for owner,
# or specify another, less accessible file in the management config file
# as described above.
#
# In order to prevent inadverent edits to the password file in the
# production environment, it is recommended to deploy a read-only
# hashed password file. The hashed entries for clear passwords can be generated
# in advance by running the JMX agent.
#
##############################################################
# Sample of the jmxremote.password file
##############################################################
# Following are two commented-out entries. The "monitorRole" role has
# password "QED". The "controlRole" role has password "R&D". This is an example
# of specifying passwords in the clear
#
# monitorRole QED
# controlRole R&D
#
# Once a login attempt is made, passwords will be hashed and the file will have
# below entries with clear passwords overwritten by their respective
# SHA3-512 hash
#
# monitorRole trilby APzBTt34rV2l+OMbuvbnOQ4si8UZmfRCVbIY1+fAofV5CkQzXS/FDMGteQQk/R3q1wtt104qImzJEA7gCwl6dw== 4EeTdSJ7X6Imu0Mb+dWqIns7a7QPIBoM3NB/XlpMQSPSicE7PnlALVWn2pBY3Q3pGDHyAb32Hd8GUToQbUhAjA== SHA3-512
# controlRole roHEJSbRqSSTII4Z4+NOCV2OJaZVQ/dw153Fy2u4ILDP9XiZ426GwzCzc3RtpoqNMwqYIcfdd74xWXSMrWtGaA== w9qDsekgKn0WOVJycDyU0kLBa081zbStcCjUAVEqlfon5Sgx7XHtaodbmzpLegA1jT7Ag36T0zHaEWRHJe2fdA== SHA3-512
#

View File

@ -0,0 +1,304 @@
#####################################################################
# Default Configuration File for Java Platform Management
#####################################################################
#
# The Management Configuration file (in java.util.Properties format)
# will be read if one of the following system properties is set:
# -Dcom.sun.management.jmxremote.port=<port-number>
# or -Dcom.sun.management.config.file=<this-file>
#
# The default Management Configuration file is:
#
# $JRE/conf/management/management.properties
#
# Another location for the Management Configuration File can be specified
# by the following property on the Java command line:
#
# -Dcom.sun.management.config.file=<this-file>
#
# If -Dcom.sun.management.config.file=<this-file> is set, the port
# number for the management agent can be specified in the config file
# using the following lines:
#
# ################ Management Agent Port #########################
#
# For setting the JMX RMI agent port use the following line
# com.sun.management.jmxremote.port=<port-number>
#
# For setting the JMX local server port use the following line
# com.sun.management.jmxremote.local.port=<port-number>
#####################################################################
# Optional Instrumentation
#####################################################################
#
# By default only the basic instrumentation with low overhead is on.
# The following properties allow to selectively turn on optional
# instrumentation which are off by default and may have some
# additional overhead.
#
# com.sun.management.enableThreadContentionMonitoring
#
# This option enables thread contention monitoring if the
# Java virtual machine supports such instrumentation.
# Refer to the specification for the java.lang.management.ThreadMXBean
# interface - see isThreadContentionMonitoringSupported() method.
#
# To enable thread contention monitoring, uncomment the following line
# com.sun.management.enableThreadContentionMonitoring
#####################################################################
# RMI Management Properties
#####################################################################
#
# If system property -Dcom.sun.management.jmxremote.port=<port-number>
# is set then
# - A MBean server is started
# - JRE Platform MBeans are registered in the MBean server
# - RMI connector is published in a private readonly registry at
# specified port using a well known name, "jmxrmi"
# - the following properties are read for JMX remote management.
#
# The configuration can be specified only at startup time.
# Later changes to above system property (e.g. via setProperty method),
# this config file, the password file, or the access file have no effect to the
# running MBean server, the connector, or the registry.
#
#
# ########## RMI connector settings for local management ##########
#
# com.sun.management.jmxremote.local.only=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as true then the local JMX RMI connector
# server will only accept connection requests from clients running on
# the host where the out-of-the-box JMX management agent is running.
# In order to ensure backwards compatibility this property could be
# set to false. However, deploying the local management agent in this
# way is discouraged because the local JMX RMI connector server will
# accept connection requests from any client either local or remote.
# For remote management the remote JMX RMI connector server should
# be used instead with authentication and SSL/TLS encryption enabled.
#
# For allowing the local management agent accept local
# and remote connection requests use the following line
# com.sun.management.jmxremote.local.only=false
#
# ###################### RMI SSL #############################
#
# com.sun.management.jmxremote.ssl=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then SSL is not used.
#
# For RMI monitoring without SSL use the following line
# com.sun.management.jmxremote.ssl=false
# com.sun.management.jmxremote.ssl.config.file=filepath
# Specifies the location of the SSL configuration file. A properties
# file can be used to supply the keystore and truststore location and
# password settings thus avoiding to pass them as cleartext in the
# command-line.
#
# The current implementation of the out-of-the-box management agent will
# look up and use the properties specified below to configure the SSL
# keystore and truststore, if present:
# javax.net.ssl.keyStore=<keystore-location>
# javax.net.ssl.keyStorePassword=<keystore-password>
# javax.net.ssl.trustStore=<truststore-location>
# javax.net.ssl.trustStorePassword=<truststore-password>
# Any other properties in the file will be ignored. This will allow us
# to extend the property set in the future if required by the default
# SSL implementation.
#
# If the property "com.sun.management.jmxremote.ssl" is set to false,
# then this property is ignored.
#
# For supplying the keystore settings in a file use the following line
# com.sun.management.jmxremote.ssl.config.file=filepath
# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
# The value of this property is a string that is a comma-separated list
# of SSL/TLS cipher suites to enable. This property can be specified in
# conjunction with the previous property "com.sun.management.jmxremote.ssl"
# in order to control which particular SSL/TLS cipher suites are enabled
# for use by accepted connections. If this property is not specified then
# the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
# are enabled by default.
#
# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
# The value of this property is a string that is a comma-separated list
# of SSL/TLS protocol versions to enable. This property can be specified in
# conjunction with the previous property "com.sun.management.jmxremote.ssl"
# in order to control which particular SSL/TLS protocol versions are
# enabled for use by accepted connections. If this property is not
# specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
# protocol versions that are enabled by default.
#
# com.sun.management.jmxremote.ssl.need.client.auth=true|false
# Default for this property is false. (Case for true/false ignored)
# If this property is specified as true in conjunction with the previous
# property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
# Socket Factory will require client authentication.
#
# For RMI monitoring with SSL client authentication use the following line
# com.sun.management.jmxremote.ssl.need.client.auth=true
# com.sun.management.jmxremote.registry.ssl=true|false
# Default for this property is false. (Case for true/false ignored)
# If this property is specified as true then the RMI registry used
# to bind the RMIServer remote object is protected with SSL/TLS
# RMI Socket Factories that can be configured with the properties:
# com.sun.management.jmxremote.ssl.config.file
# com.sun.management.jmxremote.ssl.enabled.cipher.suites
# com.sun.management.jmxremote.ssl.enabled.protocols
# com.sun.management.jmxremote.ssl.need.client.auth
# If the two properties below are true at the same time, i.e.
# com.sun.management.jmxremote.ssl=true
# com.sun.management.jmxremote.registry.ssl=true
# then the RMIServer remote object and the RMI registry are
# both exported with the same SSL/TLS RMI Socket Factories.
#
# For using an SSL/TLS protected RMI registry use the following line
# com.sun.management.jmxremote.registry.ssl=true
#
# ################ RMI User authentication ################
#
# com.sun.management.jmxremote.authenticate=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then no authentication is
# performed and all users are allowed all access.
#
# For RMI monitoring without any checking use the following line
# com.sun.management.jmxremote.authenticate=false
#
# ################ RMI Login configuration ###################
#
# com.sun.management.jmxremote.login.config=<config-name>
# Specifies the name of a JAAS login configuration entry to use when
# authenticating users of RMI monitoring.
#
# Setting this property is optional - the default login configuration
# specifies a file-based authentication that uses the password file.
#
# When using this property to override the default login configuration
# then the named configuration entry must be in a file that gets loaded
# by JAAS. In addition, the login module(s) specified in the configuration
# should use the name and/or password callbacks to acquire the user's
# credentials. See the NameCallback and PasswordCallback classes in the
# javax.security.auth.callback package for more details.
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
#
# For a non-default login configuration use the following line
# com.sun.management.jmxremote.login.config=<config-name>
#
# ################ RMI Password file location ##################
#
# com.sun.management.jmxremote.password.file=filepath
# Specifies location for password file
# This is optional - default location is
# $JRE/conf/management/jmxremote.password
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
# Otherwise the password file must exist and be in the valid format.
# If the password file is empty or non-existent then no access is allowed.
#
# For a non-default password file location use the following line
# com.sun.management.jmxremote.password.file=filepath
#
# ################# Hash passwords in password file ##############
# com.sun.management.jmxremote.password.toHashes = true|false
# Default for this property is true.
# Specifies if passwords in the password file should be hashed or not.
# If this property is true, and if the password file is writable, and if the
# system security policy allows writing into the password file,
# all the clear passwords in the password file will be replaced by
# their SHA3-512 hash when the file is read by the server
#
#
# ################ RMI Access file location #####################
#
# com.sun.management.jmxremote.access.file=filepath
# Specifies location for access file
# This is optional - default location is
# $JRE/conf/management/jmxremote.access
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
# Otherwise, the access file must exist and be in the valid format.
# If the access file is empty or non-existent then no access is allowed.
#
# For a non-default password file location use the following line
# com.sun.management.jmxremote.access.file=filepath
#
# ################ Management agent listen interface #########################
#
# com.sun.management.jmxremote.host=<host-or-interface-name>
# Specifies the local interface on which the JMX RMI agent will bind.
# This is useful when running on machines which have several
# interfaces defined. It makes it possible to listen to a specific
# subnet accessible through that interface.
#
# The format of the value for that property is any string accepted
# by java.net.InetAddress.getByName(String).
#
# ################ Filter for ObjectInputStream #############################
# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
# A filter, if configured, is used by java.io.ObjectInputStream during
# deserialization of parameters sent to the JMX default agent to validate the
# contents of the stream.
# A filter is configured as a sequence of patterns, each pattern is either
# matched against the name of a class in the stream or defines a limit.
# Patterns are separated by ";" (semicolon).
# Whitespace is significant and is considered part of the pattern.
#
# If a pattern includes a "=", it sets a limit.
# If a limit appears more than once the last value is used.
# Limits are checked before classes regardless of the order in the sequence of patterns.
# If any of the limits are exceeded, the filter status is REJECTED.
#
# maxdepth=value - the maximum depth of a graph
# maxrefs=value - the maximum number of internal references
# maxbytes=value - the maximum number of bytes in the input stream
# maxarray=value - the maximum array length allowed
#
# Other patterns, from left to right, match the class or package name as
# returned from Class.getName.
# If the class is an array type, the class or package to be matched is the element type.
# Arrays of any number of dimensions are treated the same as the element type.
# For example, a pattern of "!example.Foo", rejects creation of any instance or
# array of example.Foo.
#
# If the pattern starts with "!", the status is REJECTED if the remaining pattern
# is matched; otherwise the status is ALLOWED if the pattern matches.
# If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
# if the module name matches the module name of the class then
# the remaining pattern is matched with the class name.
# If there is no "/", the module name is not compared.
# If the pattern ends with ".**" it matches any class in the package and all subpackages.
# If the pattern ends with ".*" it matches any class in the package.
# If the pattern ends with "*", it matches any class with the pattern as a prefix.
# If the pattern is equal to the class name, it matches.
# Otherwise, the status is UNDECIDED.

View File

@ -0,0 +1,147 @@
############################################################
# Default Networking Configuration File
#
# This file may contain default values for the networking system properties.
# These values are only used when the system properties are not specified
# on the command line or set programmatically.
# For now, only the various proxy settings can be configured here.
############################################################
# Whether or not the DefaultProxySelector will default to System Proxy
# settings when they do exist.
# Set it to 'true' to enable this feature and check for platform
# specific proxy settings
# Note that the system properties that do explicitly set proxies
# (like http.proxyHost) do take precedence over the system settings
# even if java.net.useSystemProxies is set to true.
java.net.useSystemProxies=false
#------------------------------------------------------------------------
# Proxy configuration for the various protocol handlers.
# DO NOT uncomment these lines if you have set java.net.useSystemProxies
# to true as the protocol specific properties will take precedence over
# system settings.
#------------------------------------------------------------------------
# HTTP Proxy settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
# should be accessed directly, ignoring the proxy server (default value is
# localhost & 127.0.0.1).
#
# http.proxyHost=
# http.proxyPort=80
http.nonProxyHosts=localhost|127.*|[::1]
#
# HTTPS Proxy Settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 443). The HTTPS protocol handlers uses the http nonProxyHosts list.
#
# https.proxyHost=
# https.proxyPort=443
#
# FTP Proxy settings. proxyHost is the name of the proxy server
# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
# should be accessed directly, ignoring the proxy server (default value is
# localhost & 127.0.0.1).
#
# ftp.proxyHost=
# ftp.proxyPort=80
ftp.nonProxyHosts=localhost|127.*|[::1]
#
# Socks proxy settings. socksProxyHost is the name of the proxy server
# (e.g. socks.domain.com), socksProxyPort is the port number to use
# (default value is 1080)
#
# socksProxyHost=
# socksProxyPort=1080
#
# HTTP Keep Alive settings. remainingData is the maximum amount of data
# in kilobytes that will be cleaned off the underlying socket so that it
# can be reused (default value is 512K), queuedConnections is the maximum
# number of Keep Alive connections to be on the queue for clean up (default
# value is 10).
# http.KeepAlive.remainingData=512
# http.KeepAlive.queuedConnections=10
# Authentication Scheme restrictions for HTTP and HTTPS.
#
# In some environments certain authentication schemes may be undesirable
# when proxying HTTP or HTTPS. For example, "Basic" results in effectively the
# cleartext transmission of the user's password over the physical network.
# This section describes the mechanism for disabling authentication schemes
# based on the scheme name. Disabled schemes will be treated as if they are not
# supported by the implementation.
#
# The 'jdk.http.auth.tunneling.disabledSchemes' property lists the authentication
# schemes that will be disabled when tunneling HTTPS over a proxy, HTTP CONNECT.
# The 'jdk.http.auth.proxying.disabledSchemes' property lists the authentication
# schemes that will be disabled when proxying HTTP.
#
# In both cases the property is a comma-separated list of, case-insensitive,
# authentication scheme names, as defined by their relevant RFCs. An
# implementation may, but is not required to, support common schemes whose names
# include: 'Basic', 'Digest', 'NTLM', 'Kerberos', 'Negotiate'. A scheme that
# is not known, or not supported, by the implementation is ignored.
#
# Note: This property is currently used by the JDK Reference implementation. It
# is not guaranteed to be examined and used by other implementations.
#
#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic
#
# Allow restricted HTTP request headers
#
# By default, the following request headers are not allowed to be set by user code
# in HttpRequests: "connection", "content-length", "expect", "host" and "upgrade".
# The 'jdk.httpclient.allowRestrictedHeaders' property allows one or more of these
# headers to be specified as a comma separated list to override the default restriction.
# The names are case-insensitive and white-space is ignored (removed before processing
# the list). Note, this capability is mostly intended for testing and isn't expected
# to be used in real deployments. Protocol errors or other undefined behavior is likely
# to occur when using them. The property is not set by default.
# Note also, that there may be other headers that are restricted from being set
# depending on the context. This includes the "Authorization" header when the
# relevant HttpClient has an authenticator set. These restrictions cannot be
# overridden by this property.
#
# jdk.httpclient.allowRestrictedHeaders=host
#
#
# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
# can be used for the NTLM scheme, where the security credentials based on the
# currently logged in user's name and password can be obtained directly from the
# operating system, without prompting the user. This property has three possible
# values which regulate the behavior as shown below. Other unrecognized values
# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
# strongly secure authentication scheme and care should be taken before enabling
# this mechanism.
#
# Transparent authentication never used.
#jdk.http.ntlm.transparentAuth=disabled
#
# Enabled for all hosts.
#jdk.http.ntlm.transparentAuth=allHosts
#
# Enabled for hosts that are trusted in Windows Internet settings
#jdk.http.ntlm.transparentAuth=trustedHosts
#
jdk.http.ntlm.transparentAuth=disabled
#
# Default directory where automatically bound Unix domain server
# sockets are stored. Sockets are automatically bound when bound
# with a null address.
#
# On Unix the search order to determine this directory is:
#
# 1. System property jdk.net.unixdomain.tmpdir
#
# 2. Networking property jdk.net.unixdomain.tmpdir specified
# in this file (effective default)
#
# 3. System property java.io.tmpdir
#
jdk.net.unixdomain.tmpdir=/tmp

View File

@ -0,0 +1,44 @@
//
// This system policy file grants a set of default permissions to all domains
// and can be configured to grant additional permissions to modules and other
// code sources. The code source URL scheme for modules linked into a
// run-time image is "jrt".
//
// For example, to grant permission to read the "foo" property to the module
// "com.greetings", the grant entry is:
//
// grant codeBase "jrt:/com.greetings" {
// permission java.util.PropertyPermission "foo", "read";
// };
//
// default permissions granted to all domains
grant {
// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission
"java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission
"java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};

View File

@ -0,0 +1,54 @@
Java(TM) Cryptography Extension Policy Files
for the Java(TM) Platform, Standard Edition Runtime Environment
README
------------------------------------------------------------------------
Import and export control rules on cryptographic software vary from
country to country. The Java Cryptography Extension (JCE) architecture
allows flexible cryptographic key strength to be configured via the
jurisdiction policy files which are referenced by the "crypto.policy"
security property in the <java-home>/conf/security/java.security file.
By default, Java provides two different sets of cryptographic policy
files:
unlimited: These policy files contain no restrictions on cryptographic
strengths or algorithms
limited: These policy files contain more restricted cryptographic
strengths
These files reside in <java-home>/conf/security/policy in the "unlimited"
or "limited" subdirectories respectively.
Each subdirectory contains a complete policy configuration,
and subdirectories can be added/edited/removed to reflect your
import or export control product requirements.
Within a subdirectory, the effective policy is the combined minimum
permissions of the grant statements in the file(s) matching the filename
pattern "default_*.policy". At least one grant is required. For example:
limited = Export (all) + Import (limited) = Limited
unlimited = Export (all) + Import (all) = Unlimited
The effective exemption policy is the combined minimum permissions
of the grant statements in the file(s) matching the filename pattern
"exempt_*.policy". Exemption grants are optional. For example:
limited = grants exemption permissions, by which the
effective policy can be circumvented.
e.g. KeyRecovery/KeyEscrow/KeyWeakening.
Please see the Java Cryptography Architecture (JCA) documentation for
additional information on these files and formats.
YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
TO DETERMINE THE EXACT REQUIREMENTS.
Please note that the JCE for Java SE, including the JCE framework,
cryptographic policy files, and standard JCE providers provided with
the Java SE, have been reviewed and approved for export as mass market
encryption item by the US Bureau of Industry and Security.

View File

@ -0,0 +1,6 @@
// Default US Export policy file.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};

View File

@ -0,0 +1,14 @@
// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};

View File

@ -0,0 +1,13 @@
// Some countries have import limits on crypto strength, but may allow for
// these exemptions if the exemption mechanism is used.
grant {
// There is no restriction to any algorithms if KeyRecovery is enforced.
permission javax.crypto.CryptoPermission *, "KeyRecovery";
// There is no restriction to any algorithms if KeyEscrow is enforced.
permission javax.crypto.CryptoPermission *, "KeyEscrow";
// There is no restriction to any algorithms if KeyWeakening is enforced.
permission javax.crypto.CryptoPermission *, "KeyWeakening";
};

View File

@ -0,0 +1,6 @@
// Default US Export policy file.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};

View File

@ -0,0 +1,6 @@
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};

View File

@ -0,0 +1,39 @@
############################################################
# Sound Configuration File
############################################################
#
# This properties file is used to specify default service
# providers for javax.sound.midi.MidiSystem and
# javax.sound.sampled.AudioSystem.
#
# The following keys are recognized by MidiSystem methods:
#
# javax.sound.midi.Receiver
# javax.sound.midi.Sequencer
# javax.sound.midi.Synthesizer
# javax.sound.midi.Transmitter
#
# The following keys are recognized by AudioSystem methods:
#
# javax.sound.sampled.Clip
# javax.sound.sampled.Port
# javax.sound.sampled.SourceDataLine
# javax.sound.sampled.TargetDataLine
#
# The values specify the full class name of the service
# provider, or the device name.
#
# See the class descriptions for details.
#
# Example 1:
# Use MyDeviceProvider as default for SourceDataLines:
# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider
#
# Example 2:
# Specify the default Synthesizer by its name "InternalSynth".
# javax.sound.midi.Synthesizer=#InternalSynth
#
# Example 3:
# Specify the default Receiver by provider and name:
# javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1
#

Some files were not shown because too many files have changed in this diff Show More