The Java Control Panel is a multipurpose control panel. It allows you to view and set a wide range of parameters controlling how, or if, Java technology runs on your computer. It lets you view and delete temporary files used by the Java Plug-in, which allows Java technology to be used by your Web browser to run applets; and Java Web Start, which allows you to run Java applications over the network. It allows you to control certificates, making it safe to run applets and applications over the network. It enables you to view an active deployment rule set, and to manage the exception site list. It allows you to set runtime parameters for applets that run with Java Plug-in and applications that run with Java Web Start. It provides a mechanism for updating your version of the Java platform so that you always have the latest Java Runtime Environment (JRE). And it allows you to set options for debugging, applet handling, etc. The Java Control Panel includes the following separately viewable panels:
Contents
The General panel looks like this:
It includes three subpanels: About, NetworkSettings, and Temporary Internet Files. As of the JDK 7u10 release,this panel also informs you whether Java is enabled in the browser.This setting is contolled in the Security panel.
The About... button displaysversion information for the latest JRE installed on thecomputer.
These settings are for network connections. Press theNetwork Settings... button to get the NetworkSettings dialog. There are four choices:
Check this to use the browser default proxy settings. This isthe default setting (checked).
You have two choices here:
You can specify the location (URL) for the JavaScript file (.jsor .pac extension) that contains the FindProxyForURL
function. FindProxyForURL
has the logic to determinethe proxy server to use for a connection request.
Select this for situations where you do not want to use aproxy.
You can do the following:
On Microsoft Windows platforms, the Update panel looks like this:
The Update panel, in conjunction with the JavaUpdate Scheduler (jusched.exe
), is used to provide thelatest Java updates to the end user.
Note: This panel is only available on Microsoft Windows and Mac OS X and only for users with Administrative privileges. On Microsoft Windows, if both the 32-bit and 64-bit versions of Java are installed, this panel is not available. In this event, you have to launch the Java Control Panel directly from the 32-bit directory command line (C:\Program Files (x86)\Java\jre7\bin\javacpl.exe).
There are two basic options on the Update tab:
Automatic update is performed on a scheduled basis and it isselected by checking the Check for Updates Automaticallycheck box.
Manual update is performed by pressing the Update Nowbutton.
If you select automatic update, you can then set thenotification via the Notify Me: drop-down menu, and you canset the update schedule via the Advanced... button.
With notification, you can chose to be notified before an updateis downloaded and before it is installed; or you can chose to benotified only before an update is installed (i.e., the download isautomatic).
The Advanced... allows you to select the desiredfrequency for updates: daily, weekly, or monthly (default). Fordaily updates, you can select the time of the day for the update. For weekly updates, you can select the day of the week and the timeof the day. For monthly updates, you can select the day of theweek and the time of the day. Monthly updates check weekly and notify you within 30 days that an update is available, however, if an update is considered critical you are notified within a week of its release.
You can do manual updates at any time by pressing the UpdateNow button. This allows you to do immediate, unscheduledupdates.
On Microsoft Windows platforms, the Java Update Scheduler (jusched.exe
) is used forlaunching automatic updates when Update Automatically isselected in the Update tab. jusched.exe
runs as abackground process that launches the Update Manager at predefinedintervals set by the user through the Advanced... button ofthe Update tab. The Update Manager coordinates the updateprocess.
jusched.exe
is launched when the user reboots thecomputer after installing the SDK/JRE. It is normally transparentto the user but can be viewed in the Processes tab of the WindowsTask Manager. Should a user for some reason not want the schedulerto run, it can be killed via End Process button of theProcesses tab.
The Java panel looks like this:
Click the View... button to accessthe Java Runtime Environment Settings dialog.
These settings will be used when a Java applicationis launched. The Java Runtime Environment Settings dialog lookslike the following on Microsoft Windows:
Each row in the Java Runtime Versions panelrepresents a Java Runtime Environment that is installed in yourcomputer. You may modify the value in each cell by double-clickingit:
Click the Find button to launch the JREFinder. This utility searches for unregistered privateJava Runtime Environments installed in your computer and adds themto the Java Runtime Versions panel.
Click the Add button to manually add a JavaRuntime Environment to the Java Runtime Versions panel. When youclick the Add button, a new row appears in theJava Runtime Versions panel; however, there are novalues for Platform, Product,Path, Runtime Parameters, andEnabled; you must specify them yourself.
Click the Remove button to remove the selectedJava Runtime Environment from the Java RuntimeVersions panel.
Notes
There will always be at least one entry. It will be the mostrecently installed JRE; i.e., the JRE associated with the JavaControl Panel.
Microsoft Windows will show all JREs installed on a computer.The Java Control Panel finds the JREs by looking in the registry.On Solaris, Linux, or Mac OS X, the situation is different.There is no registry so thereis no easy way to find the JREs that a user may have installed. TheJRE that Java Web Start or Java Plug-in is using to deployapplications is the JRE that is considered registered.Consequently, use the Find, Add,and Remove buttons to change which JREs are listedin the Java Runtime Environments panel. On Mac OS X, only the currently installed JRE is displayed, JDKs are not included.
For Solaris, Linux, or Mac OS X, only version 5.0 or higher should be added. ForMicrosoft Windows, where all JREs are found in the registry,version 1.3.1 or higher will be displayed.
Assume you are running on Microsoft Windows with MicrosoftInternet Explorer, have first installed version 1.4.2, then version5.0, and you want to run 1.4.2.
j2re1.4.2\bin
directory where JRE 1.4.2was installed. On a Windows default installation, this would behere: C:\Program Files\Java\j2re1.4.2\bin
jpicpl32.exe
file located there.It will launch the control panel for 1.4.2.APPLET
tags.You can add a JRE by pressing Add and specifyingits location (see notes above).
For Windows and Solaris, Linux, or Mac OS X you can optionally set JavaRuntime Settings for the JRE.
You can override the Java Plug-in default startup parameters byspecifying custom options in the Java Runtime Parameters field.With the exception of setting classpath
andcp
, the syntax is the same as used with parameters to thejava
command line invocation. See the java launcherfor a full list of command line options:
java launcher: Windows, Solaris, Linux, or Mac OS X.
Below are some examples of Java runtime parameters.
The following format should be used for settingclasspath
and cp
in Java Plug-in. Itdiffers slightly from the java
command line format,which uses a space instead of the equal (=
) sign.
Enabling and disabling assertion support
To enable assertion support, the following system property mustbe specified in the Java Runtime Parameters:
To disable assertion in the Java Plug-in, specify the followingin the Java Runtime Parameters:
Assertion is disabled in Java Plug-in code by default. Since theeffect of assertion is determined during Java Plug-in startup,changing assertion settings in the Java Plug-in Control Panel willrequire a browser restart in order for the new settings to takeeffect.
Because Java code in Java Plug-in also has built-in assertion,it is possible to enable the assertion in Java Plug-in code throughthe following:
Tracing and logging support
Tracing is a facility to redirect any output in the Java Consoleto a trace file (.plugin
).
If you do not want to use the default trace file name:
Similar to tracing, logging is a facility to redirect any outputin the Java Console to a log file(.plugin
) using the Java LoggingAPI. Logging can be turned on by enabling the propertyjavaplugin.logging
.
If you do not want to use the default log file name, enter:
Furthermore, if you do not want to overwrite the trace and logfiles each session, you can set the property:
If the property is set to false
, then trace and logfiles will be uniquely named for each session. If the default traceand log file names are used, then the files would be named asfollows
Tracing and logging set through the Control Panel will takeeffect when the Plug-in is launched, but changes made through theControl Panel while a Plug-in is running will have no effect untila restart.
Debugging applets in Java Plug-in
The following options are used when debugging applets in theJava Plug-in.
The
can be any string(example: 2502
) which is used by the Java Debugger(jdb
) later to connect to the JVM
Default connection timeout
When a connection is made by an applet to a server and theserver doesn't respond properly, the applet may appear to hang andmay also cause the browser to hang, since by default there is nonetwork connection timeout.
To avoid this problem, Java Plug-in 1.4 has added a defaultnetwork timeout value (2 minutes) for all HTTP connections. You canoverride this setting in the Java Runtime Parameters:
Another networking property that you can set issun.net.client.defaultReadTimeout
.
Note
Java Plug-in does not setsun.net.client.defaultReadTimeout
by default. If youwant to set it, do so through the Java Runtime Parameters as shownabove.
Networking properties description:
These properties specify, respectively, the default connect andread timeout values for the protocol handlers used byjava.net.URLConnection
. The default value set by theprotocol handlers is -1
, which means there is notimeout set.
sun.net.client.defaultConnectTimeout
specifies thetimeout (in milliseconds) to establish the connection to the host.For example, for http connections it is the timeout whenestablishing the connection to the http server. For ftp connectionsit is the timeout when establishing the connection to ftpservers.
sun.net.client.defaultReadTimeout
specifies thetimeout (in milliseconds) when reading from an input stream when aconnection is established to a resource.
For the official description of these properties, see Networking Properties.
As of the JDK 7u51 release, the Security panel looks like this:
De-selecting the Enable Java content in the browser button, which is selected by default, will prevent any Java application from running in the browser.
When the Enable Java content in the browser option is selected, the Security Level slider becomes available. As the security level is increased, more restrictions are placed on allowing an application to run, and stronger warnings are issued to the user.
The default security level setting is High. The available settings are:
Very High - Applications that are signed with a valid certificate that is located in the Signer CA keystore, and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked.
High - Applications that are signed with a valid or expired certificate that is located in the Signer CA keystore, and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.
Medium - All applications are allowed to run with security prompts.
See Rich Internet Application Deployment Process for information on how the decision to run or block an application is made.
The Security Level setting affects plug-in applets, Java Web Start applications, embedded JavaFX applications, and access to the native deployment toolkit plug-ins. This setting does not affect stand alone Java applications.
For more information, see Setting the Security Level of the Java Client.
The exception site list contains a list of URLs that host RIAs that users want to run even if the RIAs are normally blocked by security checks. RIAs from the sites listed are allowed to run with applicable security prompts. Click Edit Site List to add, edit, and remove items.
See Exception Site List for more information.
If an active deployment rule set is installed on the system, the link View the active Deployment Rule Set is shown before the Manage Certificates button. Click the link to view the rule set. When a rule set is available, the rules determine if a RIA is run without security prompts, run with security prompts, or blocked. For more information on deployment rules, see Deployment Rule Set. For more information on security prompts, see Security Dialogs.
An option to hide a prompt in the future is included in some security prompts that are shown when an application starts. To insure the continued security of your system, it is recommended that you periodically restore the prompts that were hidden. Seeing the prompts again provides an opportunity to review the applications and ensure that you still want them to run.
To restore the prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown.
Click Manage Certificates to get the Certificates dialog, which looks like this:
It handles both User- and System-Level(enterprise-wide) certificates of the following types:
These are certificates for signed applets and applications thatare trusted.
These are certificates for secure sites.
These are certificates of Certificate Authorities (CAs) forTrusted Certificates; Certificate Authorities are the ones whoissue the certificates to the signers of Trusted Certificates.
These are certificates of Certificate Authorities (CAs) forsecure sites; Certificate Authorities are the ones who issue thecertificates for secure sites.
These are certificates for a client to authenticate itself to aserver.
For user-level certificates, there are four options:Import, Export, Remove, and Details.The user can import, export, remove, and view the details of acertificate.
The following table shows the default locations of the of the keystore
files.
Operating System | Location |
---|---|
Solaris, Linux, or Mac OS X | ${user.home}/.java/deployment/security |
Microsoft Windows |
|
For instance, on Microsoft Windows 7, the default location of thekeystore
files for user jsmith
would beas follows:
For non-default locations of the certificatekeystore
files, specify them in the User-Leveldeployment.properties file
with the following propertynames:
Certificate Type | Property Name |
---|---|
Trusted Certificates | deployment.user.security.trusted.certs |
Secure site | deployment.user.security.trusted.jssecerts |
Signer CA | deployment.user.security.trusted.cacerts |
Secure site CA | deployment.user.security.trusted.jssecacerts |
Client Authentication | deployment.user.security.trusted.clientcerts |
For System-Level certificates, the only options a user has areExport and Details.
Trusted, Secure Site, and Client Authentication certificatekeystore
files do not exist by default. Thus there areno default locations for them.
The default location for the Signer CA keystore is:
Operating System | Location |
---|---|
Solaris, Linux, or Mac OS X | $JAVA_HOME/lib/security/cacerts |
Microsoft Windows |
|
The default location for the Secure Site CA keystore is:
Operating System | Location |
---|---|
Solaris, Linux, or Mac OS X | $JAVA_HOME/lib/security/jssecacerts |
Microsoft Windows |
|
The location of the keystore
files for the varioustypes of certificates can also be set in a System-Leveldeployment.properties
file, if it exists. TheSystem-Level deployment.properties
file does not existby default. It is specified in a deployment.config
file. See System-Level deployment.properties
file.The following properties may be specified:
Certificate Type | Property Name |
---|---|
Trusted Certificates | deployment.system.security.trusted.certs |
Secure site | deployment.system.security.trusted.jssecerts |
Signer CA | deployment.system.security.trusted.cacerts |
Secure site CA | deployment.system.security.trusted.jssecacerts |
Client Authentication | deployment.system.security.trusted.clientcerts |
The Advanced panel looks like this (three screenshots arerequired to show the entire list of options):
It includes options for Debugging, Java console, Default Java for browsers, Shortcut Creation, JNLP File/MIME Association, Application Installation, Secure Execution Environment, Mixed code security verification, Certificate revocation checks, Advanced Security Settings, and Miscellaneous.
You can enable tracing and logging.
There are three options:
There are two options; both are selected by default:
This option enables settings in your browser that enable you touse the JRE installed in your computer.
For example, if you enable this option for Microsoft InternetExplorer, then the option Use JRE
In addition, if you enable this option for Mozilla Family, andyour browser is Firefox, then the extension Java Console
This provides options for Java Web Start forcreating shortcuts on the desktop. The options are:
This allows you to associate files with the JNLPMIME type. The options are (radio button, select only one):
There are four options:
A Java application or applet that is launched with Java WebStart can either be installed or cached on the client computer. Ifthe Java application is cached, then Java Web Start stores theentire application in its cache; the application is removed fromthe client computer when Java Web Start empties its cache. If theJava application is installed, then the application will have anentry in the Add or Remove Programs applet in Windows ControlPanel.
A Java application or applet can specify if it prefers to becached or installed; if the Java application specifies that itprefers to be installed, then it is hinted. By default,Java applications that are hinted are installed on the clientcomputer. You can also specify that a Java application is installedif it creates a shortcut on the client computer's desktop.
These options are check boxes. You can select any number ofavailable options. All options are checked by default except forthose specified. The following are the various Java securityoptions:
The Mixed code options are radio buttons. Youcan select only one option. For more information, see Mixing Privileged Code and Sandbox Code.
Before a signed applet or Java Web Start application is run, the certificates used to sign the JAR file can be checked to ensure that none have been revoked. You can have all certificates checked, or only the certificate from the publisher of the app. If a certificate has been revoked, any app that is signed with the certificate is not allowed to run. This check can be disabled, but that is not recommended. You can select only one of the following options:
The following options indicate what to use to determine if a certificate has been revoked:
If Do Not Check is selected for Perform certificate revocation checks on, this setting is ignored.
These options are check boxes. You can select any number ofavailable options. All options are checked by default except forthose specified. The following are the various Java securityoptions:
The following options are available, none are checked by default:
Place Java icon in system tray
Suppress sponsor offers when installing or updating Java
Select this option if you do not want to be provided with offers from sponsors during the installation or update process.
Java Quick Starter (Microsoft Windows only)
Allows you to specify the location of the default browser to belaunched.
联系客服