Documentation Contents

Exception Site List

Java Rich Internet Applications Guide > Security > Exception Site List

This page includes the following topics:

Overview

The Exception Site List feature provides a way for users to run Rich Internet Applications (RIAs) that otherwise would be blocked by security checks. The criteria used to determine if RIAs are allowed to run are becoming stricter. In some cases it might be difficult to update legacy RIAs to meet the security requirements and prevent them from being blocked. This feature enables users to continue to run these RIAs.

The exception site list contains URLs for sites that host RIAs that users want to run. RIAs that are launched from sites in the exception site list are allowed to run with the appropriate security prompts, even in the following circumstances, which would normally cause the RIA to be blocked:

The exception site list also allows JavaScript code to call Java code (LiveConnect) without prompting the user for permission when the JavaScript code and the Java code are located on a site in the list.


Note: If an active deployment rule set is installed on the system, the deployment rules take precedence over the exception site list. The exception site list is considered only when the default rule applies. See Deployment Rule Set for information about deployment rules.


Manage the Exception Site List

The exceptions granted by the Exception Site List feature apply to RIAs whose entry point is included in the list:

If the RIA requires resources from another domain, that domain must also be included in the exception site list. Otherwise, the RIA is blocked when the additional resource is accessed.

The exception site list is managed in the Security tab of the Java Control Panel. The list is shown in the tab. To add, edit, or remove items from the list, click Edit Site List and follow the directions in Add a URL, Edit a URL, and Remove a URL.

Add a URL

To add a URL to the exception site list, follow these steps:

  1. Click Add in the Exception Site List window.
  2. Type the URL into the empty field that is provided under Location.
  3. Continue to click Add and enter URLs until your list is complete.
  4. Click OK to save the URLs that you entered. If you click Cancel, the URLs are not saved.

The following rules apply to the format of the URL:

Only add a site to the exception site list if you trust the entire site. Even if a path is specified, adding a site that might contain other untrusted paths could present a security risk and is not recommended.

If an invalid URL is entered, an error icon is shown next to the item. If the URL is not corrected before OK is clicked, the invalid URL is not saved.

Edit a URL

To edit a URL in the exception site list, follow these steps:

  1. Double-click the URL that you want to edit in the Exception Site List window.
  2. Make changes to the URL. See Add a URL for information on the format of the URL.
  3. Click OK to save the changes. If you click Cancel, the changes are not saved.

Remove a URL

To remove a URL from the exception site list, follow these steps:

  1. Click the URL that you want to remove in the Exception Site List window.
  2. To remove more than one URL, Ctrl-click the additional URLs.
  3. Click Remove.
  4. Click OK to save your change. If you click Cancel, the URLs are not removed from the list.

Manage Access to the Exception Site List

The location of the exception site list is set in the deployment.user.security.exception.sites property. The default location is <deployment.user.home>/security/exception.sites. See Deployment Configuration Properties for information on properties and property files.

Users can manage a list on their system, or use a list managed by a system administrator in a central location. If a system administrator does not want users to edit the exception site list, the deployment.user.security.exception.sites property can be set to a file for which users do not have write permission. If a user cannot write to the exception site list, the list is shown in the Java Control Panel, but the controls for editing are not available in the Exception Site List window.


Oracle and/or its affiliates Copyright © 1993, 2014, Oracle and/or its affiliates. All rights reserved.
Contact Us