Java Platform, Standard Edition Deployment Guide
Contents Previous Next
21 Deployment Configuration File and Properties
This topic describes system and user properties that can be set to configure the deployment process.
The deployment.properties
file is used for storing and retrieving deployment configuration properties shown in the Java Control Panel. The properties are also used for customizing runtime behavior for both Java Plug-in and Java Web Start.
This topic contains the following sections:
21.1 Deployment Configuration File (deployment.properties)
A user-level deployment.properties
file always exists. Its location, which is non-configurable, is described in User Level. There can also be an optional system-level deployment.properties
file. If it exists, its location is determined by a System Administrator through the deployment.config
file, described in System Level.
21.1.1 User Level
The following table shows the location of the user-level deployment.properties
file.
Table 21-1 Location of the User-Level Deployment Configuration File
Operating System | Location |
---|---|
Windows |
|
Solaris, Linux |
|
OS X |
|
On Windows, <User Application Data Folder>
is typically C:\Users\
username. On Solaris and Linux, ${user.home}
is typically /home/
username. On OS X, the tilde (~) represents the home directory, which is typically /Users/
username.
The following locations provide examples for each operating system:
For user
jsmith
running on Windows 7, thedeployment.properties
file would be located in the following directory:C:\Users\jsmith\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
For user
bjones
running on Solaris or Linux, thedeployment.properties
file would be located in the following directory:/home/bjones/.java/deployment/deployment.properties
For user
jdoe
running on OS X, thedeployment.properties
file would be located in the following directory:/Users/jdoe/Library/Application Support/Oracle/Java/Deployment/deployment.properties
21.1.2 System Level
The deployment.config
file is used for specifying the system-level deployment.properties
in the infrastructure. By default no deployment.config
file exists, so no system-wide deployment.properties
file exists. If the deployment.config
file exists, it is located in one of the directories shown in the following table.
Table 21-2 Location of the System-Level Deployment Configuration File
Operating System | Location |
---|---|
Windows |
|
Solaris, Linux |
|
OS X |
|
${deployment.java.home}
is the location of the JRE from which the deployment products are run. Deployment products include Java Web Start, Java Plug-in, Java Control Panel, and others.
The deployment.config
file contains two properties: deployment.system.config
and deployment.system.config.mandatory
.
The deployment.system.config
property is the URL to the system (enterprise-wide) deployment.properties
file. This property can be used by system administrators to centrally administer or "lock-down" user-specific configuration settings. For local files, use the file
protocol in the URL, for example, file:///C:/Windows/Sun/Java/Deployment/deployment.properties
.
The deployment.system.config.mandatory
property is a boolean. If set to true
, the deployment.properties
file that is pointed to by the deployment.system.config
property must be found and successfully loaded, otherwise, nothing is allowed to run. If the property is set to false
, an attempt is made to find and load the deployment. properties file that is pointed to by the deployment.system.config
property. If successful, the file is used, otherwise, the file is ignored. The default for the deployment.system.config.mandatory
property is false
.
21.2 Deployment Configuration Properties
The following tables describe the properties that can be set in the deployment.properties
file.
Note: Any system deployment property, for exampleSomeKey=SomeValue , can be locked by including another key, SomeKey.locked . The key SomeKey.locked does not require a value, when the key is present, the property SomeKey=SomeValue is locked so that the user cannot change it. If a system deployment property is not locked, then a user is allowed to change it. |
21.2.1 Infrastructure
Table 21-3 Configuration Properties Related to Infrastructure
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.user.cachedir |
String |
|
User-level cache directory. |
deployment.system.cachedir |
String |
null |
System-level cache directory. |
deployment.user.logdir |
String |
|
User-level log directory. |
21.2.2 Certificate stores and policy files
Table 21-4 Configuration Properties Related to Certificate Stores and Policy Files
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.user.security.trusted.cacerts |
String |
|
User-level Root CA certificate store. |
deployment.user.security.trusted.jssecacerts |
String |
|
User-level JSSE CA certificate store. |
deployment.user.security.trusted.certs |
String |
|
User-level Trusted signer certificate store. |
deployment.user.security.trusted.jssecerts |
String |
|
User-level Trusted JSSE certificate store. |
deployment.user.security.trusted.clientauthcerts |
String |
|
User-level Client Authentication certificate store. |
deployment.user.security.exception.sites |
String |
|
Location of the exception site list. See Chapter 29, "Exception Site List" for information. |
deployment.system.security.policy |
String |
null |
System-level security policy file. The protocol of URL is either file, HTTP, or HTTPS. |
deployment.system.security.cacerts |
String |
|
System-level Root CA certificate store. |
deployment.system.security.jssecacerts |
String |
|
System-level JSSE CA certificate store. |
deployment.system.security.trusted.certs |
String |
|
System-level Signer certificate store. |
deployment.system.security.trusted.jssecerts |
String |
|
System-level JSSE certificate store. |
deployment.system.security.trusted.clientauthcerts |
String |
|
System-level Client Authentication certificate store. |
21.2.3 Security Access And Control Settings
Table 21-5 Configuration Properties Related to Security Access and Control
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.security.level |
String |
|
Security level setting. The following values are valid:
|
deployment.webjava.enabled |
Boolean |
|
Set to |
deployment.insecure.jres |
String |
|
Setting for insecure JRE prompt. The following values are valid:
|
deployment.expiration.check.enabled |
Boolean |
|
Set to Note: To ensure that the expiration check is disabled, use the |
deployment.security.askgrantdialog.show |
Boolean |
|
Set to |
deployment.security.askgrantdialog.notinca |
Boolean |
|
Set to |
deployment.security.jsse.hostmismatch.warning |
Boolean |
|
Set to |
deployment.security.trusted.policy |
String |
"" |
Policy file that contains the ceiling policy of permissions granted to trusted applications and applets. The default is all permissions. Use this property to configure a lesser set of permissions. |
deployment.security.mixcode |
String |
|
Setting for mixed mode. The following values are valid:
|
deployment.security.sandbox.awtwarningwindow |
Boolean |
|
|
deployment.security.sandbox.jnlp.enhanced |
Boolean |
|
Set to |
deployment.security.sandbox.selfsigned |
String |
|
Setting for the prompt to run self-signed code in the sandbox. The following values are valid:
|
deployment.security.sandbox.casigned |
String |
|
Setting to enable users to turn off future prompts for a signed app running in the sandbox. The following values are valid:
|
deployment.security.blacklist.check |
Boolean |
|
Support for blacklisting signed JAR files that contain serious security vulnerabilities. This property is used to toggle this behavior. For more information see Blacklist Feature. |
deployment.security.revocation.check |
String |
|
Setting for revocation checks. The following values are valid:
|
deployment.security.validation.ocsp |
Boolean |
|
Specifies whether Online Certificate Status Protocol is enabled. |
deployment.security.validation.ocsp.url |
String |
null |
Specifies a URL string pointing to an OCSP response server. |
deployment.security.validation.ocsp.signer |
String |
null |
Points to a OCSP response signer certificate subject name. |
deployment.security.validation.crl |
Boolean |
|
Specifies whether to use certificate revocation list. |
deployment.security.validation.crl.url |
String |
null |
Specifies a URL in the Certificate Revocation List to perform a certificate validation. |
deployment.security.validation.clockskew |
int |
900 |
Acceptable time difference, in seconds, between the system clock and the clock on the server used for revocation checks. If the property is not set, or the value is negative, the default of 900 seconds (15 minutes) is used. |
deployment.security.validation.timeout |
int |
15 |
Maximum time, in seconds, that the system attempts to connect to the server for revocation checks before timing out. If the property is not set, or the value is negative, the default of 15 seconds is used. To never time out, set the property to 0. |
deployment.security.authenticator |
Boolean |
|
Normally Plug-in and Web Start install an Authenticator to handle communication with Authenticating web pages or Authenticating proxies. This is the default behavior (true). This option can be used to turn the normal behavior off if, for example, an application communicates directly with an authenticating web page and needs to install its own Authenticator. |
21.2.4 Networking
Table 21-6 Configuration Properties Related to Networking
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.proxy.type |
int |
3 for |
Type of proxy that should be used. The following values are valid:
|
deployment.proxy.same |
Boolean |
|
Set to |
deployment.proxy.auto.config.url |
String |
(no default) |
URL for auto-Auto proxy configuration JavaScript.proxy configuration JavaScript. |
deployment.proxy.bypass.list |
String |
(no default) |
List of host names that should bypass the proxy. Each host name is delimited by a comma in the property, for example, |
deployment.proxy.bypass.local |
String |
(no default) |
All local hosts should be bypassed. |
deployment.proxy.http.host |
String |
(no default) |
HTTP proxy host name. |
deployment.proxy.http.port |
String |
(no default) |
HTTP proxy port. |
deployment.proxy.https.host |
String |
(no default) |
HTTPS proxy host name. |
deployment.proxy.https.port |
String |
(no default) |
HTTPS proxy port. |
deployment.proxy.ftp.host |
String |
(no default) |
FTP proxy host name. |
deployment.proxy.ftp.port |
String |
(no default) |
FTP proxy port. |
deployment.proxy.socks.host |
String |
(no default) |
SOCKS v4 proxy host name. |
deployment.proxy.socks.port |
String |
(no default) |
SOCKS v4 proxy port. |
deployment.proxy.override.hosts |
String |
"" |
Proxy overridden list. |
21.2.5 Cache and Optional Package Repository
Table 21-7 Configuration Properties Related to Cache and Optional Package Repository
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.cache.max.size |
int |
-1 |
Maximum size of the deployment cache in megabytes (MB). This is the cache size for each cache: Java Web Start and Java Plug-in. 0: Disables caching in Java Plug-in; cache size in Java Web Start will be unlimited. -1: Indicates unlimited cache size. |
deployment.cache.jarcompression |
String |
0 |
0-9 compression ratio to use in applet JAR compression. |
deployment.javapi.cache.enabled |
Boolean |
|
Specifies if the cache should be disabled. Set to |
21.2.8 Java Web Start
Table 21-10 Configuration Properties Related to Java Web Start
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.javaws.associations |
int |
2 |
JNLP associations. The following values are valid:
|
deployment.javaws.shortcut |
String |
|
Create a desktop shortcut for Java Web Start. The following values are valid:
|
21.2.9 Browser Selection and Path
Table 21-11 Configuration Properties Related to Browser Selection and Path
Property Key | Type | Default Value | Description |
---|---|---|---|
deployment.browser.path |
String |
<No Browser Selected> |
Path to the browser for showing web pages from the application viewer, the About Box, and Java Web Start applications. Note that this property is used for Solaris and Linux only. On Windows, this property is ignored, and the default browser is determined in the same way as other applications that launches a browser on Windows. |
21.2.11 SSLv3 is disabled by default
It should be noted that SSLv3 is obsolete and should no longer be used. See //blogs.oracle.com/security/entry/information_about_ssl_poodle_vulnerability
. Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default.
If the user needs to use SSLv3 for applications, see the procedure to re-enable SSLv3 at http://docs.oracle.com/javase/8/docs/technotes/guides/security//SunProviders.html#enable-sslv3
.
More information about how to configure specific protocols can be found at:
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html