Home Original page

System- and User-Level Properties

The deployment.properties file is used for storing and retrieving deployment configuration properties in the Java Control Panel. They are also used for customizing runtime behavior for both Java Plug-in and Java Web Start.

There is always a User-Level deployment.properties file. Its location, which is non-configurable, is described below. There may also be an (optional) System-Level deployment.properties file. If it exists, its location is determined by a System Administrator through the deployment.config file as described below.

For user jsmith running on Windows 2000/XP, the deployment.properties file would be located as follows:

For user bjones running on Unix, the deployment.properties file would be located as follows:

The deployment.config file is used for specifying the System-Level deployment.properties in the infrastructure. By default no deployment.config file exists; thus, no system-wide deployment.properties file exists. If deployment.config exists, it is located either here

(${deployment.java.home} is the location of the jre from which the deployment products are run. Deployment products include Java Web Start, Java Plug-in, Java Control Panel ...)

deployment.config (if it exists) contains two properties: deployment.system.config and deployment.system.config.mandatory.

deployment.system.config is the URL to the system (enterprise-wide) deployment.properties file. It can be used by system administrators to centrally administrate or "lock-down" user-specific configuration settings.

deployment.system.config.mandatory is a boolean. The default is false. If false, there will be an attempt to load the deployment.properties file pointed to by the deployment.system.config URL. If the URL can be found and loaded, it will be used. If true, there will likewise be an attempt to load the system deployment.properties file pointed to by the deployment.system.config URL. If the URL can be found and loaded, it will be used; but if it cannot be found or loaded, then nothing will be allowed to run.

The following table describes the properties that can be set in the deployment.properties file.

Property Key

Type

Default Value

Description

 

Infrastructure

deployment.user.cachedir
String "$USER_HOME" +
File.separator + "cache" User-level cache directory. deployment.system.cachedir
String null System-level cache directory. deployment.user.logdir String "$USER_HOME" + File.separator + "log" User-level log directory. deployment.user.tmp
String "$USER_HOME" +
File.separator + "tmp"; Temporary user directory.

Certificate stores and policy files

deployment.user.security.policy
String "file://$USER_HOME/security/java.policy"

User-level security policy file. The protocol of URL is either file, HTTP, or HTTPS.

deployment.user.security.trusted.cacerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.cacerts";

User-level Root CA certificate store.

deployment.user.security.trusted.jssecacerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.jssecacerts"

User-level JSSE CA certificate store.

deployment.user.security.trusted.certs

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.certs"

User-level Trusted signer certificate store.

deployment.user.security.trusted.jssecerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.jssecerts";

User-level Trusted JSSE certificate store.

deployment.user.security.trusted.clientauthcerts

String "$USER_HOME" + File.separator + "security" + File.separator + "trusted.clientcerts"

User-level Client Authentication certificate store.

deployment.system.security.policy

String null

System-level security policy file. The protocol of URL is either file, HTTP, or HTTPS.

deployment.system.security.cacerts

String "$JAVA_HOME" + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"

System-level Root CA certificate store.

deployment.system.security.jssecacerts

String "$JAVA_HOME" + File.separator + "lib" + File.separator + "security" + File.separator + "jssecacerts";

System-level JSSE CA certificate store.

deployment.system.security.trusted.certs

String "$SYSTEM_HOME" + File.separator + "security" + File.separator + "trusted.certs"

System-level Signer certificate store.

deployment.system.security.trusted.jssecerts

String "$SYSTEM_HOME" + File.separator + "security" + File.separator + "trusted.jssecerts"

System-level JSSE certificate store.

deployment.system.security.trusted.clientauthcerts

String "$SYSTEM_HOME" + File.separator + "security" + File.separator + "trusted.clientcerts"

System-level Client Authentication certificate store.

Security Access And Control settings

deployment.security.askgrantdialog.show

String true Must be "true" if the user is allowed to grant permissions at all.

deployment.security.askgrantdialog.notinca

String true Must be "true" if the user is allowed to grant permissions to certificates that are not issued by a CA in the Root/JSSE CA certificate store.

deployment.security.jsse.hostmismatch.warning

String true Must be "true" for JSSE HTTPS certificate verification to show host-mismatch warning.

deployment.security.trusted.policy

String ""

Policy file contains the ceiling policy of permissions granted to trusted applications and applets. By default this is all permissions, but by using this configuration setting, a user or enterprise can configure a lesser set of permissions.

deployment.security.mixcode

String ENABLE "ENABLE" enables the software to test for mixing trusted and untrusted code and, when potentially unsafe components are detected, raises a warning dialog. "HIDE_RUN" suppresses the warning dialog and, if potentially unsafe components are detected, behaves as if the user had clicked No in the warning dialog – the applet or application continues running with some added protections. "HIDE_CANCEL" suppresses the warning dialog and behaves as if the user had clicked Yes in the warning dialog – potentially unsafe components are blocked from running and the program may terminate. "DISABLE" (not recommended) disables the software from checking for mixing trusted and untrusted code, leaving the user to run potentially unsafe code with no warning and without the additional protections.

deployment.security.sandbox.awtwarningwindow

String true "true" if the sandbox has awtShowWindowWithoutWarning.

deployment.security.sandbox.jnlp.enhanced

String true Must be "true" for the user to see and accept JNLP api security dialogs. deployment.security.validation.ocsp Boolean false Specifies whether Online Certificate Status Protocol is enabled. deployment.security.validation.ocsp.url String null Specifies a url string pointing to an OCSP response server. deployment.security.validation.ocsp.signer String null Points to a OCSP response singer certificate subject name. deployment.security.validation.crl Boolean false Specifies whether to use certificate revocation list. deployment.security.validation.crl.url String null Specifies a URL in the Certificate Revocation List to perform a certificate validation. deployment.security.authenticator
String true Normally plugin and webstart install an Authenticator to handle communication with Authenticating webpages or Authenticating proxies. This is the default behavior (true). This option can be used to turn the normal behavior off if, for example, an application communicates itself with an authenticating web page and needs to install it's own Authenticator.

Networking

deployment.proxy.type

int 3 for PROX_TYPE_BROWSER

This is for the type of proxy that should be use. The choices are:

PROX_TYPE_UNKNOWN = -1;
PROX_TYPE_NONE = 0;
PROX_TYPE_MANUAL = 1;
PROX_TYPE_AUTO = 2; and
PROX_TYPE_BROWSER = 3;

deployment.proxy.same

boolean false This parameter (true) says to use the same web server and port for https and ftp as is configured for http. (This is only valid if deployment.proxy.type = PROX_TYPE_MANUAL.)
deployment.proxy.auto.config.url   String (no default) URL for auto-Auto proxy configuration JavaScript.proxy configuration JavaScript. deployment.proxy.bypass.list String (no default) List of hostnames that should bypass the proxy. Each hostname is delimited by a comma in the property; e.g., "192.168.1.100,localhost,sun.com" deployment.proxy.bypass.local   String (no default)

All local hosts should be bypassed.

deployment.proxy.http.host   String (no default) HTTP proxy hostname. deployment.proxy.http.port   String (no default) HTTP proxy port. deployment.proxy.https.host    String (no default) HTTPS proxy hostname. deployment.proxy.https.port String (no default) HTTPS proxy port. deployment.proxy.ftp.host   String (no default) FTP proxy hostname. deployment.proxy.ftp.port   String (no default) FTP proxy port. deployment.proxy.socks.host   String (no default) SOCKS v4 proxy hostname. deployment.proxy.socks.port   String (no default) SOCKS v4 proxy port. deployment.proxy.override.hosts
String "" Proxy overridden list.

Cache and Optional Package Repository

deployment.cache.max.size
String "-1"

Maximum size of deployment cache in MB. This is the cache size for each cache: Java Web Start and Java Plug-in.

"0"—Disables caching in Java Plug-in; cache size in Java Web Start will be unlimited.

"-1"—For unlimited cache size.

deployment.cache.jarcompression
String 0

0-9 compression ratio to be used in applet jar compression.

deployment.javapi.cache.enabled
String false Specifies if cache should be disabled. false means it should not be disabled.

Java Console

deployment.console.startup.mode

String

"HIDE"

The choices are:

  • "HIDE" to hide the Java Console;
  • "SHOW" to show the Java Console;
  • "DISABLE" to disable the Java Console;

Tracing and Logging

deployment.trace   String false Enbable tracing. deployment.log
String false Enable logging.

Java Web Start: JNLP Association

deployment.javaws.associations   int 2

The JNLP associations. The choices are:

ASSOCIATION_NEVER = 0;
ASSOCIATION_NEW_ONLY = 1;
ASSOCIATION_ASK_USER = 2;
ASSOCIATION_REPLACE_ASK = 3;

Java Web Start: Desktop Integration


deployment.javaws.shortcut

String "ASK_IF_HINTED"

This relates to creating a desktop shortcut for Java Web Start. The choices are:

  • "NEVER"
  • "ALWAYS"
  • "ASK_USER"
  • "ASK_IF_HINTED"
  • "ALWAYS_IF_HINTED"

Java Web Start JRE Selections

deployment.javaws.installURL

String "http://java.sun.com/products/autodl/j2se"

The autodownload URL.

Java Web Start JRE management

deployment.javaws.autodownload

String "ALWAYS"

This sets the choices for autodownloading. The choices are:

  • "ALWAYS"
  • "PROMPT"
  • "NEVER"

Browser selection and path

String "<No Browser Selected>"

This is the path to the browser for showing web pages from the application viewer, the About Box, and webstart applications.

Note that this property is used for Solaris and Linux only. On Widows, this property is ignored, and the default browser is determined the same way it is by any other application that launches a browser on Windows.

Check for update Timeout

deployment.javaws.update.timeout   
int 500 Units are miliseconds.