I am working on Java's DeploymentRuleSet.jar file to assist us with out Java security policies. We have some users that require the use of older java versions due to legacy in-house applications as well as a remote control client that our help desk uses. ExpertAssist, if any of you are familiar. For those users, we want them to run 8u31 for external sites and 7u55 for internal sites.

I have the applications used by our account department figured out within the rule set using:

<id location="http://*.domain-name.com/" />
<action permission="run" version="SECURE 1.7.0_55" />

But when I get to the remote desktop agents that use https://locahost:2000 as the URL i run into issues.

If i specifically insert the following into my rule set, a machine running Java 8u31 will successfully run the applet contained under Java 7u55 successfully. Problem with this, we have 1500+ devices. So I am wanting to try to use a wild card whenever possible. 

<id location="https://hostname:2000" />
<action permission="run" version="SECURE 1.7.0_55" />

No matter how I place the wild card, the applet fails and is blocked because if the rule set does not contain a specific ID, then the run permission is "default" , which with 8u31, any unsigned Java applets are blocked.

<id />
<action permission="default" />

I have tried <id location="*.domainname.com:2000" ; https://*.*.*:2000 ; *:2000 ; https://*:2000 and about 15 other ways that I could possibly think of. Does any one out there have any real experience with the Java DeploymentRuleSet.jar setup, and can you shine any light on my issue?

I have used several sites for reference, here is the main Oracle link if you need reference.



0 Comments   [ + ] Show Comments


Please log in to comment

There are no answers at this time


Answer this question or Comment on this question for clarity