Starting with Java 7 Update 51, trying to run Java applications generates messages
CAUSE
Java has further enhanced security to make the user system less vulnerable to external exploits. Starting with Java 7 Update 51, Java does not allow users to run applications that are not signed (unsigned), self-signed (not signed by trusted authority) or that are missing permission attributes.
WORKAROUND
How can I configure the Exception Site List?
This article applies to:
- Java version(s): 7.0, 8.0
The Exception Site List feature was introduced in the release of Java 7 Update 51. By adding application URL to the Exception list allows users to run Rich Internet Applications (RIAs) that would normally be blocked by security checks.
Listed below are cases which will allow applications to run by adding the application url to the exception site list:
- If application is not signed with a certificate from trusted certificate authority.
- If application is hosted locally.
- Jar file not having the Permission manifest attribute.
- Application signed with an expired certificate.
- Certificate used to sign the application cannot be checked for revocation.
Manage the Exception Site List
The exception site list is managed in the Security tab of the Java Control Panel. The list is shown in the tab. To add, edit or remove a URL from the list, click Edit Site List.
Find the Java Control Panel
Add a URL
- Click on the Edit Site List button.
- Click the Add in the Exception Site List window.
- Click in the empty field under Location field to enter the URL.
URL should begin withhttp://
orhttps://
eg.http://myexample.com
orhttps://myexample.com
- Click OK to save the URL that you entered. If you click Cancel, the URLs are not saved.
- Click Continue on the Security Warning dialog.
URL Format
- A protocol and domain are required.
Supported protocols areFILE
,HTTP
, andHTTPS
.HTTPS
is recommended. If the protocol is notHTTPS
, a warning is shown. - A port number is required only if the default port is not used.
- A path is optional.
- Wildcards are not supported.
- If only a domain is provided, any RIA from that domain is allowed to run. A domain can have multiple entries, for example,
https://www.example.com
andhttp://www.example.com
. - If the path ends with a slash (/), for example,
https://www.example.com/apps/
, RIAs in that directory and any subdirectory are allowed to run. If the path does not end with a slash, for example,http://www.example.com/test/applet.html
, only that specific RIA is allowed to run.
- If only a domain is provided, any RIA from that domain is allowed to run. A domain can have multiple entries, for example,
Only add a site to the exception site list if you trust the entire site. Even if a path is specified, adding a site that might contain other untrusted paths could present a security risk and is not recommended.
If an invalid URL is entered, an error icon is shown next to the item. If the URL is not corrected before OK is clicked, the invalid URL is not saved.
Edit a URL
- Double click the URL that you want to edit in the Exception Site List window.
- Make change to the URL.
- Click OK to save the changes. If you click Cancel, the changes are not saved.
Remove a URL
- Click the URL that you want to remove in the Exception Site List window.
- Click Remove.
- Click OK to save your change. If you click Cancel, the URLs are not removed from the list.