Documentation Contents

Deployment Configuration File and Properties

Java Rich Internet Applications Guide > Java Control Panel > Deployment Configuration File and Properties

The following topics are covered:

Overview

The deployment.properties file is used for storing and retrieving deployment configuration properties in the Java Control Panel. They are also used for customizing runtime behavior for both Java Plug-in and Java Web Start.

There is always a User-Level deployment.properties file. Its location, which is non-configurable, is described below. There may also be an (optional) System-Level deployment.properties file. If it exists, its location is determined by a System Administrator through the deployment.config file as described below.

Deployment Configuration File (deployment.properties)

User Level

The following table shows the location of the User-Level deployment.properties file.

Operating System Location
Windows <User Application Data Folder>\LocalLow\Sun\Java\Deployment\deployment.properties
UNIX ${user.home}/.java/deployment/deployment.properties
Mac OS X ~/Library/Application Support/Oracle/Java/Deployment/deployment.properties

On Windows, <User Application Data Folder> is typically C:\Users\username. On UNIX, ${user.home} is typically /home/username. On Mac OS X, the tilde (~) represents the home directory, which is typically /Users/username.

Examples:

For user jsmith running on Windows 7, the deployment.properties file would be located in the following directory:

C:\Users\jsmith\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

For user bjones running on UNIX, the deployment.properties file would be located in the following directory:

/home/bjones/.java/deployment/deployment.properties

For user jdoe running on Mac OS X, the deployment.properties file would be located in the following directory:

/Users/jdoe/Library/Application Support/Oracle/Java/Deployment/deployment.properties

System Level

The deployment.config file is used for specifying the System-Level deployment.properties in the infrastructure. By default no deployment.config file exists; thus, no system-wide deployment.properties file exists. If deployment.config exists, it is located in one of the directories shown in the following table.

Operating System
Location
Windows
  • <Windows Directory>\Sun\Java\Deployment\deployment.config
  • ${deployment.java.home}\lib\deployment.config
UNIX
  • /etc/.java/deployment/deployment.config
  • ${deployment.java.home}/lib/deployment.config
Mac OS X
  • /Library/Application Support/Oracle/Java/Deployment/deployment.config
  • ${deployment.java.home}/lib/deploy/deployment.config

${deployment.java.home} is the location of the JRE from which the deployment products are run. Deployment products include Java Web Start, Java Plug-in, Java Control Panel, and others.

deployment.config (if it exists) contains two properties: deployment.system.config and deployment.system.config.mandatory.

deployment.system.config is the URL to the system (enterprise-wide) deployment.properties file. This property can be used by system administrators to centrally administer or "lock-down" user-specific configuration settings. For local files, use the file protocol in the URL, for example, file:///C:/Windows/Sun/Java/Deployment/deployment.properties.

deployment.system.config.mandatory is a boolean. The default is false. If false, there will be an attempt to load the deployment.properties file pointed to by the deployment.system.config URL. If the URL can be found and loaded, it will be used. If true, there will likewise be an attempt to load the system deployment.properties file pointed to by the deployment.system.config URL. If the URL can be found and loaded, it will be used; but if it cannot be found or loaded, then nothing will be allowed to run.

Deployment Configuration Properties

The following table describes the properties that can be set in the deployment.properties file.

Note: Any system deployment property, say SomeKey=SomeValue, may be locked by including another key, SomeKey.locked. The key SomeKey.locked may or may not be set to a value; in either case, SomeKey=SomeValue will be locked so that the user cannot change it. If a system deployment property is not locked, then a user will be allowed to change it.

Infrastructure

Property Key Type Default Value Description
deployment.user.cachedir
String "$USER_HOME" +
File.separator + "cache"
User-level cache directory.
deployment.system.cachedir
String null System-level cache directory.
deployment.user.logdir String "$USER_HOME" + File.separator + "log" User-level log directory.
deployment.user.tmp
String "$USER_HOME" +
File.separator + "tmp";
Temporary user directory.

Certificate stores and policy files

Property Key Type Default Value Description
deployment.user.security.policy
String "file://$USER_HOME/security/java.policy"

User-level security policy file. The protocol of URL is either file, HTTP, or HTTPS.

deployment.user.security.trusted.cacerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.cacerts";

User-level Root CA certificate store.

deployment.user.security.trusted.jssecacerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.jssecacerts"

User-level JSSE CA certificate store.

deployment.user.security.trusted.certs

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.certs"

User-level Trusted signer certificate store.

deployment.user.security.trusted.jssecerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.jssecerts";

User-level Trusted JSSE certificate store.

deployment.user.security.trusted.clientauthcerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.clientcerts"

User-level Client Authentication certificate store.

deployment.user.security.exception.sites String "$USER_HOME" + File.separator + "security" + File.separator + "exception.sites" Location of the exception site list. See Exception Site List for information.

deployment.system.security.policy

String null

System-level security policy file. The protocol of URL is either file, HTTP, or HTTPS.

deployment.system.security.cacerts

String "$JAVA_HOME" + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"

System-level Root CA certificate store.

deployment.system.security.jssecacerts

String "$JAVA_HOME" + File.separator + "lib" + File.separator + "security" + File.separator + "jssecacerts";

System-level JSSE CA certificate store.

deployment.system.security.trusted.certs

String "$SYSTEM_HOME" + File.separator + "security" + File.separator + "trusted.certs"

System-level Signer certificate store.

deployment.system.security.trusted.jssecerts

String "$SYSTEM_HOME" + File.separator + "security" + File.separator + "trusted.jssecerts"

System-level JSSE certificate store.

deployment.system.security.trusted.clientauthcerts

String "$SYSTEM_HOME" + File.separator + "security" + File.separator + "trusted.clientcerts"

System-level Client Authentication certificate store.

Security Access And Control settings

Property Key Type Default Value Description
deployment.security.level String HIGH
  • "MEDIUM": All applications that include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. If the Permissions attribute is not present in the main JAR file, then the application is blocked.
  • "HIGH": Applications that are signed with a valid or expired certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.
  • "VERY_HIGH": Applications that are signed with a valid certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked.
deployment.webjava.enabled Boolean true Must be "true" to run applets or Java Web Start applications.

deployment.insecure.jres

String "PROMPT"
  • "NEVER": Untrusted content will always run with the default JRE
  • "PROMPT": Prompt user before using insecure JRE versions; users will see the new warning dialogs
deployment.expiration.check.enabled Boolean true Must be "true" to prompt users to update the JRE when an out-of-date JRE is found on their system. Set to "false" to suppress the prompt.

deployment.security.askgrantdialog.show

Boolean true Must be "true" if the user is allowed to grant permissions at all.

deployment.security.askgrantdialog.notinca

Boolean true Must be "true" if the user is allowed to grant permissions to certificates that are not issued by a CA in the Root/JSSE CA certificate store.

deployment.security.jsse.hostmismatch.warning

Boolean true Must be "true" for JSSE HTTPS certificate verification to show host-mismatch warning.

deployment.security.trusted.policy

String ""

Policy file contains the ceiling policy of permissions granted to trusted applications and applets. By default this is all permissions, but by using this configuration setting, a user or enterprise can configure a lesser set of permissions.

deployment.security.mixcode

String ENABLE
  • "ENABLE" enables the software to test for mixing trusted and untrusted code and, when potentially unsafe components are detected, raises a warning dialog.
  • "HIDE_RUN" suppresses the warning dialog and, if potentially unsafe components are detected, behaves as if the user had clicked Run in the warning dialog - the applet or application continues running with some added protections.
  • "HIDE_CANCEL" suppresses the warning dialog and behaves as if the user had clicked Cancel in the warning dialog - potentially unsafe components are blocked from running and the program may terminate.
  • "DISABLE" (not recommended) disables the software from checking for mixing trusted and untrusted code, leaving the user to run potentially unsafe code with no warning and without the additional protections.

deployment.security.sandbox.awtwarningwindow

Boolean true "true" if the sandbox has awtShowWindowWithoutWarning.

deployment.security.sandbox.jnlp.enhanced

Boolean true Must be "true" for the user to see and accept JNLP API security dialogs.
deployment.security.sandbox.selfsigned String PROMPT
  • "PROMPT": Prompt user to allow the self-signed app to run in the sandbox.
  • "NEVER": Block all self-signed content.
deployment.security.sandbox.casigned String PROMPT
  • "PROMPT": Prompt user to allow the app to run and provide information on the certificate used to sign the app. The user can choose to turn off future prompting for this application.
  • "NEVER": Block any content from running unless it asks for and is granted all permissions.
deployment.security.blacklist.check Boolean true Support for blacklisting signed JAR files that contain serious security vulnerabilities. deployment.security.blacklist.check is used to toggle this behaviour. For more information visit Blacklist Feature.
deployment.security.revocation.check String ALL_CERTIFICATES
  • "PUBLISHER_ONLY" checks only the certificate that the publisher used to sign the application.
  • "ALL_CERTIFICATES" checks all certificates in the certificate chain.
  • "NO_CHECK" (not recommended) suppresses the check for certificates that have been revoked.
deployment.security.validation.ocsp Boolean true Specifies whether Online Certificate Status Protocol is enabled.
deployment.security.validation.ocsp.url String null Specifies a url string pointing to an OCSP response server.
deployment.security.validation.ocsp.signer String null Points to a OCSP response singer certificate subject name.
deployment.security.validation.crl Boolean true Specifies whether to use certificate revocation list.
deployment.security.validation.crl.url String null Specifies a URL in the Certificate Revocation List to perform a certificate validation.
deployment.security.validation.clockskew int 900 Acceptable time difference, in seconds, between the system clock and the clock on the server used for revocation checks. If the property is not set, or the value is negative, the default of 900 seconds (15 minutes) is used.
deployment.security.validation.timeout int 15 Maximum time, in seconds, that the system attempts to connect to the server for revocation checks before timing out. If the property is not set, or the value is negative, the default of 15 seconds is used. To never time out, set the property to 0.
deployment.security.authenticator
Boolean true Normally Plug-in and Web Start install an Authenticator to handle communication with Authenticating web pages or Authenticating proxies. This is the default behavior (true). This option can be used to turn the normal behavior off if, for example, an application communicates itself with an authenticating web page and needs to install it's own Authenticator.

Networking

Property Key Type Default Value Description

deployment.proxy.type

int 3 for PROX_TYPE_BROWSER

This is for the type of proxy that should be use. The choices are:

PROX_TYPE_UNKNOWN = -1;
PROX_TYPE_NONE = 0;
PROX_TYPE_MANUAL = 1;
PROX_TYPE_AUTO = 2; and
PROX_TYPE_BROWSER = 3;

deployment.proxy.same

Boolean false This parameter (true) says to use the same web server and port for https and ftp as is configured for http. (This is only valid if deployment.proxy.type = PROX_TYPE_MANUAL.)
deployment.proxy.auto.config.url String (no default) URL for auto-Auto proxy configuration JavaScript.proxy configuration JavaScript.
deployment.proxy.bypass.list String (no default) List of host names that should bypass the proxy. Each host name is delimited by a comma in the property; e.g., "192.168.1.100,localhost,example.com"
deployment.proxy.bypass.local String (no default)

All local hosts should be bypassed.

deployment.proxy.http.host String (no default) HTTP proxy hostname.
deployment.proxy.http.port String (no default) HTTP proxy port.
deployment.proxy.https.host String (no default) HTTPS proxy hostname.
deployment.proxy.https.port String (no default) HTTPS proxy port.
deployment.proxy.ftp.host String (no default) FTP proxy hostname.
deployment.proxy.ftp.port String (no default) FTP proxy port.
deployment.proxy.socks.host String (no default) SOCKS v4 proxy hostname.
deployment.proxy.socks.port String (no default) SOCKS v4 proxy port.
deployment.proxy.override.hosts
String "" Proxy overridden list.

Cache and Optional Package Repository

Property Key Type Default Value Description
deployment.cache.max.size
int "-1"

Maximum size of deployment cache in MB. This is the cache size for each cache: Java Web Start and Java Plug-in.

"0"-Disables caching in Java Plug-in; cache size in Java Web Start will be unlimited.

"-1"-For unlimited cache size.

deployment.cache.jarcompression
String 0

0-9 compression ratio to be used in applet jar compression.

deployment.javapi.cache.enabled
Boolean false Specifies if cache should be disabled. false means it should not be disabled.

Java Console

Property Key Type Default Value Description

deployment.console.startup.mode

String

"HIDE"

The choices are:

  • "HIDE" to hide the Java Console;
  • "SHOW" to show the Java Console;
  • "DISABLE" to disable the Java Console;

Tracing and Logging

Property Key Type Default Value Description
deployment.trace Boolean false Enable tracing.
deployment.log
Boolean false Enable logging.

Java Web Start: JNLP Association

Property Key Type Default Value Description
deployment.javaws.associations int 2

The JNLP associations. The choices are:

ASSOCIATION_NEVER = 0;
ASSOCIATION_NEW_ONLY = 1;
ASSOCIATION_ASK_USER = 2;
ASSOCIATION_REPLACE_ASK = 3;

Java Web Start: Desktop Integration

Property Key Type Default Value Description


deployment.javaws.shortcut

String "ASK_IF_HINTED"

This relates to creating a desktop shortcut for Java Web Start. The choices are:

  • "NEVER"
  • "ALWAYS"
  • "ASK_USER"
  • "ASK_IF_HINTED"
  • "ALWAYS_IF_HINTED"

Browser selection and path

Property Key Type Default Value Description

deployment.browser.path

String "<No Browser Selected>"

This is the path to the browser for showing web pages from the application viewer, the About Box, and Web Start applications.

Note that this property is used for Solaris and Linux only. On Widows, this property is ignored, and the default browser is determined the same way it is by any other application that launches a browser on Windows.

Check for update Timeout

Property Key Type Default Value Description
deployment.javaws.update.timeout int 500 Units are milliseconds.

Oracle and/or its affiliates Copyright © 1993, 2014, Oracle and/or its affiliates. All rights reserved.
Contact Us