Bhaskar Karambelkar's Blog

Some useful Java System Properties

 

Tags: java


Here are some Java system properties that can be used while starting a new JVM. These options either provide some kind of performance benefits under certain conditions, or are used to override default values, when using default values is not suitable or not a good option.

General Properties

  • -Duser.timezone=XYZ
    Used to set the Default Timezone of the JVM. This can be used, when you are not sure of the platform’s default Timezone, and want to be sure that the JVM always uses a certain timezone. e.g. -Duser.timezone=GMT

  • -Djava.awt.headless=true
    Used to run AWT in a headless (i.e. no X server) environment. Even if you are running an application server, if you need to use the AWT API to generate dynamic images, then you either need access to a Graphics Environment or you need to set this system property. This is relevant only in a *NIX environment.

  • -Djava.net.preferIPv4Stack=true
    This property can be set to speed up certain parts of the Networking API, if you don’t intend to deploy the JVM in an IPV6 environment. Unless you are deploying your JVM in a IPV6 network it is a good idea to set this system property.

  • -Dsun.lang.ClassLoader.allowArraySyntax=true
    This option is relevant only in Java 1.6 (Java 6) and above. If you get strange Arrays related errors while running code compiled with JDK 5 and below, you can try and set this property to solve this problem.

Security related Options

I often use these options to override the default locations of keystore and truststore files. Sometimes it is necessary that you need to import certain SSL certificates in your truststore file especially the self signed ones or when importing a CA Root Certificate that is not in the truststore. If you use the default values, then it means you will have to change a file in the JDK installation, which is not a good idea. By overriding the default locations, you are free to place your truststore outside of the JDK, probably also bundle it as part of your installation. Same goes true for your keystore too.

  • javax.net.ssl.keyStore=location
    Used to override the default keystore location, from $HOME/.keystore

  • javax.net.ssl.trustStore=location
    Used to override the default root CA file from $JAVA_HOME/jre/lib/security/cacerts

  • javax.net.ssl.keyStoreType
    Used to change the default keystore type from JKS. You can use a different format to store your keys, provided you have a proper security provider installed.

  • javax.net.ssl.keyStorePassword
    Used to provide a password for the keystore if different from the default “changeit”. And by the way it is a good idea to take that advise and change the default password.

  • javax.net.ssl.trustStoreType
    Used to change the default truststore type from JKS. You can use a different format to store your keys, provided you have a proper security provider installed.

  • javax.net.ssl.trustStorePassword
    Used to provide a password for the truststore if different from the default “changeit”. And by the way it is a good idea to take that advise and change the default password.

JMX Related Options

  • -Dcom.sun.management.jmxremote
    Used to enable local JMX agent for the target JVM. Once a JMX agent has been enabled for your JVM, you can use JMX applications such as JConsole etc for monitoring and managing your JVM.
    Note: Since Java 6 you no longer need this option if all you need is a local agent. Java 6 can automatically connect to any locally running (running on the same machine) JVM.

  • -Dcom.sun.management.jmxremote.port=portNum
    The default port for the JXM Remote agent is 1099. You can use the first option to override it. Jboss, starts up the Naming service on port 1099, so this option comes in handy when you want to enable remote jmx agent for a jboss server.

The following options are for authentication and enabling SSL for the communications port. To be able to use SSL , you need to setup a Private Key and a Certificate and provide that information, using the security related JVM options as described above.

  • -Dcom.sun.management.jmxremote.password.file=pwFilePath

  • -Dcom.sun.management.jmxremote.authenticate=false

  • com.sun.management.jmxremote.ssl=false

  • com.sun.management.jmxremote.ssl.need.client.auth=true

Garbase Collection

This increase the garbage collection interval for JVMs that start up an RMI communications. Ideal candidates for these settings are application servers.

  • -Dsun.rmi.dgc.server.gcInterval=3600000

  • -Dsun.rmi.dgc.client.gcInterval=3600000

Other useful properties

  • -Duser.name=XYZ
    This may not be useful to all, but it sets the default username of the JVM. One place where I find this useful is, when using maven2 + openssh for repository and site uploads. Usually I have different user a/cs on different subversion repositories, so I use this to set the username to my a/c name on the corresponding subversion repository for (svn+ssh) or site upload scp locations.

Please add any more options you can think of, in the comments section.