Java Platform, Standard Edition Deployment Guide
Contents    Previous    Next

20 Java Control Panel

This topic describes the Java Control Panel, which is used to control how Java and JavaFX applications that are embedded in a browser or are launched from a browser run on your computer. The settings in the Java Control Panel are not used by standalone and self-contained applications.

The Java Control Panel provides the following capabilities:

  • View and delete temporary files used by the Java Plug-in, which runs Java applications that are embedded in a browser, and by Java Web Start, which enables you to run Java applications over the network.

  • Update your version of the Java platform so that you always have the latest Java Runtime Environment (JRE).

  • Set runtime parameters.

  • Manage certificates.

  • View an active deployment rule set.

  • Manage the exception site list.

  • Set options for debugging, applet handling, and other functions.

The Java Control Panel includes the following tabs:

20.1 General

Figure 20-1 shows the General tab.

The General tab contains the following sections: About, Network Settings, and Temporary Internet Files. This tab also indicates if Java is enabled in the browser, which is controlled in the Security tab.

20.2 Update

The Update tab is available on Microsoft Windows and OS X for both the 32-bit and 64-bit versions of the JRE, and only for users with Administrative privileges. On Microsoft Windows, if the JRE is installed and this panel is not available, launch the Java Control Panel directly from the command line (<JRE installation directory>\bin\javacpl.exe). Figure 20-2 shows the Update tab.

The Update tab is used with the Java Update Scheduler (jusched.exe) to provide the latest Java updates to the end user. This tab enables you to automatically or manually update all JREs (including 32-bit and 64-bit versions) installed on your system.

20.3 Java

Figure 20-3 shows the Java tab.

Click View to show the Java Runtime Environment Settings dialog, which provides information on the JREs that are installed on your system, and enables you to choose the JREs that you want to use to run applications that are embedded in a web page or launched from a browser.

20.3.1 Java Runtime Environment Settings

The Java Runtime Environment Settings dialog has two tabs, User and System. Both tabs show a table that contains information on the JREs that are installed on your system. The User tab shows all of the registered JREs and JREs that the user has added. The System tab shows the JRE that was used to start the Java Control Panel.

Each row in the table represents a Java Runtime Environment (JRE) that is installed in your computer. The following information is provided for each JRE:

  • Platform: The version of the JRE

  • Product: The full version number of the JRE, including the update number

  • Location: The URL that Java Update Scheduler uses to launch automatic updates

  • Path: The full path to the JRE

  • Runtime Parameters: Optional custom options used to override the Java Plug-in default startup parameters

  • Enabled: Flag that indicates which of the JRE versions are considered when running an application using Java Plug-in or Java Web Start. Settings in the Java Control Panel do not apply to standalone or self-contained applications. If the check box for a JRE is not selected, then Java Plug-in and Java Web Start will not use the JRE to launch Java applications. However, the current JRE might be used even if it is not marked as enabled.


    Note:

    If Java content in the browser is disabled in the Security tab of the Java Control Panel, enabling the JRE in the Java Runtime Environment Settings dialog has no effect. See Section 20.4, "Security" for information on the Enable Java Content in the Browser option.

To change the information for a JRE in the User tab, click the cell in the table and edit the value. The information in the System tab cannot be edited.

In the User tab, the following functions are available:

  • Click Find to launch the JRE Finder. Use this utility to search for JREs that are installed on your computer and add them to the table.

  • Click Add to manually add a JRE to the table. A new row is added to the table. Fill in the values for Platform, Product, Path, Runtime Parameters, and Enabled.

  • Click Remove to remove the selected JRE from the table.

The table always has at least one entry, which is the most recently installed JRE. This is the JRE that is associated with the Java Control Panel.

Microsoft Windows shows all of the JREs that are installed on a computer. The Java Control Panel finds the JREs by looking in the registry. On Solaris, Linux, and OS X, the JRE that Java Web Start or Java Plug-in is using to deploy applications is the JRE that is considered registered. Therefore, use the Find, Add, and Remove buttons to change which JREs are listed in the table. On OS X, only the currently installed JRE is displayed, JDKs are not included.

For Solaris, Linux, or OS X, only version 5.0 or higher should be added. For Microsoft Windows, where all JREs are found in the registry, version 1.3.1 or higher is shown.

20.3.2 Java Runtime Parameters

You can override the Java Plug-in default startup parameters by specifying custom options in the Runtime Parameters column for a JRE. With the exception of setting classpath and cp, the syntax is the same as that used with parameters for the java command line invocation. See the java command for a full list of command line options:

java command: Windows, Solaris, Linux, or OS X.

The following sections provide examples of Java runtime parameters.

20.4 Security

Figure 20-4 shows the Security tab.

To prevent any Java application from running in a browser or being launched from a browser, make sure that the Enable Java content in the browser option is not selected. This option is selected by default.

20.4.1 Security Level

The security level determines the criteria used to allow or block a Java application from running within a browser or being launched from a browser. As the security level is increased, more restrictions are placed on allowing an application to run, and stronger warnings are issued to the user.

The default security level setting is High. The available settings are:

  • Very High - Applications that are signed with a valid certificate that is located in the Signer CA keystore, and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked.

  • High - Applications that are signed with a valid certificate that is located in the Signer CA keystore, and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.

See Chapter 24, "Rich Internet Application Deployment Process" for information on how the decision to run or block an application is made.

The Security Level setting affects plug-in applets, Java Web Start applications, embedded JavaFX applications, and access to the native deployment toolkit plug-ins. This setting does not affect standalone or self-contained Java applications.

For more information, see Section 23.1, "Setting the Security Level of the Java Client."

20.4.4 Restore Security Prompts

An option to hide a prompt in the future is included in some security prompts that are shown when an application starts. To insure the continued security of your system, it is recommended that you periodically restore the prompts that were hidden. Seeing the prompts again provides an opportunity to review the applications and ensure that you still want them to run.

To restore the prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown.

20.4.5 Manage Certificates

User-level and system-level certificates used to sign RIAs that you run can be managed by clicking Manage Certificates. From the Certificates dialog, you can import, export, remove, and view the details for certificates. Information is provided for the following types of certificates:

  • Trusted Certificates - Certificates for signed RIAs that are trusted.

  • Secure Site - Certificates for secure sites.

  • Signer CA - Certificates of Certificate Authorities (CAs) who issue the certificates to the signers of trusted certificates.

  • Secure Site CA - Certificates of CAs who issue the certificates for secure sites.

  • Client Authentication - Certificates used by a client to authenticate itself to a server.

20.4.5.2 System-Level Certificates

You can export and view the details of system-level certificates using the buttons provided in the Certificates dialog. System-level certificates cannot be imported or removed by an end user.

Trusted, Secure Site, and Client Authentication certificate keystore files do not exist by default. The following table shows the default location for the Signer CA keystore file.

The following table shows the default location for the Secure Site CA keystore.

To specify a system-level keystore in a location other than the default location, set properties in the system-level deployment.properties file. The System-Level deployment.properties file does not exist by default. See Chapter 21, "Deployment Configuration File and Properties" for information on the system-level file and configuration properties. The following table describes the property to set for each type of certificate.

20.5 Advanced

Figure 20-5 and Figure 20-6 show the options available in the Advanced tab on Microsoft Windows.

This tab includes options for Debugging, Java console, Default Java for browsers, Shortcut Creation, JNLP File/MIME Association, Application Installation, Secure Execution Environment, Mixed code security verification, Certificate revocation checks, Advanced Security Settings, and Miscellaneous.

20.5.9 Perform certificate revocation checks on

Before a signed applet or Java Web Start application is run, the certificates used to sign the JAR file can be checked to ensure that none have been revoked. You can have all certificates checked, or only the certificate from the publisher of the app. If a certificate has been revoked, any RIA that is signed with the certificate is not allowed to run. This check can be disabled, but that is not recommended. The following choices are available, select only on:

  • Publisher's certificate only

  • All certificates in the chain of trust (selected by default)

  • Do not check (not recommended)

20.5.12 Miscellaneous

The following choices are available, none are checked by default:

  • Place Java icon in system tray

  • Suppress sponsor offers when installing or updating Java

    Select this option if you do not want to be provided with offers from sponsors during the installation or update process.

Contents    Previous    Next

Copyright © 1993, 2015, Oracle and/or its affiliates. All rights reserved.