<?xml version="1.0" encoding="utf-8"?>
<!-- Jolokia agent and MBean access policy based security -->
<!-- TODO: review these settings before production deployment -->
<restrict>
    <!-- IP based restrictions -->
    <remote>
        <!-- IP address, a host name, or a netmask given in CIDR format (e.g. "10.0.0.0/16" for all clients coming from the 10.0 network). -->
        <host>127.0.0.1</host>
        <host>localhost</host>
    </remote>
    <!-- commands for which access is granted: read, write, exec, list, search, version -->
    <commands>
        <command>version</command>
        <command>read</command>
    </commands>
    <!-- MBean access and deny restrictions -->
    <!-- HTTP method restrictions: get, post -->
    <http>
        <method>get</method>
    </http>
    <!-- Cross-Origin Resource Sharing (CORS) restrictions
         (by default, allow cross origin access from any host)
     -->
</restrict>