Last active
October 12, 2021 13:52
-
-
Save jyeary/e81f06e4d531844db62778275f45b9fe to your computer and use it in GitHub Desktop.
jstatd and policy files for Mac and Unix Java 8 and Java 11+
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grant codebase "file:${java.home}/../lib/tools.jar" { | |
| permission java.security.AllPermission; | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Start the jstatd server listening on port 1099 and a *random* port. | |
| # 1. Enable perfdata to allow JVM monitoring and performance testing. | |
| # 2. Log RMI traffic | |
| # 3. Use a security policy (jstatd.policy) with the following lines: | |
| # grant codebase "jrt:/jdk.jstatd" { | |
| # permission java.security.AllPermission; | |
| # }; | |
| # | |
| # grant codebase "jrt:/jdk.internal.jvmstat" { | |
| # permission java.security.AllPermission; | |
| # }; | |
| # 4. Use localhost since we will use ssh to tunnel to the server. | |
| # ssh username@host -L 1099:localhost:1099 -L 9010:localhost:9010 -L 9011:localhost:9011 | |
| # 5. Use IPv4 port bindings. | |
| # 6. JMX Support on ports 9010 and 9011 | |
| jstatd -p 1099 \ | |
| -J-Xms256m \ | |
| -J-XX:+UsePerfData \ | |
| -J-Djava.net.preferIPv4Stack=true \ | |
| -J-Djava.rmi.server.hostname=localhost \ | |
| -J-Djava.rmi.server.logCalls=true \ | |
| -J-Djava.security.policy=`pwd`/jstatd.policy \ | |
| -J-Dcom.sun.management.jmxremote=true \ | |
| -J-Dcom.sun.management.jmxremote.authenticate=false \ | |
| -J-Dcom.sun.management.jmxremote.local.only=false \ | |
| -J-Dcom.sun.management.jmxremote.port=9010 \ | |
| -J-Dcom.sun.management.jmxremote.rmi.port=9011 \ | |
| -J-Dcom.sun.management.jmxremote.ssl=false \ | |
| 2>&1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Start the jstatd server listening on port 1099 and a *random* port. | |
| # 1. Enable perfdata to allow JVM monitoring and performance testing. | |
| # 2. Log RMI traffic | |
| # 3. Use a security policy (jstatd.policy) with the following lines: | |
| # grant codebase "jrt:/jdk.jstatd" { | |
| # permission java.security.AllPermission; | |
| # }; | |
| # | |
| # grant codebase "jrt:/jdk.internal.jvmstat" { | |
| # permission java.security.AllPermission; | |
| # }; | |
| # 4. Use an IP address as a hostname to avoid DNS resolution, and make it easier for VisualVM. | |
| # 5. Use IPv4 port bindings | |
| # 6. JMX Support on ports 9010 and 9011 | |
| jstatd -p 1099 \ | |
| -J-Xms256m \ | |
| -J-XX:+UsePerfData \ | |
| -J-Djava.net.preferIPv4Stack=true \ | |
| -J-Djava.rmi.server.hostname=`ipconfig getifaddr en0` \ | |
| -J-Djava.rmi.server.logCalls=true \ | |
| -J-Djava.security.policy=`pwd`/jstatd.policy \ | |
| -J-Dcom.sun.management.jmxremote=true \ | |
| -J-Dcom.sun.management.jmxremote.authenticate=false \ | |
| -J-Dcom.sun.management.jmxremote.local.only=false \ | |
| -J-Dcom.sun.management.jmxremote.port=9010 \ | |
| -J-Dcom.sun.management.jmxremote.rmi.port=9011 \ | |
| -J-Dcom.sun.management.jmxremote.ssl=false \ | |
| 2>&1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grant codebase "jrt:/jdk.jstatd" { | |
| permission java.security.AllPermission; | |
| }; | |
| grant codebase "jrt:/jdk.internal.jvmstat" { | |
| permission java.security.AllPermission; | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Start the jstatd server listening on port 1099 and a *random* port. | |
| # 1. Enable perfdata to allow JVM monitoring and performance testing. | |
| # 2. Log RMI traffic | |
| # 3. Use a security policy (jstatd.policy) with the following lines: | |
| # grant codebase "jrt:/jdk.jstatd" { | |
| # permission java.security.AllPermission; | |
| # }; | |
| # | |
| # grant codebase "jrt:/jdk.internal.jvmstat" { | |
| # permission java.security.AllPermission; | |
| # }; | |
| # 4. Use an IP address as a hostname to avoid DNS resolution, and make it easier for VisualVM. | |
| # 5. Use IPv4 port bindings | |
| # 6. JMX Support on ports 9010 and 9011 | |
| jstatd -p 1099 \ | |
| -J-Xms256m \ | |
| -J-XX:+UsePerfData \ | |
| -J-Djava.net.preferIPv4Stack=true \ | |
| -J-Djava.rmi.server.hostname=`hostname -I | cut -f1 -d' '` \ | |
| -J-Djava.rmi.server.logCalls=true \ | |
| -J-Djava.security.policy=`pwd`/jstatd.policy \ | |
| -J-Dcom.sun.management.jmxremote=true \ | |
| -J-Dcom.sun.management.jmxremote.authenticate=false \ | |
| -J-Dcom.sun.management.jmxremote.local.only=false \ | |
| -J-Dcom.sun.management.jmxremote.port=9010 \ | |
| -J-Dcom.sun.management.jmxremote.rmi.port=9011 \ | |
| -J-Dcom.sun.management.jmxremote.ssl=false \ | |
| 2>&1 |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Added JMX support