Summary

Starting WebI Applet (RIA) on a computer with latest java updates installed will prompt the user with security warnings, especially if the applet is not signed (It's the case on validation environments). These warnings on top of being annoying are slowing the loading of the applet.

This "How to" document gives some context on these warnings, then give a quick way to remove the warnings.

These instructions do change the security settings for your Java Runtime environment, so it could be a security risk if you carry out these steps without knowing the impact.

Basically be careful that the domains you allow are ones you trust (i.e.: *.your.organisation) and be careful on how you distribute the jar file & certificate generated by this script. Two different organisations shouldn't share the same security certificate.

Context

With each new update, Java security seems to increase. As a result, for Applet applications like WebI Applet, user see one or more security prompts each time he accesses to an applet.

First with 1.7 (upade 51!?), they added a warning message that appears if a webpage tries to interact with it via JavaScript. Warning appears even if Applet is signed with a trusted certificate.

example of java security warning

If an Applet is not signed (which is the case for our validation environments at WebI Team), the Applet will be blocked:

example of blocked applet

To unblock the Applet, in Java 1.7, you must go to the "Security" tab of the "Java Control Panel" and lower the security to medium or less.

But in Java 1.8 we can't lower the security from the Java Control Panel. We have to add the url, of each website our applet is accessible from, to an exception list. There are no wildcard available, meaning you can't allow several domains at once (ie: http://*.sap.com).

example of Java 1.8 Control Panel

However Java allows the use of wildcard, not from the control panel but, by setting Deployment Rule Set

Basically, this consist of a signed jar file with a text file inside that will indicates what are the allowed domain names.

Remove Applet Warnings

To remove the applet warnings you must either follow Oracle Deployment Rule Set guide or simply execute the script below.

The script automate the steps described in the Oracle's guide.

Download

Zougi/ria-warning-disabler · GitHub

By default, the script removes all warnings of applets that comes from *.orcale.com websites.

You can download the zip here

You can test it here: Text Editor Applet Page

Note: For internals, there's a script already configured for sap domains on my github enterprise page & there's also a version that works with jre (no jdk required)

How to

First of all, extract the zip.

To add new domains or edit the existing ones, edit the file ruleset.xml

There are examples of ruleset on Oracle's Deployment Rule Set guide.

Before running the script, verify you have the Java JDK installed. You can download latest JDK (1.8) from http://www.oracle.com/technetwork/java/javase/downloads/index.html

Then start a Powershell as Administrator

example of How to start Powershell as administrator

(win key=> search "Powershell"=> right click => Run as administrator)

Execute the script

On this example, the script is executed from the Desktop

When execution ends, scripts display in Powershell the text "DONE" in green.

If you go back to the "Java Control Panel", in "Security" tab, you'll see the blue link "View the active Deployment Rule Set"

example of Java 1.8 Control Panel with Deployment Rule Set applied

You can click on the link to see if the rules are correct.

Now connect to your BOE, launch WebI Applet. No warnings anymore!