Oracle has made very relevant changes for RIA applications (applets / web start) in this year, as long as these run in browsers (these changes will not affect desktops or server applications which run out of server) security items are related to this.
If application is target to run in browser as
developer there are some items you have to consider:
- To sign all RIAs (Applets and Web Start applications).*self-signed and sign with trusted Cerficate.
- To set the "Permissions" attribute within the Manifest.*add a .txt file to the .jar with the attributes "sandbox" or "all-permission", depending if your application accesses user's system resources.
Although self signing is a procedure we are familiarised with - is longer useful for testing - is remarkable the use of a trusted certificate from a third party certification authority (CA) such as goDaddy, Verisign, Digicert, etc,. to be allowed to run on browser without to be stopped, see
how digital signatures work. Otherwise the Deployment Rule Set proposes to whitelist applications or distribute self signed certificate for a known community or just to download and run the application out of browsers it could be an option and to help the users with this way of course.
 |
| Example of oracle detail-Certificate provided by VeriSign |
 |
| java control panel |
For
users who have problems running java applications on browsers you can still set these sites in "Exception Site list" allowing to run your applets without to be stopped. For this go to Start->control panel->programs->java, open java control panel go to security tab, click edit site list and past the URL of the java application make apply and now you can run the application as usual.
