Share this page 

Configure Java Deployment with PropertiesTag(s): Environment


User level
The deployment.properties file is used for storing and retrieving deployment configuration properties shown in the Java Control Panel. The properties are also used for customizing runtime behavior for both Java Plug-in and Java Web Start.

Location of the deployment.properties :

  • Windows - <User Application Data Folder>\LocalLow\Sun\Java\Deployment\deployment.properties
  • Linux - ${user.home}/.java/deployment/deployment.properties
  • OS X - ~/Library/Application Support/Oracle/Java/Deployment/deployment.properties
On the Windows, <User Application Data Folder> is typically C:\Users\<your username>\AppData (or %APPDATA%) which is hidden by default.

ref : Oracle Java documentation

List of possible deployment properties 


#deployment.properties  https://gist.githubusercontent.com/MyITGuy/9628895/raw/3727348918e036baf69059181e8b4567462d41d3/Deployment.Properties.txt



# Security Tab

# Enable Java content in the browser

deployment.webjava.enabled=true

deployment.webjava.enabled.locked

# Security Level

deployment.security.level=MEDIUM

deployment.security.level.locked



# Advanced Tab

# Debugging\Enable tracing

deployment.trace=false

deployment.trace.locked

# Debugging\Enable logging

deployment.log=false

deployment.log.locked

# Debugging\Show applet lifecycle exceptions

deployment.javapi.lifecycle.exception=false

deployment.javapi.lifecycle.exception.locked

# Java console

deployment.console.startup.mode.locked

deployment.console.startup.mode=HIDE

# Default Java for browsers\Microsoft Internet Explorer

deployment.browser.vm.iexplorer=true

deployment.browser.vm.iexplorer.locked

# Default Java for browsers\Mozilla family

deployment.browser.vm.mozilla.locked

deployment.browser.vm.mozilla=false

# Java Plug-in\Enable the next-generation Java Plug-in (requires browser restart)

# This must be done by executing one of the following commands as an administrator:

# [Disable]     - {JREInstallPath}\bin\ssvagent.exe -high -jpisetup -old

# [Enable]      - {JREInstallPath}\bin\ssvagent.exe -high -jpisetup -new

# Shortcut Creation

deployment.javaws.shortcut=ASK_IF_HINTED

deployment.javaws.shortcut.locked

# JNLP File/MIME Association

deployment.javaws.associations=ASK_USER

deployment.javaws.associations.locked

# Application Installation

deployment.javaws.install=IF_HINT

deployment.javaws.install.locked

#JRE Auto-Download

deployment.javaws.autodownload=NEVER

deployment.javaws.autodownload.locked

# Security Execution Environment\Enable granting elevated access to signed apps

# aka. Allow user to grant permissions to signed content

deployment.security.askgrantdialog.show=true

deployment.security.askgrantdialog.show.locked

# Security Execution Environment\Enable granting elevated access to self-signed apps

deployment.security.askgrantdialog.notinca=true

deployment.security.askgrantdialog.notinca.locked

# Security Execution Environment\Show sandbox warning banner

deployment.security.sandbox.awtwarningwindow=true

deployment.security.sandbox.awtwarningwindow.locked

# Security Execution Environment\Allow user to accept JNLP security requests

deployment.security.sandbox.jnlp.enhanced=true

deployment.security.sandbox.jnlp.enhanced.locked

# Security Execution Environment\Don't prompt for client certificate selection when no certificates or only one exists

deployment.security.clientauth.keystore.auto=true

deployment.security.clientauth.keystore.auto.locked

# Security Execution Environment\Warn if site certificate does not match hostname

deployment.security.jsse.hostmismatch.warning=true

deployment.security.jsse.hostmismatch.warning.locked

# Security Execution Environment\Show site certificate from server even if it is valid

deployment.security.https.warning.show=false

deployment.security.https.warning.show.locked

# Mixed code (sandbox vs. trusted) security verification

deployment.security.mixcode=DISABLE

deployment.security.mixcode.locked

# Perform certificate revocation checks on

deployment.security.revocation.check=ALL_CERTIFICATES

deployment.security.revocation.check.locked

# Check for certificate revocation using

# Replaces Advanced Security Settings\Check certificates for revocation using Certificate Revocation List (CRLs)

# [Certificate Revocation List (CRLs)]          - ocsp=false, crl=true

# [Online Certificate Status Protocol (OCSP)]   - ocsp=true, crl=false

# [Bot CRLs and OCSP]                           - ocsp=true, crl=true

deployment.security.validation.ocsp=true

deployment.security.validation.ocsp.locked

deployment.security.validation.crl=true

deployment.security.validation.crl.locked

# Advanced Security Settings\Use certificates and keys in browser keystore

deployment.security.browser.keystore.use=true

deployment.security.browser.keystore.use.locked

# Advanced Security Settings\Check certificates for revocation using Certificate Revocation List (CRLs)

# See Check for certificate revocation using

# Advanced Security Settings\Enable list of trusted publishers

deployment.security.pretrust.list=true

deployment.security.pretrust.list.locked

# Advanced Security Settings\Enable blacklist revocation check

deployment.security.blacklist.check=true

deployment.security.blacklist.check.locked

# Advanced Security Settings\Enable caching password for authentication

deployment.security.password.cache=true

deployment.security.password.cache.locked

# Advanced Security Settings\Enable online certifcate validation

deployment.security.revocation.check=NO_CHECK

deployment.security.revocation.check.locked

# Advanced Security Settings\Use SSL 2.0 compatible ClientHello format

deployment.security.SSLv2Hello=false

deployment.security.SSLv2Hello.locked

# Advanced Security Settings\Use SSL 3.0

deployment.security.SSLv3=true

deployment.security.SSLv3.locked

# Advanced Security Settings\Use TLS 1.0

deployment.security.TLSv1=true

deployment.security.TLSv1.locked

# Advanced Security Settings\Use TLS 1.1

deployment.security.TLSv1.1=false

deployment.security.TLSv1.1.locked

# Advanced Security Settings\Use TLS 1.2

deployment.security.TLSv1.2=false

deployment.security.TLSv1.2.locked

# Miscellaneous\Place Java icon in system tray

# Miscellaneous\Java Quick Starter

deployment.system.tray.icon=false

deployment.system.tray.icon.locked



# Screen: Your Java version is insecure. or Your Java version is out of date.

deployment.expiration.check.enabled=false

deployment.expiration.check.enabled.locked

#

deployment.capture.mime.types=true

deployment.capture.mime.types.locked



deployment.security.expired.warning=false

deployment.security.expired.warning.locked



deployment.user.security.exception.sites=C:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites

deployment.user.security.exception.sites.locked

# Java 7 Update 10

deployment.expiration.decision.10.10.2.locked

deployment.expiration.decision.10.10.2=later

deployment.expiration.decision.suppression.10.10.2.locked

deployment.expiration.decision.suppression.10.10.2=true

deployment.expiration.decision.timestamp.10.10.2.locked

deployment.expiration.decision.timestamp.10.10.2=2/28/2014 12\:1\:31
Example of a deployment.properties 

#deployment.properties

deployment.webjava.enabled=true

deployment.security.level=MEDIUM

deployment.security.level.locked

deployment.user.security.exception.sites=c\:/Windows/Sun/Java/Deployment/exception.sites
The exception.sites file is a one URL per line list of sites that you want in the Exception Site List field found in the Java Control Panel. Nothing else goes in this file.
System level
The deployment.config file is used for specifying the system-level deployment.properties in the infrastructure. By default no deployment.config file exists, so no system-wide deployment.properties file exists.

Possible location of the deployment.config :

  • Windows - <Windows Directory>\Sun\Java\Deployment\deployment.config or ${deployment.java.home}\lib\deployment.config
  • Linux - /etc/.java/deployment/deployment.config or ${deployment.java.home}/lib/deployment.config
  • OS X - /Library/Application Support/Oracle/Java/Deployment/deployment.config or ${deployment.java.home}/lib/deploy/deployment.config
The deployment.config file contains two properties: deployment.system.config and deployment.system.config.mandatory.

The deployment.system.config property is the URL to the system (enterprise-wide) deployment.properties file. This property can be used by system administrators to centrally administer or "lock-down" user-specific configuration settings. For local files, use the file protocol in the URL, for example, file:///C:/Windows/Sun/Java/Deployment/deployment.properties.

The deployment.system.config.mandatory property is a boolean. If set to true, the deployment.properties file that is pointed to by the deployment.system.config property must be found and successfully loaded, otherwise, nothing is allowed to run. If the property is set to false, an attempt is made to find and load the deployment. properties file that is pointed to by the deployment.system.config property. If successful, the file is used, otherwise, the file is ignored. The default for the deployment.system.config.mandatory property is false. 


deployment.system.config=file\://ourserver.local/deploy/Sun/Java/Deployment/deployment.properties

deployment.system.config.mandatory=true
This example points to a deployment.properties file on a DFS path //ourserver.local/deploy/. Since the property deployment.system.config.mandatory=true then if the deployment.properties file is not found, then nothing is allowed to run.