From the oracle official documentation:
Disabling Security To disable both password authentication and SSL (namely to disable all security), you should set the following system properties when you start the Java VM. com. sun. management. jmxremote. authenticate=false com. sun. management. jmxremote. ssl=false Caution - This configuration is insecure: any remote user who knows (or guesses) your port number and host name will be able to monitor and control your Java applications and platform. Furthermore, possible harm is not limited to the operations you define in your MBeans. A remote client could create a javax. management. loading. MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code. Consequently, while disabling security might be acceptable for development, it is strongly recommended that you do not disable security for production systems.
When the Disable code execution when the presence of any code execution problems.
metaploit module is described as follows: