For Windows and Solaris, Linux, or Mac OS X you can optionally set Java Runtime Settings for the JRE.
Java Runtime Parameters
You can override the Java Plug-in default startup parameters by specifying custom options in the Java Runtime Parameters field. With the exception of setting classpath
and cp
, the syntax is the same as used with parameters to the java
command line invocation. See the java launcher for a full list of command line options:
java launcher: Windows, Solaris, Linux, or Mac OS X.
Below are some examples of Java runtime parameters.
Setting classpath
and cp
The following format should be used for setting classpath
and cp
in Java Plug-in. It differs slightly from the java
command line format, which uses a space instead of the equal (=
) sign.
Enabling and disabling assertion support
To enable assertion support, the following system property must be specified in the Java Runtime Parameters:
To disable assertion in the Java Plug-in, specify the following in the Java Runtime Parameters:
Assertion is disabled in Java Plug-in code by default. Since the effect of assertion is determined during Java Plug-in startup, changing assertion settings in the Java Plug-in Control Panel will require a browser restart in order for the new settings to take effect.
Because Java code in Java Plug-in also has built-in assertion, it is possible to enable the assertion in Java Plug-in code through the following:
Tracing and logging support
Tracing is a facility to redirect any output in the Java Console to a trace file (.plugin<version>.trace
).
If you do not want to use the default trace file name:
Similar to tracing, logging is a facility to redirect any output in the Java Console to a log file (.plugin<version>.log
) using the Java Logging API. Logging can be turned on by enabling the property javaplugin.logging
.
If you do not want to use the default log file name, enter:
Furthermore, if you do not want to overwrite the trace and log files each session, you can set the property:
If the property is set to false
, then trace and log files will be uniquely named for each session. If the default trace and log file names are used, then the files would be named as follows
Tracing and logging set through the Control Panel will take effect when the Plug-in is launched, but changes made through the Control Panel while a Plug-in is running will have no effect until a restart.
Debugging applets in Java Plug-in
The following options are used when debugging applets in the Java Plug-in.
The <connect-address>
can be any string (example: 2502
) which is used by the Java Debugger (jdb
) later to connect to the JVM
Default connection timeout
When a connection is made by an applet to a server and the server doesn't respond properly, the applet may appear to hang and may also cause the browser to hang, since by default there is no network connection timeout.
To avoid this problem, Java Plug-in 1.4 has added a default network timeout value (2 minutes) for all HTTP connections. You can override this setting in the Java Runtime Parameters:
Another networking property that you can set is sun.net.client.defaultReadTimeout
.
Note
Java Plug-in does not set sun.net.client.defaultReadTimeout
by default. If you want to set it, do so through the Java Runtime Parameters as shown above.
Networking properties description:
These properties specify, respectively, the default connect and read timeout values for the protocol handlers used by java.net.URLConnection
. The default value set by the protocol handlers is -1
, which means there is no timeout set.
sun.net.client.defaultConnectTimeout
specifies the timeout (in milliseconds) to establish the connection to the host. For example, for http connections it is the timeout when establishing the connection to the http server. For ftp connections it is the timeout when establishing the connection to ftp servers.
sun.net.client.defaultReadTimeout
specifies the timeout (in milliseconds) when reading from an input stream when a connection is established to a resource.
For the official description of these properties, see Networking Properties.
Security
As of the JDK 7u51 release, the Security panel looks like this:
De-selecting the Enable Java content in the browser button, which is selected by default, will prevent any Java application from running in the browser.
Security Level Slider
When the Enable Java content in the browser option is selected, the Security Level slider becomes available. As the security level is increased, more restrictions are placed on allowing an application to run, and stronger warnings are issued to the user.
The default security level setting is High. The available settings are:
Very High - Applications that are signed with a valid certificate that is located in the Signer CA keystore, and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked.
High - Applications that are signed with a valid or expired certificate that is located in the Signer CA keystore, and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.
Medium - All applications are allowed to run with security prompts.
See Rich Internet Application Deployment Process for information on how the decision to run or block an application is made.
The Security Level setting affects plug-in applets, Java Web Start applications, embedded JavaFX applications, and access to the native deployment toolkit plug-ins. This setting does not affect stand alone Java applications.
For more information, see Setting the Security Level of the Java Client.
Exception Site List
The exception site list contains a list of URLs that host RIAs that users want to run even if the RIAs are normally blocked by security checks. RIAs from the sites listed are allowed to run with applicable security prompts. Click Edit Site List to add, edit, and remove items.
See Exception Site List for more information.
Deployment Rule Set
If an active deployment rule set is installed on the system, the link View the active Deployment Rule Set is shown before the Manage Certificates button. Click the link to view the rule set. When a rule set is available, the rules determine if a RIA is run without security prompts, run with security prompts, or blocked. For more information on deployment rules, see Deployment Rule Set. For more information on security prompts, see Security Dialogs.
Restore Security Prompts
An option to hide a prompt in the future is included in some security prompts that are shown when an application starts. To insure the continued security of your system, it is recommended that you periodically restore the prompts that were hidden. Seeing the prompts again provides an opportunity to review the applications and ensure that you still want them to run.
To restore the prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown.
Certificates
Click Manage Certificates to get the Certificates dialog, which looks like this:
It handles both User- and System-Level (enterprise-wide) certificates of the following types: