Java Platform, Standard Edition Deployment Guide

Contents Previous Next

21 Deployment Configuration File and Properties

This topic describes system and user properties that can be set to configure applications deployed with Java Web Start or Java Plug-in.

The deployment.properties file is used for storing and retrieving deployment configuration properties shown in the Java Control Panel. The properties are also used for customizing runtime
behavior for both Java Plug-in and Java Web Start.

This topic contains the following sections:

Deployment Configuration File (deployment.properties)

Deployment Configuration Properties

21.1 Deployment Configuration File (deployment.properties)

A user-level deployment.properties file always exists. Its location, which is non-configurable, is described in User Level. There can also be an optional system-level
deployment.properties file. If it exists, its location is determined by a System Administrator through the deployment.config file, described in System Level.

21.1.1 User Level

The following table shows the location of the user-level deployment.properties file.

Table 21-1 Location of the User-Level Deployment Configuration File

Operating System Location

Windows <User Application Data Folder>\LocalLow\Sun\Java\Deployment\deployment.properties

Solaris, Linux ${user.home}/.java/deployment/deployment.properties

OS X ~/Library/Application Support/Oracle/Java/Deployment/deployment.properties

On Windows, <User Application Data Folder> is typically C:\Users\username. On Solaris and Linux, ${user.home} is typically /home/username. On OS X, the tilde (~) represents
the home directory, which is typically /Users/username.

The following locations provide examples for each operating system:

For user jsmith running on Windows 7, the deployment.properties file would be located in the following directory:

C:\Users\jsmith\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

For user bjones running on Solaris or Linux, the deployment.properties file would be located in the following directory:

/home/bjones/.java/deployment/deployment.properties

For user jdoe running on OS X, the deployment.properties file would be located in the following directory:

/Users/jdoe/Library/Application Support/Oracle/Java/Deployment/deployment.properties

21.1.2 System Level

The deployment.config file is used for specifying the system-level deployment.properties in the infrastructure. By default no deployment.config file exists, so no system-wide
deployment.properties file exists. If the deployment.config file exists, it is located in one of the directories shown in the following table.

Table 21-2 Location of the System-Level Deployment Configuration File

Operating System Location

Windows
<Windows Directory>\Sun\Java\Deployment\deployment.config
Operating System Location

${deployment.java.home}\lib\deployment.config

Solaris, Linux
/etc/.java/deployment/deployment.config

${deployment.java.home}/lib/deployment.config

OS X
/Library/Application Support/Oracle/Java/Deployment/deployment.config

${deployment.java.home}/lib/deploy/deployment.config

${deployment.java.home} is the location of the JRE from which the deployment products are run. Deployment products include Java Web Start, Java Plug-in, Java Control Panel, and
others.

The deployment.config file contains two properties: deployment.system.config and deployment.system.config.mandatory.

The deployment.system.config property is the URL to the system (enterprise-wide) deployment.properties file. This property can be used by system administrators to centrally
administer or "lock-down" user-specific configuration settings. For local files, use the file protocol in the URL, for example,
file:///C:/Windows/Sun/Java/Deployment/deployment.properties.

Note:

If the format for the file protocol that is shown in the example does not work for you, try one of the following alternative formats:

file\:\\C\:\\deployment.system.properties
file:\\C:\\deployment.system.properties
file://\\C:\\deployment.system.properties
file:/C:/deployment.system.properties

The deployment.system.config.mandatory property is a boolean. If set to true, the deployment.properties file that is pointed to by the deployment.system.config property
must be found and successfully loaded, otherwise, nothing is allowed to run. If the property is set to false, an attempt is made to find and load the deployment. properties file that is pointed to
by the deployment.system.config property. If successful, the file is used, otherwise, the file is ignored. The default for the deployment.system.config.mandatory property is false.

21.2 Deployment Configuration Properties

The following tables describe the properties that can be set in the deployment.properties file.

Note:

Any system deployment property, for example SomeKey=SomeValue, can be locked by including another key, SomeKey.locked. The key
SomeKey.locked does not require a value, when the key is present, the property SomeKey=SomeValue is locked so that the user cannot change it. If a
system deployment property is not locked, then a user is allowed to change it.

21.2.1 Infrastructure

Table 21-3 Configuration Properties Related to Infrastructure

Property Key Type Default Value Description

deployment.user.cachedir String $USER_HOME + File.separator + cache User-level cache directory.

deployment.system.cachedir String null System-level cache directory.

deployment.user.logdir String $USER_HOME + File.separator + log User-level log directory.

21.2.2 Certificate stores and policy files

Table 21-4 Configuration Properties Related to Certificate Stores and Policy Files

Property Key Type Default Value Description

deployment.user.security.trusted.cacerts String $USER_HOME + File.separator + User-level Root CA certificate store.

security + File.separator +
trusted.cacerts;

deployment.user.security.trusted.jssecacerts String $USER_HOME + File.separator + User-level JSSE CA certificate store.

security + File.separator +
Property Key Type Default Value Description
trusted.jssecacerts

deployment.user.security.trusted.certs String $USER_HOME + File.separator + User-level Trusted signer certificate store.

security + File.separator +
trusted.certs

deployment.user.security.trusted.jssecerts String $USER_HOME + File.separator + User-level Trusted JSSE certificate store.

security + File.separator +
trusted.jssecerts;

deployment.user.security.trusted.clientauthcerts String $USER_HOME + File.separator + User-level Client Authentication certificate

security + File.separator + store.
trusted.clientcerts

deployment.user.security.exception.sites String $USER_HOME + File.separator + Location of the exception site list. See
security + File.separator + Chapter 29, "Exception Site List" for
exception.sites information.

deployment.system.security.policy String null System-level security policy file. The

protocol of URL is either file, HTTP, or
HTTPS.

deployment.system.security.cacerts String $JAVA_HOME + File.separator + lib + System-level Root CA certificate store.

File.separator + security +
File.separator + cacerts

deployment.system.security.jssecacerts String $JAVA_HOME + File.separator + lib + System-level JSSE CA certificate store.

File.separator + security +
File.separator + jssecacerts;

deployment.system.security.trusted.certs String $SYSTEM_HOME + File.separator + System-level Signer certificate store.

security + File.separator +
trusted.certs
Property Key Type Default Value Description

deployment.system.security.trusted.jssecerts String $SYSTEM_HOME + File.separator + System-level JSSE certificate store.

security + File.separator +
trusted.jssecerts

deployment.system.security.trusted.clientauthcerts String $SYSTEM_HOME + File.separator + System-level Client Authentication

security + File.separator + certificate store.
trusted.clientcerts

21.2.3 Security Access And Control Settings

Table 21-5 Configuration Properties Related to Security Access and Control

Property Key Type Default Value Description

deployment.security.level String HIGH Security level setting. The following values are valid:

HIGH: Applications that are signed with a valid

certificate and include the Permissions attribute in the
manifest for the main JAR file are allowed to run with
security prompts. Applications are also allowed to run
with security prompts when the revocation status of the
certificate cannot be checked. All other applications are
blocked.

VERY_HIGH: Applications that are signed with a valid

certificate and include the Permissions attribute in the

manifest for the main JAR file are allowed to run with
security prompts. All other applications are blocked.

deployment.webjava.enabled Boolean true Set to true to run applets or Java Web Start (JWS)
applications. Set to false to block applets and JWS
applications from running.
Property Key Type Default Value Description

deployment.insecure.jres String PROMPT Setting for insecure JRE prompt. The following values are
valid:

NEVER: Untrusted content always runs with the default

JRE.

PROMPT: Users are prompted before using insecure

JRE versions, and are shown warning dialogs

deployment.expiration.check.enabled Boolean true Set to true to prompt users to update the JRE when an out-
of-date JRE is found on their system. Set to false to
suppress the prompt.

Note: To ensure that the expiration check is disabled, use

the -userConfig
deployment.expiration.check.enabled false
option with the javaws command. If this property is
changed in the deployment.properties file, open the
Java Control Panel before starting an application to ensure
that the native cache is synchronized with the file.
Otherwise, the change might be ignored the first time an
application is started.

deployment.security.askgrantdialog.show Boolean true Set to true to allow users to grant permissions to applets
and JWS applications. Set to false to block users from
granting permissions.

deployment.security.askgrantdialog.notinca Boolean true Set to true to allow users to grant permissions to

certificates that are not issued by a CA in the Root/JSSE CA
certificate store. Set to false to block users from granting
permissions.
Property Key Type Default Value Description

deployment.security.jsse.hostmismatch.warning Boolean true Set to true to enable JSSE HTTPS certificate verification to
show host-mismatch warnings. Set to false to suppress
the warnings.

deployment.security.trusted.policy String "" Policy file that contains the ceiling policy of permissions
granted to trusted applications and applets. The default is all
permissions. Use this property to configure a lesser set of
permissions.

deployment.security.mixcode String ENABLE Setting for mixed mode. The following values are valid:

ENABLE: Enables the software to test for mixing trusted

and untrusted code and, when potentially unsafe
components are detected, raises a warning dialog.

HIDE_RUN: Suppresses the warning dialog and, if

potentially unsafe components are detected, behaves

as if the user had clicked Run in the warning dialog -
the applet or application continues running with some
added protections.

HIDE_CANCEL: Suppresses the warning dialog and

behaves as if the user had clicked Cancel in the

warning dialog - potentially unsafe components are
blocked from running and the program may terminate.

DISABLE (not recommended): Disables the software

from checking for mixing trusted and untrusted code,
leaving the user to run potentially unsafe code with no
warning and without the additional protections.

deployment.security.sandbox.awtwarningwindow Boolean true true if the sandbox has awtShowWindowWithoutWarning.

Property Key Type Default Value Description

deployment.security.sandbox.jnlp.enhanced Boolean true Set to true to prompt the user to accept the JNLP API
security dialogs.

deployment.security.sandbox.selfsigned String PROMPT Setting for the prompt to run self-signed code in the
sandbox. The following values are valid:

PROMPT: Prompt user to allow the self-signed app to

run in the sandbox.

NEVER: Block all self-signed content.

deployment.security.sandbox.casigned String PROMPT Setting to enable users to turn off future prompts for a
signed app running in the sandbox. The following values are
valid:

PROMPT: Prompt user to allow the app to run and

provide information on the certificate used to sign the
app. The user can choose to turn off future prompting
for this application.

NEVER: Block any content from running unless it asks

for and is granted all permissions.

deployment.security.blacklist.check Boolean true Support for blacklisting signed JAR files that contain serious
security vulnerabilities. This property is used to toggle this
behavior. For more information see Blacklist Feature.

deployment.security.revocation.check String ALL_CERTIFICATES Setting for revocation checks. The following values are valid:

PUBLISHER_ONLY: Checks only the certificate that the

publisher used to sign the application.

Property Key Type Default Value Description

ALL_CERTIFICATES: Checks all certificates in the

certificate chain.

NO_CHECK (not recommended): Suppresses the check

for certificates that have been revoked.

deployment.security.validation.ocsp Boolean true Specifies whether Online Certificate Status Protocol is

enabled.

deployment.security.validation.ocsp.url String null Specifies a URL string pointing to an OCSP response

server.

deployment.security.validation.ocsp.signer String null Points to a OCSP response signer certificate subject name.

deployment.security.validation.crl Boolean true Specifies whether to use certificate revocation list.

deployment.security.validation.crl.url String null Specifies a URL in the Certificate Revocation List to perform
a certificate validation.

deployment.security.validation.clockskew int 900 Acceptable time difference, in seconds, between the system
clock and the clock on the server used for revocation
checks. If the property is not set, or the value is negative,
the default of 900 seconds (15 minutes) is used.

deployment.security.validation.timeout int 15 Maximum time, in seconds, that the system attempts to

connect to the server for revocation checks before timing
out. If the property is not set, or the value is negative, the
default of 15 seconds is used. To never time out, set the
property to 0.

deployment.security.authenticator Boolean true Normally Plug-in and Web Start install an Authenticator to
handle communication with Authenticating web pages or
Authenticating proxies. This is the default behavior (true).
Property Key Type Default Value Description
This option can be used to turn the normal behavior off if, for
example, an application communicates directly with an
authenticating web page and needs to install its own
Authenticator.

21.2.4 Networking

Table 21-6 Configuration Properties Related to Networking

Property Key Type Default Value Description

deployment.proxy.type int 3 for PROX_TYPE_BROWSER Type of proxy that should be used. The following values are valid:

PROX_TYPE_UNKNOWN = -1;

PROX_TYPE_NONE = 0;

PROX_TYPE_MANUAL = 1;

PROX_TYPE_AUTO = 2;

PROX_TYPE_BROWSER = 3;

deployment.proxy.same Boolean false Set to true to use the same web server and port for https and ftp as is
configured for http. This is only valid if deployment.proxy.type =
PROX_TYPE_MANUAL.

deployment.proxy.auto.config.url String (no default) URL for auto-Auto proxy configuration JavaScript.proxy configuration
JavaScript.

deployment.proxy.bypass.list String (no default) List of host names that should bypass the proxy. Each host name is
delimited by a comma in the property, for example,
192.168.1.100,localhost,example.com
Property Key Type Default Value Description

deployment.proxy.bypass.local String (no default) All local hosts should be bypassed.

deployment.proxy.http.host String (no default) HTTP proxy host name.

deployment.proxy.http.port String (no default) HTTP proxy port.

deployment.proxy.https.host String (no default) HTTPS proxy host name.

deployment.proxy.https.port String (no default) HTTPS proxy port.

deployment.proxy.ftp.host String (no default) FTP proxy host name.

deployment.proxy.ftp.port String (no default) FTP proxy port.

deployment.proxy.socks.host String (no default) SOCKS v4 proxy host name.

deployment.proxy.socks.port String (no default) SOCKS v4 proxy port.

deployment.proxy.override.hosts String "" Proxy overridden list.

21.2.5 Cache and Optional Package Repository

Table 21-7 Configuration Properties Related to Cache and Optional Package Repository

Property Key Type Default Value Description

deployment.cache.max.size int -1 Maximum size of the deployment cache in megabytes (MB). This is the cache size for each
cache: Java Web Start and Java Plug-in.

0: Disables caching in Java Plug-in; cache size in Java Web Start will be unlimited.

-1: Indicates unlimited cache size.

Property Key Type Default Value Description

deployment.cache.jarcompression String 0 0-9 compression ratio to use in applet JAR compression.

deployment.javapi.cache.enabled Boolean false Specifies if the cache should be disabled. Set to false to prevent the cache from being
disabled.

21.2.6 Java Console

Table 21-8 Configuration Properties Related to the Java Console

Property Key Type Default Value Description

deployment.console.startup.mode String HIDE The following values are valid:

HIDE: Hide the Java Console;

SHOW: Show the Java Console;

DISABLE: Disable the Java Console;

21.2.7 Tracing and Logging

Table 21-9 Configuration Properties Related to Tracing and Logging

Property Key Type Default Value Description

deployment.trace Boolean false Set to true to enable tracing.

deployment.log Boolean false Set to true to enable logging.

21.2.8 Java Web Start

Table 21-10 Configuration Properties Related to Java Web Start

Property Key Type Default Value Description

deployment.javaws.associations int 2 JNLP associations. The following values are valid:

ASSOCIATION_NEVER = 0;

ASSOCIATION_NEW_ONLY = 1;

ASSOCIATION_ASK_USER = 2;

ASSOCIATION_REPLACE_ASK = 3;

deployment.javaws.shortcut String ASK_IF_HINTED Create a desktop shortcut for Java Web Start. The following values are valid:

NEVER

ALWAYS

ASK_USER

ASK_IF_HINTED

ALWAYS_IF_HINTED

21.2.9 Browser Selection and Path

Table 21-11 Configuration Properties Related to Browser Selection and Path

Property Key Type Default Value Description

deployment.browser.path String <No Browser Selected> Path to the browser for showing web pages from the application viewer, the About Box, and
Java Web Start applications.

Note that this property is used for Solaris and Linux only. On Windows, this property is ignored,
and the default browser is determined in the same way as other applications that launches a
browser on Windows.
Property Key Type Default Value Description

21.2.10 Check for update Timeout

Table 21-12 Configuration Properties Related to Update Timeout

Property Key Type Default Value Description

deployment.javaws.update.timeout int 500 Units are milliseconds.

21.2.11 SSLv3 is disabled by default

It should be noted that SSLv3 is obsolete and should no longer be used. See https://blogs.oracle.com/security/entry/information_about_ssl_poodle_vulnerability.
Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default.

If the user needs to use SSLv3 for applications, see the procedure to re-enable SSLv3 at
http://docs.oracle.com/javase/8/docs/technotes/guides/security//SunProviders.html#enable-sslv3.

More information about how to configure specific protocols can be found at:

http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
Contents Previous Next

Copyright © 1993, 2023, Oracle and/or its affiliates. All rights reserved. | Cookie Preferences | Ad Choices. Contact Us