The Preferences API can be used by applications along with the installed security manager that enables using the preferences permission. However, WebStart-based applications cannot permit preferencesonly. You can permit all or deny all by using ajnlp-file. So, how to store user preferences for unsigned applications deployed through Java WebStart?

Java provides the Preferences API to store and retrieve user and system preference and configuration data. These data are stored persistently in an implementation-dependent backing store. Typical implementations use Windows Registry or UNIX flat files. The Preferences API is designed as the Service Provider Interface (SPI). Therefore, you can provide custom implementation of the PreferencesFactory class that will be loaded on demand. But you can't use the Preferences API with your custom implementation, because the static methods of the Preferences class throws SecurityException. Why?!

The PersistenceService class is provided to store data locally on the client system for JNLP-based applications running in the untrusted execution environment. So, it is possible to create a custom implementation of the Preferences class, but we cannot fully use its functionality, because static methods cannot be overridden.

That's why I have created the PersistencePreferences class that allows to store user preferences for unsigned applications deployed through Java WebStart. Additionally, I have created the MemoryPreferencesclass that can be used as a temporary storage while an application is running. It makes the preference operations transparent. Consider the AppletPrefsapplet that uses the following method to choose an appropriate node that holds the application preferences:

private static Preferences getPreferences() {
    Preferences prefs;
    try {
        prefs = Preferences.userRoot();
    catch (SecurityException disabled) {
        try {
            prefs = new PersistencePreferences();
        catch (Exception unavailable) {
            prefs = new MemoryPreferences();
    return prefs.node("Vendor Name").node("App Name");

Signed JNLP applet


The signed applet above enables all permissions in jnlp-file. On Windows it stores its preferences in the Windows Registry. You can check them using theregedit command.

Unsigned JNLP applet


The unsigned applet above stores its preferences by using the JNLP persistence service. Try to reload the page to ensure that all tabs and their content is saved.

Update: Hmm... This applet throws the BackingStoreException. Seems the reason is that the location of the jar-file differs from the web page location. This applet works here. What a pity! It was an interesting idea. But you can try to start the unsigned applet as a Java WebStart application. It works as expected:

Simple unsigned applet


The applet above is the same as the previous one, but it is deployed as a usual applet. Therefore, it cannot access the JNLP services and does not reload data on the page restart.

original post