/build/static/layout/Breadcrumb_cap_w.png

Java deploymentruleset.jar wild card usage

I am working on Java's DeploymentRuleSet.jar file to assist us with out Java security policies. We have some users that require the use of older java versions due to legacy in-house applications as well as a remote control client that our help desk uses. ExpertAssist, if any of you are familiar. For those users, we want them to run 8u31 for external sites and 7u55 for internal sites.

I have the applications used by our account department figured out within the rule set using:

        <rule>
<id location="http://*.domain-name.com/" />
<action permission="run" version="SECURE 1.7.0_55" />
</rule>

But when I get to the remote desktop agents that use https://locahost:2000 as the URL i run into issues.

If i specifically insert the following into my rule set, a machine running Java 8u31 will successfully run the applet contained under Java 7u55 successfully. Problem with this, we have 1500+ devices. So I am wanting to try to use a wild card whenever possible. 

<rule>
<id location="https://hostname:2000" />
<action permission="run" version="SECURE 1.7.0_55" />
</rule>

No matter how I place the wild card, the applet fails and is blocked because if the rule set does not contain a specific ID, then the run permission is "default" , which with 8u31, any unsigned Java applets are blocked.

<rule>
<id />
<action permission="default" />
</rule>


I have tried <id location="*.domainname.com:2000" ; https://*.*.*:2000 ; *:2000 ; https://*:2000 and about 15 other ways that I could possibly think of. Does any one out there have any real experience with the Java DeploymentRuleSet.jar setup, and can you shine any light on my issue?


I have used several sites for reference, here is the main Oracle link if you need reference.

https://blogs.oracle.com/java-platform-group/entry/introducing_deployment_rule_sets

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html

Asked 9 years ago 2326 views
1 Comment   [ + ] Show comment
  • I'm having similar issue. Did you ever figure it out. There is 0 support or forums for this type of thing. It's very frustrating - JohnBurke 5 years ago

Answers (0)

Be the first to answer this question

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ