This topic describes system and user properties that can be set to configure applications deployed with Java Web Start or Java Plug-in.
The deployment.properties file is used
for storing and retrieving deployment configuration properties
shown in the Java Control Panel. The properties are also used for
customizing runtime behavior for both Java Plug-in and Java Web
Start.
This topic contains the following sections:
(deployment.properties)A user-level deployment.properties file
always exists. Its location, which is non-configurable, is
described in User Level. There can also
be an optional system-level deployment.properties file. If it exists, its
location is determined by a System Administrator through the
deployment.config file, described in
System Level.
The following table shows the location of the user-level
deployment.properties file.
Table 21-1 Location of the User-Level Deployment Configuration File
| Operating System | Location | 
|---|---|
| Windows | 
 | 
| Solaris, Linux | 
 | 
| OS X | 
 | 
On Windows, <User Application Data
Folder> is typically C:\Users\username. On Solaris and
Linux, ${user.home} is typically
/home/username. On OS X, the
tilde (~) represents the home directory, which is typically
/Users/username.
The following locations provide examples for each operating system:
For user jsmith running on Windows 7,
the deployment.properties file would be
located in the following directory:
C:\Users\jsmith\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
For user bjones running on Solaris or
Linux, the deployment.properties file
would be located in the following directory:
/home/bjones/.java/deployment/deployment.properties
For user jdoe running on OS X, the
deployment.properties file would be
located in the following directory:
/Users/jdoe/Library/Application
Support/Oracle/Java/Deployment/deployment.properties
The deployment.config file is used for
specifying the system-level deployment.properties in the infrastructure. By
default no deployment.config file exists,
so no system-wide deployment.properties
file exists. If the deployment.config file
exists, it is located in one of the directories shown in the
following table.
Table 21-2 Location of the System-Level Deployment Configuration File
| Operating System | Location | 
|---|---|
| Windows | 
 | 
| Solaris, Linux | 
 | 
| OS X | 
 | 
${deployment.java.home} is the location
of the JRE from which the deployment products are run. Deployment
products include Java Web Start, Java Plug-in, Java Control
Panel, and others.
The deployment.config file contains two
properties: deployment.system.config and
deployment.system.config.mandatory.
The deployment.system.config property
is the URL to the system (enterprise-wide) deployment.properties file. This property can be
used by system administrators to centrally administer or
"lock-down" user-specific configuration settings. For local
files, use the file protocol in the URL,
for example, file:///C:/Windows/Sun/Java/Deployment/deployment.properties.
| Note:If the format for the fileprotocol that
is shown in the example does not work for you, try one of the
following alternative formats:
 | 
The deployment.system.config.mandatory
property is a boolean. If set to true, the
deployment.properties file that is pointed
to by the deployment.system.config
property must be found and successfully loaded, otherwise,
nothing is allowed to run. If the property is set to false, an attempt is made to find and load the
deployment. properties file that is pointed to by the deployment.system.config property. If successful,
the file is used, otherwise, the file is ignored. The default for
the deployment.system.config.mandatory
property is false.
The following tables describe the properties that can be set
in the deployment.properties file.
| Note:Any system deployment property, for example SomeKey=SomeValue, can be locked by including
another key,SomeKey.locked. The keySomeKey.lockeddoes not require a value,
when the key is present, the propertySomeKey=SomeValueis locked so that the user cannot
change it. If a system deployment property is not locked, then a
user is allowed to change it. | 
Table 21-3 Configuration Properties Related to Infrastructure
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.user.cachedir | String | 
 | User-level cache directory. | 
| deployment.system.cachedir | String | null | System-level cache directory. | 
| deployment.user.logdir | String | 
 | User-level log directory. | 
Table 21-4 Configuration Properties Related to Certificate Stores and Policy Files
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.user.security.trusted.cacerts | String | 
 | User-level Root CA certificate store. | 
| deployment.user.security.trusted.jssecacerts | String | 
 | User-level JSSE CA certificate store. | 
| deployment.user.security.trusted.certs | String | 
 | User-level Trusted signer certificate store. | 
| deployment.user.security.trusted.jssecerts | String | 
 | User-level Trusted JSSE certificate store. | 
| deployment.user.security.trusted.clientauthcerts | String | 
 | User-level Client Authentication certificate store. | 
| deployment.user.security.exception.sites | String | 
 | Location of the exception site list. See Chapter 29, "Exception Site List" for information. | 
| deployment.system.security.policy | String | null | System-level security policy file. The protocol of URL is either file, HTTP, or HTTPS. | 
| deployment.system.security.cacerts | String | 
 | System-level Root CA certificate store. | 
| deployment.system.security.jssecacerts | String | 
 | System-level JSSE CA certificate store. | 
| deployment.system.security.trusted.certs | String | 
 | System-level Signer certificate store. | 
| deployment.system.security.trusted.jssecerts | String | 
 | System-level JSSE certificate store. | 
| deployment.system.security.trusted.clientauthcerts | String | 
 | System-level Client Authentication certificate store. | 
Table 21-5 Configuration Properties Related to Security Access and Control
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.security.level | String | 
 | Security level setting. The following values are valid: 
 | 
| deployment.webjava.enabled | Boolean | 
 | Set to  | 
| deployment.insecure.jres | String | 
 | Setting for insecure JRE prompt. The following values are valid: 
 | 
| deployment.expiration.check.enabled | Boolean | 
 | Set to  Note: To ensure that the expiration check is disabled,
use the  | 
| deployment.security.askgrantdialog.show | Boolean | 
 | Set to  | 
| deployment.security.askgrantdialog.notinca | Boolean | 
 | Set to  | 
| deployment.security.jsse.hostmismatch.warning | Boolean | 
 | Set to  | 
| deployment.security.trusted.policy | String | "" | Policy file that contains the ceiling policy of permissions granted to trusted applications and applets. The default is all permissions. Use this property to configure a lesser set of permissions. | 
| deployment.security.mixcode | String | 
 | Setting for mixed mode. The following values are valid: 
 | 
| deployment.security.sandbox.awtwarningwindow | Boolean | 
 | 
 | 
| deployment.security.sandbox.jnlp.enhanced | Boolean | 
 | Set to  | 
| deployment.security.sandbox.selfsigned | String | 
 | Setting for the prompt to run self-signed code in the sandbox. The following values are valid: 
 | 
| deployment.security.sandbox.casigned | String | 
 | Setting to enable users to turn off future prompts for a signed app running in the sandbox. The following values are valid: 
 | 
| deployment.security.blacklist.check | Boolean | 
 | Support for blacklisting signed JAR files that contain serious security vulnerabilities. This property is used to toggle this behavior. For more information see Blacklist Feature. | 
| deployment.security.revocation.check | String | 
 | Setting for revocation checks. The following values are valid: 
 | 
| deployment.security.validation.ocsp | Boolean | 
 | Specifies whether Online Certificate Status Protocol is enabled. | 
| deployment.security.validation.ocsp.url | String | null | Specifies a URL string pointing to an OCSP response server. | 
| deployment.security.validation.ocsp.signer | String | null | Points to a OCSP response signer certificate subject name. | 
| deployment.security.validation.crl | Boolean | 
 | Specifies whether to use certificate revocation list. | 
| deployment.security.validation.crl.url | String | null | Specifies a URL in the Certificate Revocation List to perform a certificate validation. | 
| deployment.security.validation.clockskew | int | 900 | Acceptable time difference, in seconds, between the system clock and the clock on the server used for revocation checks. If the property is not set, or the value is negative, the default of 900 seconds (15 minutes) is used. | 
| deployment.security.validation.timeout | int | 15 | Maximum time, in seconds, that the system attempts to connect to the server for revocation checks before timing out. If the property is not set, or the value is negative, the default of 15 seconds is used. To never time out, set the property to 0. | 
| deployment.security.authenticator | Boolean | 
 | Normally Plug-in and Web Start install an Authenticator to handle communication with Authenticating web pages or Authenticating proxies. This is the default behavior (true). This option can be used to turn the normal behavior off if, for example, an application communicates directly with an authenticating web page and needs to install its own Authenticator. | 
Table 21-6 Configuration Properties Related to Networking
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.proxy.type | int | 3 for  | Type of proxy that should be used. The following values are valid: 
 | 
| deployment.proxy.same | Boolean | 
 | Set to  | 
| deployment.proxy.auto.config.url | String | (no default) | URL for auto-Auto proxy configuration JavaScript.proxy configuration JavaScript. | 
| deployment.proxy.bypass.list | String | (no default) | List of host names that should bypass the proxy. Each host
name is delimited by a comma in the property, for example,
 | 
| deployment.proxy.bypass.local | String | (no default) | All local hosts should be bypassed. | 
| deployment.proxy.http.host | String | (no default) | HTTP proxy host name. | 
| deployment.proxy.http.port | String | (no default) | HTTP proxy port. | 
| deployment.proxy.https.host | String | (no default) | HTTPS proxy host name. | 
| deployment.proxy.https.port | String | (no default) | HTTPS proxy port. | 
| deployment.proxy.ftp.host | String | (no default) | FTP proxy host name. | 
| deployment.proxy.ftp.port | String | (no default) | FTP proxy port. | 
| deployment.proxy.socks.host | String | (no default) | SOCKS v4 proxy host name. | 
| deployment.proxy.socks.port | String | (no default) | SOCKS v4 proxy port. | 
| deployment.proxy.override.hosts | String | "" | Proxy overridden list. | 
Table 21-7 Configuration Properties Related to Cache and Optional Package Repository
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.cache.max.size | int | -1 | Maximum size of the deployment cache in megabytes (MB). This is the cache size for each cache: Java Web Start and Java Plug-in. 0: Disables caching in Java Plug-in; cache size in Java Web Start will be unlimited. -1: Indicates unlimited cache size. | 
| deployment.cache.jarcompression | String | 0 | 0-9 compression ratio to use in applet JAR compression. | 
| deployment.javapi.cache.enabled | Boolean | 
 | Specifies if the cache should be disabled. Set to  | 
Table 21-10 Configuration Properties Related to Java Web Start
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.javaws.associations | int | 2 | JNLP associations. The following values are valid: 
 | 
| deployment.javaws.shortcut | String | 
 | Create a desktop shortcut for Java Web Start. The following values are valid: 
 | 
Table 21-11 Configuration Properties Related to Browser Selection and Path
| Property Key | Type | Default Value | Description | 
|---|---|---|---|
| deployment.browser.path | String | <No Browser Selected> | Path to the browser for showing web pages from the application viewer, the About Box, and Java Web Start applications. Note that this property is used for Solaris and Linux only. On Windows, this property is ignored, and the default browser is determined in the same way as other applications that launches a browser on Windows. | 
It should be noted that SSLv3 is obsolete and should no longer
be used. See 
https://blogs.oracle.com/security/entry/information_about_ssl_poodle_vulnerability.
Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket
Layer) has been deactivated and is not available by default.
If the user needs to use SSLv3 for applications, see the
procedure to re-enable SSLv3 at 
http://docs.oracle.com/javase/8/docs/technotes/guides/security//SunProviders.html#enable-sslv3.
More information about how to configure specific protocols can be found at:
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html