Skip to main content

7u60 Build b01 - Lifeconnect issues

5 replies [Last post]
BaLind
Offline
Joined: 2012-02-29
Points: 0

Hello,

I have installed 7u60 Build b01 and made some tests with our application. This application contains many applets.
Due to the java 7 security enhancements we have changed our production and added some stuff to the MANIFEST.MF file. We added:
- Caller-Allowable-Codebase: https://*
- Codebase: https://*
- Permissions: all-permissions
All jar files of our new release are signed with an official certificate.

We use javascript - java communication in some cases.

But I see the java console entry: “security: LiveConnect (JavaScript) blocked due to security settings”. Our application does not work. Are additional settings necessary to keep our application running with the security level HIGH?

Thanks in advance.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
nowings
Offline
Joined: 2014-01-08
Points: 0

OP- I don't use the application you are talking about (liveConnect) but have another application that I went through a lot of pain with 7r45 getting signed correctly with the correct codebase/permissions/app-name stuff. Worked perfectly on 7r45. Won't even start on 7r60.

The only thing that I was able to determine that if you add the list of sites in the Java control panel, under security tab, exception site list, you can at least get the option to run the application as long as you run it from the list there. The file exception.sites (located under the user profile of each user launching the application) can be pushed by domain admins (that's the angle that I am coming from, not a programmer) so users can at least launch the application.

I also echo some of the others in the thread. The .jars ran perfectly in 7r45, after being signed and correctly configured. It would appear that Java re-wrote the rules again when it comes to Java Security.

sdommel
Offline
Joined: 2013-12-08
Points: 0

Same thing here.

Our applet uses LiveConnect and gets block with 7u60 (10.60.2.01) with "security: LiveConnect (JavaScript) blocked due to security settings."

The same applet worked fine with 7u45 and has a trusted signature and the Permissions and Caller-Allowable-Codebase attributes set in the manifest.

Another applet with the same configuration, that does not use LiveConnect, works fine with 7u60.

Any special requirements missing for LiveConnect to work?

joem-oracle
Offline
Joined: 2012-08-22
Points: 0

I believe the issue is that 7u60 is not yet synchronized with the next (7u51) security changes. This won't happen until after the next CPU release is out.

If the application is properly signed and has the "permissions" attribute then inbound live connect should work at the default level with an additional warning prompt. If you use the caller-allowable-codebase attribute as well then it will work without the extra warning prompt.

-Joe

andrewlippert
Offline
Joined: 2013-11-13
Points: 0

Joe,

Your response completely ignores the two previous posts. Both indicate properly configured manifests and signed applets failing LiveConnect. The community depending on the functionality is now forced to anticipate failures like this following the debacle of u45.

It would be much more helpful for your developer community if you would read the posts, understand the issues being raised and escalate to someone with the level of understanding of the issue to actually explain the failure mode and suggest the steps required to address the situation.

Anxiously awaiting a more constructive response then 'it should work.'

- Andrew

gaurang09
Offline
Joined: 2014-01-01
Points: 0

Hello,

I have put the following attributes in my applets manifest file.
Permissions: all-permissions
Codebase: *
Trusted Ony: true.

The applet works fine in JRE 1.7u45 but throws an error on JRE 1.6u60 saying 'Security Exception: attempted to open sandboxed jar as a Trusted-Only. Is this a known issue in JRE 1.6u60?

I was wondering if my application would work with JRE 1.7u51?