Managing Java’s Control Panel & Exception Site List

Note: We have a newer, more up-to-date post on this topic

With the introduction of Java 7 Update 51 and the Exception Site List, many users have experienced havoc with trying to manage all the exceptions needed for end users in their environments. Through some exhaustive research, I have found a way to not only manage Java’s control panel and Exception Site List from a system-level, but also to have all the settings managed from a network share. I will show you how to collaborate your Java settings and Exception Site List into a couple of Packages to deploy throughout your environment using PDQ Deploy.

First, let’s get an understanding of how the Java Control Panel settings are managed with a default installation of Java. The deployment.properties file is installed in a non-configurable location here:

%APPDATA%\..\LocalLow\Sun\Java\Deployment\deployment.properties


java_config_folder

The Java Control Panel and the Exception Site List can both be managed from the deployment.properties file, but the changes reflect only on a per user basis. However, the user level deployment.properties file can be bypassed if a deployment.config file is created that also points to a system-level deployment.properties file. By default, the system-level deployment.config and deployment.properties files are not created. (Only the User level deployment.properties file.)

So, how do we set up the system-level settings for Java? First, we will need to create the three files needed to manage the Java Control Panel settings. The three files once created, will go in the %WINDIR%\SUN\JAVA\Deployment directory which if it doesn’t exist, will need to be created.

deployment.config File

The deployment.config file is used to specify the location of the deployment.properties file in your environment. Whether the deployment.properties file is located on the local machine or on a network share, the deployment.config file will only contain two properties:

deployment.system.config and deployment.system.config.mandatory

The deployment.system.config property is the file path to the system-level (enterprise-wide) deployment.properties file. (Utilize the file protocol for the file path)

The deployment.system.config.mandatory is a Boolean value. The default value for this property is false. If left as the default value, there will be an attempt to load the deployment.properties file specified in the deployment.system.config path. If the property is set to true, the attempt to access the deployment.properties file will still be made, however, if the file cannot be found or loaded, nothing will be allowed to run.

Here are two examples of the contents in the deployment.config file. The first points to the deployment.properties file on the local (target) machines.

deployment.system.config=file\:C\:/Windows/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true

This example points to a deployment.properties file on the HQ-Svr1 server in the deploy share.

deployment.system.config=file\://HQ-Svr1/deploy/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true

deployment.properties File

The deployment.properties file is used to manage the settings in Java Control Panel. A complete list of available settings and values that can be used is found here:

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html

In addition, the exception.sites file path is set here as well.

  1. Here are two example deployment.config files. The first example shows the contents of a deployment.properties file which points to a local (on each target machine) exception.sites file.

    #deployment.properties
    deployment.webjava.enabled=true
    deployment.security.level=MEDIUM
    deployment.security.level.locked
    deployment.user.security.exception.sites=c\:/Windows/Sun/Java/Deployment/exception.sites

    The second example points to a network share on a computer named HQ-Svr1 with a Windows shared directory called Deploy.

    #deployment.properties
    deployment.webjava.enabled=true
    deployment.security.level=MEDIUM
    deployment.security.level.locked
    deployment.user.security.exception.sites=//HQ-Svr1/deploy/sun/java/deployment/exception.sites

exception.sites File

The exception.sites file is a one URL per line list of sites that you want in the Exception Site List field found in the Java Control Panel. Nothing else goes in this file.

Here is an example exception.sites file:


java_exception_site

Now that we have the three files we need, it is time to put them to good use. Depending on the set up desired (files on the local machine or a network share), it will determine where you will place your files. For our first example, we will be deploying our files out to the local machine. In this case, copy the three files you created into your repository or any other location on your machine you desire.

Create a new PDQ Deploy Package

Now that your three files are in your repository or another location on your machine, open PDQ Deploy and create a new package. Create a command step and delete the default install step. In the command field, we need to enter a command that will copy the three files needed into the %WINDIR%\Sun\Java\Deployment directory and also create the directory if it does not exist (only the deployment.config files needs to be copied over if you are storing the deployment.properties and the exception.sites files on a network share). We will use an xcopy command with a /I and a /Y to accomplish the copy task for us.(Type xcopy /? in a command prompt for a usage statement)

The image below will show you the two areas where you will need to enter information. Notice we used two wildcards deployment.* and *.sites to grab all of our files with the xcopy commands. NOTE: Make sure you add all three files in the additional files field (unless you are storing the deployment.properties and exception.sites files on a network share). Only one file will be listed like below but if you click on the drop down list, you should see all three.

java_deploy_xcopy1

Use the command in the image below if you are only copying the deployment.config file.


java_deploy_xcopy2

That is all there is to it. Push out the packages to the respective machines and be amazed as the Java Control Panel properties and exception list conform to your desires. If you open the Java Control Panel and click on the Security Tab, you should see the changes you specified in the deployment.properties and exception.sites files are set. Remember the user’s deployment.properties file will be bypassed by the system-level properties. If the system-level properties are removed, Java will revert to the users deployment.properties settings.

NOTES:

  1. If you store your Java configuration files on a network share make sure your users have Read access to the shared files. 
  2. If your exception.sites file is set to READ ONLY then the exception.sites list in the Control Panel will not be able to be modified.
  3. The command step created to change the Java Control Panel settings and Exception Site List can be added to our Java 7 Update 51(and later) Packages in the Package Library, to install Java and have the settings applied all in one package. Trials to PDQ Deploy do not include full access to our package library. The trial does include access to some packages for testing purposes. To see the different levels available to Pro and Enterprise, see our Package Library page.

Try PDQ Deploy