How to: Speed-up Applet loading by removing java security warnings
Tags:
Summary
Starting WebI Applet (RIA) on a computer with latest java updates installed will prompt the user with security warnings, especially if the applet is not signed (It's the case on validation environments). These warnings on top of being annoying are slowing the loading of the applet.
This "How to" document gives some context on these warnings, then give a quick way to remove the warnings.
These instructions do change the security settings for your Java Runtime environment, so it could be a security risk if you carry out these steps without knowing the impact.
Basically be careful that the domains you allow are ones you trust (i.e.: *.your.organisation) and be careful on how you distribute the jar file & certificate generated by this script. Two different organisations shouldn't share the same security certificate.
Context
With each new update, Java security seems to increase. As a result, for Applet applications like WebI Applet, user see one or more security prompts each time he accesses to an applet.
First with 1.7 (upade 51!?), they added a warning message that appears if a webpage tries to interact with it via JavaScript. Warning appears even if Applet is signed with a trusted certificate.
example of java security warning
If an Applet is not signed (which is the case for our validation environments at WebI Team), the Applet will be blocked:
example of blocked applet
To unblock the Applet, in Java 1.7, you must go to the "Security" tab of the "Java Control Panel" and lower the security to medium or less.
But in Java 1.8 we can't lower the security from the Java Control Panel. We have to add the url, of each website our applet is accessible from, to an exception list. There are no wildcard available, meaning you can't allow several domains at once (ie: http://*.sap.com).
example of Java 1.8 Control Panel
However Java allows the use of wildcard, not from the control panel but, by setting Deployment Rule Set
Basically, this consist of a signed jar file with a text file inside that will indicates what are the allowed domain names.
Remove Applet Warnings
To remove the applet warnings you must either follow Oracle Deployment Rule Set guide or simply execute the script below.
The script automate the steps described in the Oracle's guide.
Download
Zougi/ria-warning-disabler ยท GitHub
By default, the script removes all warnings of applets that comes from *.orcale.com websites.
You can download the zip here
You can test it here: Text Editor Applet Page
Note: For internals, there's a script already configured for sap domains on my github enterprise page & there's also a version that works with jre (no jdk required)
How to
First of all, extract the zip.
To add new domains or edit the existing ones, edit the file ruleset.xml
There are examples of ruleset on Oracle's Deployment Rule Set guide.
Before running the script, verify you have the Java JDK installed. You can download latest JDK (1.8) from http://www.oracle.com/technetwork/java/javase/downloads/index.html
Then start a Powershell as Administrator
example of How to start Powershell as administrator
(win key=> search "Powershell"=> right click => Run as administrator)
Execute the script
On this example, the script is executed from the Desktop
When execution ends, scripts display in Powershell the text "DONE" in green.
If you go back to the "Java Control Panel", in "Security" tab, you'll see the blue link "View the active Deployment Rule Set"
example of Java 1.8 Control Panel with Deployment Rule Set applied
You can click on the link to see if the rules are correct.
Now connect to your BOE, launch WebI Applet. No warnings anymore!