Configure Java Deployment with PropertiesTag(s): Environment
User level
Thedeployment.properties
file is used for storing and retrieving deployment configuration properties shown in the Java Control Panel.
The properties are also used for customizing runtime behavior for both Java Plug-in and Java Web Start.
Location of the deployment.properties :
- Windows -
<User Application Data Folder>\LocalLow\Sun\Java\Deployment\deployment.properties
- Linux -
${user.home}/.java/deployment/deployment.properties
- OS X -
~/Library/Application Support/Oracle/Java/Deployment/deployment.properties
ref : Oracle Java documentation
List of possible deployment properties
#deployment.properties https://gist.githubusercontent.com/MyITGuy/9628895/raw/3727348918e036baf69059181e8b4567462d41d3/Deployment.Properties.txt # Security Tab # Enable Java content in the browser deployment.webjava.enabled=true deployment.webjava.enabled.locked # Security Level deployment.security.level=MEDIUM deployment.security.level.locked # Advanced Tab # Debugging\Enable tracing deployment.trace=false deployment.trace.locked # Debugging\Enable logging deployment.log=false deployment.log.locked # Debugging\Show applet lifecycle exceptions deployment.javapi.lifecycle.exception=false deployment.javapi.lifecycle.exception.locked # Java console deployment.console.startup.mode.locked deployment.console.startup.mode=HIDE # Default Java for browsers\Microsoft Internet Explorer deployment.browser.vm.iexplorer=true deployment.browser.vm.iexplorer.locked # Default Java for browsers\Mozilla family deployment.browser.vm.mozilla.locked deployment.browser.vm.mozilla=false # Java Plug-in\Enable the next-generation Java Plug-in (requires browser restart) # This must be done by executing one of the following commands as an administrator: # [Disable] - {JREInstallPath}\bin\ssvagent.exe -high -jpisetup -old # [Enable] - {JREInstallPath}\bin\ssvagent.exe -high -jpisetup -new # Shortcut Creation deployment.javaws.shortcut=ASK_IF_HINTED deployment.javaws.shortcut.locked # JNLP File/MIME Association deployment.javaws.associations=ASK_USER deployment.javaws.associations.locked # Application Installation deployment.javaws.install=IF_HINT deployment.javaws.install.locked #JRE Auto-Download deployment.javaws.autodownload=NEVER deployment.javaws.autodownload.locked # Security Execution Environment\Enable granting elevated access to signed apps # aka. Allow user to grant permissions to signed content deployment.security.askgrantdialog.show=true deployment.security.askgrantdialog.show.locked # Security Execution Environment\Enable granting elevated access to self-signed apps deployment.security.askgrantdialog.notinca=true deployment.security.askgrantdialog.notinca.locked # Security Execution Environment\Show sandbox warning banner deployment.security.sandbox.awtwarningwindow=true deployment.security.sandbox.awtwarningwindow.locked # Security Execution Environment\Allow user to accept JNLP security requests deployment.security.sandbox.jnlp.enhanced=true deployment.security.sandbox.jnlp.enhanced.locked # Security Execution Environment\Don't prompt for client certificate selection when no certificates or only one exists deployment.security.clientauth.keystore.auto=true deployment.security.clientauth.keystore.auto.locked # Security Execution Environment\Warn if site certificate does not match hostname deployment.security.jsse.hostmismatch.warning=true deployment.security.jsse.hostmismatch.warning.locked # Security Execution Environment\Show site certificate from server even if it is valid deployment.security.https.warning.show=false deployment.security.https.warning.show.locked # Mixed code (sandbox vs. trusted) security verification deployment.security.mixcode=DISABLE deployment.security.mixcode.locked # Perform certificate revocation checks on deployment.security.revocation.check=ALL_CERTIFICATES deployment.security.revocation.check.locked # Check for certificate revocation using # Replaces Advanced Security Settings\Check certificates for revocation using Certificate Revocation List (CRLs) # [Certificate Revocation List (CRLs)] - ocsp=false, crl=true # [Online Certificate Status Protocol (OCSP)] - ocsp=true, crl=false # [Bot CRLs and OCSP] - ocsp=true, crl=true deployment.security.validation.ocsp=true deployment.security.validation.ocsp.locked deployment.security.validation.crl=true deployment.security.validation.crl.locked # Advanced Security Settings\Use certificates and keys in browser keystore deployment.security.browser.keystore.use=true deployment.security.browser.keystore.use.locked # Advanced Security Settings\Check certificates for revocation using Certificate Revocation List (CRLs) # See Check for certificate revocation using # Advanced Security Settings\Enable list of trusted publishers deployment.security.pretrust.list=true deployment.security.pretrust.list.locked # Advanced Security Settings\Enable blacklist revocation check deployment.security.blacklist.check=true deployment.security.blacklist.check.locked # Advanced Security Settings\Enable caching password for authentication deployment.security.password.cache=true deployment.security.password.cache.locked # Advanced Security Settings\Enable online certifcate validation deployment.security.revocation.check=NO_CHECK deployment.security.revocation.check.locked # Advanced Security Settings\Use SSL 2.0 compatible ClientHello format deployment.security.SSLv2Hello=false deployment.security.SSLv2Hello.locked # Advanced Security Settings\Use SSL 3.0 deployment.security.SSLv3=true deployment.security.SSLv3.locked # Advanced Security Settings\Use TLS 1.0 deployment.security.TLSv1=true deployment.security.TLSv1.locked # Advanced Security Settings\Use TLS 1.1 deployment.security.TLSv1.1=false deployment.security.TLSv1.1.locked # Advanced Security Settings\Use TLS 1.2 deployment.security.TLSv1.2=false deployment.security.TLSv1.2.locked # Miscellaneous\Place Java icon in system tray # Miscellaneous\Java Quick Starter deployment.system.tray.icon=false deployment.system.tray.icon.locked # Screen: Your Java version is insecure. or Your Java version is out of date. deployment.expiration.check.enabled=false deployment.expiration.check.enabled.locked # deployment.capture.mime.types=true deployment.capture.mime.types.locked deployment.security.expired.warning=false deployment.security.expired.warning.locked deployment.user.security.exception.sites=C:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites deployment.user.security.exception.sites.locked # Java 7 Update 10 deployment.expiration.decision.10.10.2.locked deployment.expiration.decision.10.10.2=later deployment.expiration.decision.suppression.10.10.2.locked deployment.expiration.decision.suppression.10.10.2=true deployment.expiration.decision.timestamp.10.10.2.locked deployment.expiration.decision.timestamp.10.10.2=2/28/2014 12\:1\:31
#deployment.properties deployment.webjava.enabled=true deployment.security.level=MEDIUM deployment.security.level.locked deployment.user.security.exception.sites=c\:/Windows/Sun/Java/Deployment/exception.sites
exception.sites
file is a one URL per line list of sites that you want in the Exception Site List field found in the Java Control Panel.
Nothing else goes in this file.
System level
Thedeployment.config
file is used for specifying the system-level deployment.properties in the infrastructure.
By default no deployment.config file exists, so no system-wide deployment.properties file exists.
Possible location of the deployment.config :
- Windows -
<Windows Directory>\Sun\Java\Deployment\deployment.config
or${deployment.java.home}\lib\deployment.config
- Linux -
/etc/.java/deployment/deployment.config
or${deployment.java.home}/lib/deployment.config
- OS X -
/Library/Application Support/Oracle/Java/Deployment/deployment.config
or${deployment.java.home}/lib/deploy/deployment.config
deployment.system.config
and deployment.system.config.mandatory
.
The deployment.system.config property is the URL to the system (enterprise-wide) deployment.properties file. This property can be used by system administrators to centrally administer or "lock-down" user-specific configuration settings. For local files, use the file protocol in the URL, for example, file:///C:/Windows/Sun/Java/Deployment/deployment.properties.
The deployment.system.config.mandatory property is a boolean. If set to true, the deployment.properties file that is pointed to by the deployment.system.config property must be found and successfully loaded, otherwise, nothing is allowed to run. If the property is set to false, an attempt is made to find and load the deployment. properties file that is pointed to by the deployment.system.config property. If successful, the file is used, otherwise, the file is ignored. The default for the deployment.system.config.mandatory property is false.
deployment.system.config=file\://ourserver.local/deploy/Sun/Java/Deployment/deployment.properties deployment.system.config.mandatory=true