Rich Internet Applications Development and Deployment > Security Dialogs
This page covers the the following topics:
Beginning with the 7u21 release, users are notified when a RIA is launched with a dialog similar to the following screen shot.
Depending on the RIA, the security dialog shows the following information:
Name of the RIA, or notification that the application is unsigned.
Warning when an out-of date JRE is being used.
Information about the publisher.
If the application is self-signed or signed by an unknown authority, the publisher is shown as UNKNOWN.
Warnings about the certificate.
If the certificate is expired, revoked, or the server that tracks which certificates were revoked cannot be accessed, the dialog shows a warning. A warning is also shown if the certificate is not valid until a future date.
Location from which the application is accessed.
The value is either a URL for applications that are accessed from a website, or a directory for applications that are accessed from a local drive.
Level of access required by the application.
Limited access restricts the application to the security sandbox, unrestricted access provides the application with access to resources on the user's system.
For unsigned or self-signed applications, a checkbox that the user must select before the Run button is enabled.
Option to not show the prompt again.
For unsigned RIAs, future prompts can be turned off for this RIA. For signed RIAs, future prompts for this RIA and RIAs from the same location that are signed with the same certificate can be turned off. For self-signed RIAs, click Show Options to access the option to turn off the prompt.
For a description and examples of the security dialogs, see "What should I do when I see a security prompt from Java?" on java.com.
The best experience for the user is when the RIA is restricted to the security sandbox and is signed with a current certificate from a trusted certificate authority. The option to not show the dialog again is selected, and clicking Run is all that is needed from the user to run the RIA and turn off the dialog.
As conditions become less secure, more action is needed by the user, as described for the following situations:
If the RIA is signed with a certificate from a trusted certificate authority, but requires unrestricted access to the user's system, the dialog warns the users about the risk of running the RIA and the option to not show the dialog is not checked. Clicking Run starts the RIA, but the user must click the option to not show the dialog again if they do not want to see the warning the next time the RIA is run.
If the RIA is unsigned, self-signed, or the certificate is expired, the dialog provides stronger warnings about the risk of running the RIA. The user must select the option to accept the risk, which enables the Run button, then click Run to run the RIA. The user must also click the option to not show the dialog again if they do not want to see the warning the next time the RIA is run.
Additional warning dialogs are shown in some cases, such as when unsigned code attempts to access signed code, or an RIA attempts to access resources that it does not have permission to access. These dialogs require additional responses from the user.
For guidelines on deploying your RIA, see Deployment Best Practices in the Java Tutorial.
The Java Control Panel can be used to set options that are related to the security dialogs. The Security tab provides an option to block Java content from running in a browser. The Security Level setting determines if the applet is automatically blocked and what level of prompting the user receives if the RIA is not blocked. See the Security section for the Java Control Panel for more information.
The Advanced tab provides options for managing RIAs:
Secure Execution Environment options provide control for allowing or prohibiting users from granting privileges. If the user is not allowed to grant privileges, the security dialog is not shown and the app or features of the app are blocked.
Mixed code security verification options provide control for showing or hiding dialogs that warn of mixed code. If the dialogs are hidden, some features might be blocked without any notice to the user.
See the Advanced section for the Java Control Panel for more information.