Note: This Java deployment guide describes features released prior to the Java SE 6 update 10 release. See Java Rich Internet Applications Development and Deployment for the latest information.
The Java Control Panel is a multipurpose control panel. It allows you to view and set a wide range of parameters controlling how Java technology runs on your computer. It lets you view and delete temporary files used for Java Plug-in, which allows Java technology to be used by your Web browser to run applets; and Java Web Start, which allows you to run Java applications over the network. It allows you to control certificates, making it safe to run applets and applications over the network. It allows you to set runtime parameters for applets that run with Java Plug-in and applications that run with Java Web Start. It provides a mechanism for updating your version of the Java platform so that you always have the latest. And it allows you to set options for debugging, desktop integration, applet handling, etc. The Java Control Panel includes the following separately viewable panels:
Contents
The General panel looks like this:
It includes three subpanels: About, Network Settings, and Temporary Internet Files.
The About... button displays version information for the latest JRE installed on the computer.
These settings are for network connections. Press the Network Settings... button to get the Network Settings dialog. There are four choices:
Check this to use the browser default proxy settings. This is the default setting (checked).
You have two choices here:
You can specify the location (URL) for the JavaScript file (.js
or .pac extension) that contains the FindProxyForURL
function. FindProxyForURL has the logic to determine
the proxy server to use for a connection request.
Select this for situations where you do not want to use a proxy.
You can do the following:
The Update panel looks like this:
Note
This panel is only available on Windows for 1.4.2_01 and higher releases and only for users with Administrative privileges.
The Update panel, in conjunction with the Java
Update Scheduler (jusched.exe), is used to provide the
latest Java updates to the end user.
There are two basic options on the Update tab:
Automatic update is performed on a scheduled basis and it is selected by checking the Check for Updates Automatically check box.
Manual update is performed by pressing the Update Now button.
If you select automatic update, you can then set the notification via the Notify Me: drop-down menu, and you can set the update schedule via the Advanced... button.
With notification, you can chose to be notified before an update is downloaded and before it is installed; or you can chose to be notified only before an update is installed (i.e., the download is automatic).
The Advanced... allows you to select the desired frequency for updates: daily, weekly (default), or monthly. For daily updates, you can select the time of the day for the update; for weekly updates, you can select the day of the week and the time of the day; for monthly updates, you can select the day of the month and the time of the day.
You can do manual updates at any time by pressing the Update Now button. This allows you to do immediate, unscheduled updates.
The Java Update Scheduler (jusched.exe) is used for
launching automatic updates when Update Automatically is
selected in the Update tab. jusched.exe runs as a
background process that launches the Update Manager at predefined
intervals set by the user through the Advanced... button of
the Update tab. The Update Manager coordinates the update
process.
jusched.exe is launched when the user reboots the
computer after installing the SDK/JRE. It is normally transparent
to the user but can be viewed in the Processes tab of the Windows
Task Manager. Should a user for some reason not want the scheduler
to run, it can be killed via End Process button of the
Processes tab.
The Java panel looks like this:
Click the View... button to access the Java Runtime Environment Settings dialog.
These settings will be used when a Java application is launched. The Java Runtime Environment Settings dialog looks like the following on Windows:
Each row in the Java Runtime Versions panel represents a Java Runtime Environment that is installed in your computer. You may modify the value in each cell by double-clicking it:
Click the Find button to launch the JRE Finder. This utility searches for unregistered private Java Runtime Environments installed in your computer and adds them to the Java Runtime Versions panel.
Click the Add button to manually add a Java Runtime Environment to the Java Runtime Versions panel. When you click the Add button, a new row appears in the Java Runtime Versions panel; however, there are no values for Platform, Product, Path, Runtime Parameters, and Enabled; you must specify them yourself.
Click the Remove button to remove the selected Java Runtime Environment from the Java Runtime Versions panel.
Notes
There will always be at least one entry. It will be the most recently installed JRE; i.e., the JRE associated with the Java Control Panel.
Windows will show all JREs installed on a computer. The Java Control Panel finds the JREs by looking in the registry. On Unix, the situation is different. There is no registry so there is no easy way to find the JREs that a user may have installed. The JRE that Java Web Start or Java Plug-in is using to deploy applications is the JRE that is considered registered. Consequently, use the Find, Add, and Remove buttons to change which JREs are listed in the Java Runtime Environments panel.
For Unix, only version 5.0 or higher should be added. For Windows, where all JREs are found in the registry, version 1.3.1 or higher will be displayed.
Assume you are running on Microsoft Windows with Microsoft Internet Explorer, have first installed version 1.4.2, then version 5.0, and you want to run 1.4.2.
j2re1.4.2\bin directory where JRE 1.4.2
was installed. On a Windows default installation, this would be
here: C:\Program Files\Java\j2re1.4.2\binjpicpl32.exe file located there.
It will launch the control panel for 1.4.2.APPLET tags.You can add a JRE by pressing Add and specifying its location (see notes above).
For Window and Unix you can optionally set Java Runtime Settings for the JRE.
You can override the Java Plug-in default startup parameters by
specifying custom options in the Java Runtime Parameters field.
With the exception of setting classpath and
cp (see Setting
classpath and cp below), the syntax
is the same as used with parameters to the java
command line invocation. See the java launcher for a full list of
command line options:
java launcher: Windows, Solaris and Linux.
Below are some examples of Java runtime parameters.
The following format should be used for setting
classpath and cp in Java Plug-in. It
differs slightly from the java command line format,
which uses a space instead of the equal (=) sign.
-classpath=<path> -cp=<path>
Enabling and disabling assertion support
To enable assertion support, the following system property must be specified in the Java Runtime Parameters:
-[ enableassertions | ea ][:<package name>"..." | : <class name> ]
To disable assertion in the Java Plug-in, specify the following in the Java Runtime Parameters:
-[ disableassertions | da ][:<package name>"..." | : <class name> ]
See Assertion Facility for more details on enabling/disabling assertions.
Assertion is disabled in Java Plug-in code by default. Since the effect of assertion is determined during Java Plug-in startup, changing assertion settings in the Java Plug-in Control Panel will require a browser restart in order for the new settings to take effect.
Because Java code in Java Plug-in also has built-in assertion, it is possible to enable the assertion in Java Plug-in code through the following:
-[ enableassertions | ea ]:sun.plugin
Tracing and logging support
Tracing is a facility to redirect any output in the Java Console
to a trace file (.plugin<version>.trace).
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
If you do not want to use the default trace file name:
-Djavaplugin.trace.filename=<tracefilename>
Similar to tracing, logging is a facility to redirect any output
in the Java Console to a log file
(.plugin<version>.log) using the Java Logging
API. Logging can be turned on by enabling the property
javaplugin.logging.
-Djavaplugin.logging=true
If you do not want to use the default log file name, enter:
-Djavaplugin.log.filename=<logfilename>
Furthermore, if you do not want to overwrite the trace and log files each session, you can set the property:
-Djavaplugin.outputfiles.overwrite=false
If the property is set to false, then trace and log
files will be uniquely named for each session. If the default trace
and log file names are used, then the files would be named as
follows
.plugin<username><date hash code>.trace .plugin<username><date hash code>.log
Tracing and logging set through the Control Panel will take effect when the Plug-in is launched, but changes made through the Control Panel while a Plug-in is running will have no effect until a restart.
For more information about tracing and logging, see the chapter called Tracing and Logging.
Debugging applets in Java Plug-in
The following options are used when debugging applets in the Java Plug-in. For more information on this topic see the Debugging Support in the Java Plug-in Developer Guide.
-Djava.compiler=NONE -Xnoagent -Xdebug -Xrunjdwp:transport=dt_shmem,address=<connect-address>,server=y,suspend=n
The <connect-address> can be any string
(example: 2502) which is used by the Java Debugger
(jdb) later to connect to the JVM
Default connection timeout
When a connection is made by an applet to a server and the server doesn't respond properly, the applet may appear to hang and may also cause the browser to hang, since by default there is no network connection timeout.
To avoid this problem, Java Plug-in 1.4 has added a default network timeout value (2 minutes) for all HTTP connections. You can override this setting in the Java Runtime Parameters:
-Dsun.net.client.defaultConnectTimeout=<value in milliseconds>
Another networking property that you can set is
sun.net.client.defaultReadTimeout.
-Dsun.net.client.defaultReadTimeout=<value in milliseconds>
Note
Java Plug-in does not set
sun.net.client.defaultReadTimeout by default. If you
want to set it, do so through the Java Runtime Parameters as shown
above.
Networking properties description:
sun.net.client.defaultConnectTimeout sun.net.client.defaultReadTimeout
These properties specify, respectively, the default connect and
read timeout values for the protocol handlers used by
java.net.URLConnection. The default value set by the
protocol handlers is -1, which means there is no
timeout set.
sun.net.client.defaultConnectTimeout specifies the
timeout (in milliseconds) to establish the connection to the host.
For example, for http connections it is the timeout when
establishing the connection to the http server. For ftp connections
it is the timeout when establishing the connection to ftp
servers.
sun.net.client.defaultReadTimeout specifies the
timeout (in milliseconds) when reading from an input stream when a
connection is established to a resource.
For the official description of these properties, see Networking Properties.
Notes
keystore files do not exist by
default; they are created and managed by a System Administrator
using keytool. (See Security Tools.)The Security panel looks like this:
Press the Certificates... button to get the Certificates dialog, which looks like this:
It handles both User- and System-Level (enterprise-wide) certificates of the following types:
These are certificates for signed applets and applications that are trusted.
These are certificates for secure sites.
These are certificates of Certificate Authorities (CAs) for Trusted Certificates; Certificate Authorities are the ones who issue the certificates to the signers of Trusted Certificates.
These are certificates of Certificate Authorities (CAs) for secure sites; Certificate Authorities are the ones who issue the certificates for secure sites.
These are certificates for a client to authenticate itself to a server.
For Trusted, Secure site, and Client Authentication certificates, there are four options: Import, Export, Remove, and Details. The user can import, export, remove, and view the details of a certificate.
For Signer CA and Secure site CA, there is only one option: Details. The user can only view the details of a certificate.
The default locations of the of the keystore files
for Unix and Windows are as follows:
| Operating System | Location |
|---|---|
| Unix | ${user.home}/.java/deployment/security. |
| Windows |
|
For instance, on Windows 2000/XP, the default location of the
keystore files for user jsmith would be
as follows:
C:\Documents and Settings\jsmith\ApplicationData\Sun\Java\Deployment\security
For non-default locations of the certificate
keystore files, specify them in the User-Level
deployment.properties file with the following
property names:
| Certificate Type | Property Name |
|---|---|
| Trusted Certificates | deployment.user.security.trusted.certs |
| Secure site | deployment.user.security.trusted.jssecerts |
| Signer CA | deployment.user.security.trusted.cacerts |
| Secure site CA | deployment.user.security.
trusted.jssecacerts |
| Client Authentication | deployment.user.security.trusted.clientcerts |
For System-Level certificates, the only options a user has are Export and Details.
Trusted, Secure Site, and Client Authentication certificate
keystore files do not exist by default. Thus there are
no default locations for them.
The default location for the Signer CA keystore is:
| Operating System | Location |
|---|---|
| Unix | $JAVA_HOME/lib/security/cacerts |
| Windows |
|
The default location for the Secure Site CA keystore is:
| Operating System | Location |
|---|---|
| Unix | $JAVA_HOME/lib/security/jssecacerts |
| Windows |
|
The location of the keystore files for the various
types of certificates can also be set in a System-Level
deployment.properties file, if it exists. (The
System-Level deployment.properties file does not exist
by default. It is specified in a deployment.config
file. See System-Level
deployment.properties file.) The following
properties may be specified:
| Certificate Type | Property Name |
|---|---|
| Trusted Certificates | deployment.system.security.trusted.certs |
| Secure site | deployment.system.security.trusted.jssecerts |
| Signer CA | deployment.system.security.trusted.cacerts |
| Secure site CA | deployment.system.security.
trusted.jssecacerts |
| Client Authentication |
deployment.system.security.trusted.clientcerts |
The Advanced panel looks like this:
It includes options for Debugging, Java console, Default Java for Browsers, Java Plug-in, JavaFX runtime, Shortcut creation, JNLP File/MIME Association, Application Installation, JRE Auto-Download, Insecure JRE versions, Security, and Miscellaneous.
You can enable tracing and logging. For more information on tracing and logging and how to set runtime parameters for tracing and logging, see Tracing and Logging.
There are three options:
See Java Console for information about it.
There are two options; both are selected by default:
This option enables settings in your browser that enable you to use the JRE installed in your computer.
For example, if you enable this option for Microsoft Internet Explorer, then the option Use JRE <version number> for <applet> (requires restart) is available, where <version number> is the version of the JRE installed in your computer. (Find this option by going to Tools, then Internet Options, then click the tab Advanced.)
In addition, if you enable this option for Mozilla Family, and your browser is Firefox, then the extension Java Console <version number> appears in the Add-ons list, where <version number> is the version of the JRE installed in your computer. (Access the Add-ons list from the Tools menu in the menu bar.)
There is only one option, which is selected by default: Enable the next-generation Java Plug-in (requires browser restart).
If this option is selected, then the implementation of the Java Plug-In introduced in Java SE 6 update 10 is used. If this option is not selected, the Java Plug-In implementation prior to the one introduced in Java SE 6u10 is used.
There is only one option, which is selected by default: Enable JavaFX runtime. Use this option to enable or disable the JavaFX runtime.
This provides options for Java Web Start for creating shortcuts on the desktop. The options are:
This allows you to associate files with the JNLP MIME type. The options are (radio button, select only one):
There are four options:
A Java application or applet that is launched with Java Web Start can either be installed or cached on the client computer. If the Java application is cached, then Java Web Start stores the entire application in its cache; the application is removed from the client computer when Java Web Start empties its cache. If the Java application is installed, then the application will have an entry in the Add or Remove Programs applet in Windows Control Panel.
A Java application or applet can specify if it prefers to be cached or installed; if the Java application specifies that it prefers to be installed, then it is hinted. By default, Java applications that are hinted are installed on the client computer. You can also specify that a Java application is installed if it creates a shortcut on the client computer's desktop.
There are three options:
If a JNLP file requests a JRE that is not installed, then this option specifies what action is performed.
If users have a version of Java on their system that is below the security baseline, a warning message is displayed before an application or an applet can be run using that version. You can control this warning message by choosing one of the following three options:
This option sets the property deployment.insecure.jres in the deployment.properties file. See Deployment Configuration File and Properties for more information about this file.
The General options are check boxes. You can select any number of available options. All options are checked by default except for those specified. The Mixed code options are radio buttons. You can select only one option. The following are the various Java security options:
There are two options; both are checked by default:
Allows you to specify the location of the default browser to be launched.
