Configure Java Deployment with PropertiesTag(s): Environment


User level
The deployment.properties file is used for storing and retrieving deployment configuration properties shown in the Java Control Panel. The properties are also used for customizing runtime behavior for both Java Plug-in and Java Web Start.

Location of the deployment.properties :

  • Windows - <User Application Data Folder>\LocalLow\Sun\Java\Deployment\deployment.properties
  • Linux - ${user.home}/.java/deployment/deployment.properties
  • OS X - ~/Library/Application Support/Oracle/Java/Deployment/deployment.properties
On the Windows, <User Application Data Folder> is typically C:\Users\<your username>\AppData (or %APPDATA%) which is hidden by default.

ref : Oracle Java documentation

List of possible deployment properties

#deployment.properties  https://gist.githubusercontent.com/MyITGuy/9628895/raw/3727348918e036baf69059181e8b4567462d41d3/Deployment.Properties.txt

# Security Tab
# Enable Java content in the browser
deployment.webjava.enabled=true
deployment.webjava.enabled.locked
# Security Level
deployment.security.level=MEDIUM
deployment.security.level.locked

# Advanced Tab
# Debugging\Enable tracing
deployment.trace=false
deployment.trace.locked
# Debugging\Enable logging
deployment.log=false
deployment.log.locked
# Debugging\Show applet lifecycle exceptions
deployment.javapi.lifecycle.exception=false
deployment.javapi.lifecycle.exception.locked
# Java console
deployment.console.startup.mode.locked
deployment.console.startup.mode=HIDE
# Default Java for browsers\Microsoft Internet Explorer
deployment.browser.vm.iexplorer=true
deployment.browser.vm.iexplorer.locked
# Default Java for browsers\Mozilla family
deployment.browser.vm.mozilla.locked
deployment.browser.vm.mozilla=false
# Java Plug-in\Enable the next-generation Java Plug-in (requires browser restart)
# This must be done by executing one of the following commands as an administrator:
# [Disable]     - {JREInstallPath}\bin\ssvagent.exe -high -jpisetup -old
# [Enable]      - {JREInstallPath}\bin\ssvagent.exe -high -jpisetup -new
# Shortcut Creation
deployment.javaws.shortcut=ASK_IF_HINTED
deployment.javaws.shortcut.locked
# JNLP File/MIME Association
deployment.javaws.associations=ASK_USER
deployment.javaws.associations.locked
# Application Installation
deployment.javaws.install=IF_HINT
deployment.javaws.install.locked
#JRE Auto-Download
deployment.javaws.autodownload=NEVER
deployment.javaws.autodownload.locked
# Security Execution Environment\Enable granting elevated access to signed apps
# aka. Allow user to grant permissions to signed content
deployment.security.askgrantdialog.show=true
deployment.security.askgrantdialog.show.locked
# Security Execution Environment\Enable granting elevated access to self-signed apps
deployment.security.askgrantdialog.notinca=true
deployment.security.askgrantdialog.notinca.locked
# Security Execution Environment\Show sandbox warning banner
deployment.security.sandbox.awtwarningwindow=true
deployment.security.sandbox.awtwarningwindow.locked
# Security Execution Environment\Allow user to accept JNLP security requests
deployment.security.sandbox.jnlp.enhanced=true
deployment.security.sandbox.jnlp.enhanced.locked
# Security Execution Environment\Don't prompt for client certificate selection when no certificates or only one exists
deployment.security.clientauth.keystore.auto=true
deployment.security.clientauth.keystore.auto.locked
# Security Execution Environment\Warn if site certificate does not match hostname
deployment.security.jsse.hostmismatch.warning=true
deployment.security.jsse.hostmismatch.warning.locked
# Security Execution Environment\Show site certificate from server even if it is valid
deployment.security.https.warning.show=false
deployment.security.https.warning.show.locked
# Mixed code (sandbox vs. trusted) security verification
deployment.security.mixcode=DISABLE
deployment.security.mixcode.locked
# Perform certificate revocation checks on
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.revocation.check.locked
# Check for certificate revocation using
# Replaces Advanced Security Settings\Check certificates for revocation using Certificate Revocation List (CRLs)
# [Certificate Revocation List (CRLs)]          - ocsp=false, crl=true
# [Online Certificate Status Protocol (OCSP)]   - ocsp=true, crl=false
# [Bot CRLs and OCSP]                           - ocsp=true, crl=true
deployment.security.validation.ocsp=true
deployment.security.validation.ocsp.locked
deployment.security.validation.crl=true
deployment.security.validation.crl.locked
# Advanced Security Settings\Use certificates and keys in browser keystore
deployment.security.browser.keystore.use=true
deployment.security.browser.keystore.use.locked
# Advanced Security Settings\Check certificates for revocation using Certificate Revocation List (CRLs)
# See Check for certificate revocation using
# Advanced Security Settings\Enable list of trusted publishers
deployment.security.pretrust.list=true
deployment.security.pretrust.list.locked
# Advanced Security Settings\Enable blacklist revocation check
deployment.security.blacklist.check=true
deployment.security.blacklist.check.locked
# Advanced Security Settings\Enable caching password for authentication
deployment.security.password.cache=true
deployment.security.password.cache.locked
# Advanced Security Settings\Enable online certifcate validation
deployment.security.revocation.check=NO_CHECK
deployment.security.revocation.check.locked
# Advanced Security Settings\Use SSL 2.0 compatible ClientHello format
deployment.security.SSLv2Hello=false
deployment.security.SSLv2Hello.locked
# Advanced Security Settings\Use SSL 3.0
deployment.security.SSLv3=true
deployment.security.SSLv3.locked
# Advanced Security Settings\Use TLS 1.0
deployment.security.TLSv1=true
deployment.security.TLSv1.locked
# Advanced Security Settings\Use TLS 1.1
deployment.security.TLSv1.1=false
deployment.security.TLSv1.1.locked
# Advanced Security Settings\Use TLS 1.2
deployment.security.TLSv1.2=false
deployment.security.TLSv1.2.locked
# Miscellaneous\Place Java icon in system tray
# Miscellaneous\Java Quick Starter
deployment.system.tray.icon=false
deployment.system.tray.icon.locked

# Screen: Your Java version is insecure. or Your Java version is out of date.
deployment.expiration.check.enabled=false
deployment.expiration.check.enabled.locked
#
deployment.capture.mime.types=true
deployment.capture.mime.types.locked

deployment.security.expired.warning=false
deployment.security.expired.warning.locked

deployment.user.security.exception.sites=C:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites
deployment.user.security.exception.sites.locked
# Java 7 Update 10
deployment.expiration.decision.10.10.2.locked
deployment.expiration.decision.10.10.2=later
deployment.expiration.decision.suppression.10.10.2.locked
deployment.expiration.decision.suppression.10.10.2=true
deployment.expiration.decision.timestamp.10.10.2.locked
deployment.expiration.decision.timestamp.10.10.2=2/28/2014 12\:1\:31
Example of a deployment.properties
#deployment.properties
deployment.webjava.enabled=true
deployment.security.level=MEDIUM
deployment.security.level.locked
deployment.user.security.exception.sites=c\:/Windows/Sun/Java/Deployment/exception.sites
The exception.sites file is a one URL per line list of sites that you want in the Exception Site List field found in the Java Control Panel. Nothing else goes in this file.
System level
The deployment.config file is used for specifying the system-level deployment.properties in the infrastructure. By default no deployment.config file exists, so no system-wide deployment.properties file exists.

Possible location of the deployment.config :

  • Windows - <Windows Directory>\Sun\Java\Deployment\deployment.config or ${deployment.java.home}\lib\deployment.config
  • Linux - /etc/.java/deployment/deployment.config or ${deployment.java.home}/lib/deployment.config
  • OS X - /Library/Application Support/Oracle/Java/Deployment/deployment.config or ${deployment.java.home}/lib/deploy/deployment.config
The deployment.config file contains two properties: deployment.system.config and deployment.system.config.mandatory.

The deployment.system.config property is the URL to the system (enterprise-wide) deployment.properties file. This property can be used by system administrators to centrally administer or "lock-down" user-specific configuration settings. For local files, use the file protocol in the URL, for example, file:///C:/Windows/Sun/Java/Deployment/deployment.properties.

The deployment.system.config.mandatory property is a boolean. If set to true, the deployment.properties file that is pointed to by the deployment.system.config property must be found and successfully loaded, otherwise, nothing is allowed to run. If the property is set to false, an attempt is made to find and load the deployment. properties file that is pointed to by the deployment.system.config property. If successful, the file is used, otherwise, the file is ignored. The default for the deployment.system.config.mandatory property is false.

deployment.system.config=file\://ourserver.local/deploy/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true
This example points to a deployment.properties file on a DFS path //ourserver.local/deploy/. Since the property deployment.system.config.mandatory=true then if the deployment.properties file is not found, then nothing is allowed to run.
blog comments powered by Disqus