For security, users are prompted for permission to run an RIA before launching for the first time, even if the application is signed or doesn't require access outside of the security sandbox. The prompt includes the following information, depending on the RIA being run:
For a description of the prompts, see What should I do when I see a security prompt from Java?
Users are also warned if they are running an out-of-date JRE and are given the opportunity to update to the latest version before running an application. Users can also choose to run with the JRE on their system, or to block the application from running.
The security level setting in the Java Control Panel determines if users are given the opportunity to run RIAs. The default setting of High prompts users for permission to run applications that are signed with a valid certificate and include the Permissions attribute in the manifest for the main JAR file. If the revocation status of an application cannot be checked, the application is also allowed to run with the user's permsision.
Signing your RIA provides the user with a level of trust. Consider the following when preparing your application for deployment:
The best user experience is provided by an application that is signed with a certificate issued by a recognized certificate authority.
Self-signed and unsigned applications are not allowed to be run unless an exception site list or deployment rule set has been created to explicitly allow the application to run.
Signed applications can be either privileged applications or sandbox applications. Privileged applications are provided unrestricted access to resources on the user's system. Sandbox applications are restricted to the Java security sandbox. Unsigned applications are restricted to the sandbox.