<div dir="ltr">I have tried modifying the file accordingly changing the security settings and modified the Extended Applet Security to Low in the IcedTea Web Control Panel and it still does not work. I have also attached a screen shot containing relevant settings for reference purposes. Furthermore, when I untick the check box seen inside the red rectangle in the SS it is not registered as I confirm when I launch the web settings again and see it ticked, why might this be the case? I should also note that on the system with Oracle Java installed I am never prompted for running this particular VPN application.<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature">Ongun Arısev</div></div>
<br><div class="gmail_quote">On Mon, Feb 2, 2015 at 5:13 PM, Ongun Arısev <span dir="ltr"><<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks for the reply, I am replying inline.<br><div class="gmail_extra"><br clear="all"><div><div>Ongun Arısev</div></div>
<br><div class="gmail_quote"><span class="">On Mon, Feb 2, 2015 at 3:36 PM, Jiri Vanek <span dir="ltr"><<a href="mailto:jvanek@redhat.com" target="_blank">jvanek@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The file you posted is invalid. You mixed two properties to one:<br>
<br>
Use<br>
deployment.security.level=<u></u>ALLOW_UNSIGNED<br>
<br>
or<br>
<br>
deployment.manifest.<u></u>attributes.check=false<br>
<br>
or<br>
<br>
deployment.manifest.<u></u>attributes.check=false<br>
deployment.security.level=<u></u>ALLOW_UNSIGNED<br>
<br>
<br>
not: deployment.security.level=<u></u>FALSE :)<br>
<br>
Where did you read that??<br>
<br>
Otherwise you edited correct file.<br>
<br>
(btw - iweb settings can handle setting of deployment.security.level via gui.)<br>
<br></blockquote></span><div>Okay so which setting does it correspond to on the GUI? I do not have access to that computer right now, but I will try it this week.<br></div><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
gksudo itweb-settings x itweb-settings<br>
<br>
The first is lunching itweb settings as ROOT so you see ROOT's config. Second lunches it as you. Thats why they are different.<br>
<br>
If you wont to edit the deployment file for all users on machine.. it may be tricky, 1) its vaguely specified 2) itweb support for it is a bit buggy...<br>
<br></blockquote></span><div>As far as I am concerned it is best to change the settings per user and changing the settings for ROOT does not have any effect, am I correct here? <br></div><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Tou may try following locations where to place globally affecting file:<br>
<br>
deffined as : ${deployment.java.home}/lib/<u></u>deployment.config may result to<br>
/java/which/runitweb/lib/<u></u>deployment.config<br>
or<br>
/java/which/runitweb/lib/<u></u>deployment.properties<br>
or<br>
/etc/java/deployment.config<br>
/etc/java/deployment.<u></u>properties<br>
<br>
But I'm reallya fraid it is a bit broken :(<br>
<br>
Also you have to know, that deployment.config just contains url (file's url) to real deployment.properties. (and thats what is brolken in itw:( )<br>
<br>
<br>
What do you mean by "IcedTea 1.6 somehow"Â ?? Icedtea or icedtea-web?<br>
icedtea6 is OpenJDK6 + icedtea6.1.13<br>
icedtea-web (1.5 and older) works fine on icedtea-6<br>
<br>
Yes, you can build it on your own... But why would yo do so???<span><br>
<br>
<br></span></blockquote></span><div>By that I meant installing it or compiling it from source(the plugin which refers to Icedtea on the software center I guess) to use a newer version so that it retains my decision to launch the VPN services and ceases to ask for prompt every time. <br>Â <br></div><div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
On 01/30/2015 04:21 PM, Ongun Arısev wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
Dear Jiri Vanek,<br>
<br>
Does the IcedTea plugin have a configuration file elsewhere?<br>
<br>
Thanks,<br>
<br>
Ongun Arısev<br>
<br></span>
On Thu, Jan 29, 2015 at 8:55 PM, Ongun Arısev <<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a> <mailto:<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a>><u></u>><span><br>
wrote:<br>
<br>
  Thanks for the quick reply I think I will contact with the IT department of my university and<br>
  may forward your e-mail to point at the issue. Apart from that I changed the mentioned line on<br></span>
  the file *~/.config/icedtea-web/<u></u>deployme**nt.properties *but it did not solve my issue, here is<span><br>
  the modified version of the file for the trial of a quick fix:<br>
<br>
  #Netx deployment configuration<br>
  #Thu Jan 29 20:47:47 EET 2015<br>
  #deployment.security.level=<u></u>ASK_UNSIGNED<br>
  deployment.security.level=<u></u>FALSE<br>
<br>
  I should also note that I use Firefox 35.0 as a regular user and noticed that the settings<br>
  differ in the "IcedTea Web Control Panel" when launched within the terminal via the following<br>
  command:<br>
<br>
  gksudo itweb-settings<br>
<br>
  itweb-settings<br>
<br>
  Should I modify another file instead for a global change in effect for all the users on my PC?<br>
  Furthermore, is it possible to install IcedTea 1.6 somehow(via using backports for example)?<br>
<br>
  Ongun Arısev<br>
<br></span><span>
  On Thu, Jan 29, 2015 at 11:52 AM, Jiri Vanek <<a href="mailto:jvanek@redhat.com" target="_blank">jvanek@redhat.com</a> <mailto:<a href="mailto:jvanek@redhat.com" target="_blank">jvanek@redhat.com</a>>> wrote:<br>
<br>
    On 01/28/2015 08:45 PM, Ongun Arısev wrote:<br>
<br>
      I could not attach the screen shot to the previous e-mail, I apologize for that here it is.<br>
<br>
      Ongun Arısev<br>
<br>
      On Wed, Jan 28, 2015 at 9:43 PM, Ongun Arısev <<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a><br></span>
      <mailto:<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a>> <mailto:<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a><br>
      <mailto:<a href="mailto:ongunarisev@gmail.com" target="_blank">ongunarisev@gmail.com</a>><u></u>>__><span><br>
      wrote:<br>
<br>
         Greetings,<br>
<br>
         I would like to mark some of the Java applications I use regularly such as the<br>
      campus VPN<br>
         services as trusted so that I will not be prompted everytime I launch it about<br>
      whether I am sure<br>
         or not running the application. However, I could not find an easy way after doing<br>
      an exhausting<br>
         search on the web and using the *IcedTea Web Control Panel* both as a regular user<br>
      and as an<br>
         administrator. I am posting a screenshot too in order to illustrate the prompt that<br>
      I want to<br>
         get rid of. I would be very grateful if someone can assist or guide me in the right<br>
      direction<br>
         with this problem.<br>
<br>
         Regards,<br>
<br>
         Ongun Arısev<br>
<br>
<br>
    hi!<br>
<br>
    Luckily for you, there is multiple solutions for your case.<br>
<br>
    If you have access to the application (as it is in your vpn, some administrator should be<br>
    able to fix it) then you should apply the most correct solution:<br>
<br>
    Most correct solution: adapt application manifest to valid state:<br></span>
    <a href="http://docs.oracle.com/javase/__7/docs/technotes/guides/jweb/__security/manifest.html" target="_blank">http://docs.oracle.com/javase/<u></u>__7/docs/technotes/guides/<u></u>jweb/__security/manifest.html</a><br>
    <<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html" target="_blank">http://docs.oracle.com/<u></u>javase/7/docs/technotes/<u></u>guides/jweb/security/manifest.<u></u>html</a>><br>
    <a href="http://docs.oracle.com/javase/__7/docs/technotes/guides/jweb/__security/no_redeploy.html" target="_blank">http://docs.oracle.com/javase/<u></u>__7/docs/technotes/guides/<u></u>jweb/__security/no_redeploy.<u></u>html</a><span><br>
    <<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html" target="_blank">http://docs.oracle.com/<u></u>javase/7/docs/technotes/<u></u>guides/jweb/security/no_<u></u>redeploy.html</a>><br>
<br>
    In your case, the non-set/wrongly set attribute is<br></span>
    <a href="http://docs.oracle.com/javase/__7/docs/technotes/guides/jweb/__security/manifest.html#app___library" target="_blank">http://docs.oracle.com/javase/<u></u>__7/docs/technotes/guides/<u></u>jweb/__security/manifest.html#<u></u>app___library</a><span><br>
    <<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library" target="_blank">http://docs.oracle.com/<u></u>javase/7/docs/technotes/<u></u>guides/jweb/security/manifest.<u></u>html#app_library</a>><br>
    Your admin just can put :<br>
<br></span>
    Application-Library-Allowable-<u></u>__Codebase: <a href="https://vpn.ku.edu.tr/*" target="_blank">https://vpn.ku.edu.tr/*</a><span><br>
<br>
    to main jar's manifest. (note, the application must be signed again after this change)<br>
<br>
    If you will go by this way, you may wont to fill in most of the rest security manifest<br>
    attributes<br>
<br>
<br>
<br>
<br>
    Other solution are customization of your itw via itweb settings:<br>
    If you put<br>
    Extended applet security -> security settings to LOW then<br></span>
    Application-Library-Allowable-<u></u>__Codebase attribute is not checked. (you could read this in<span><br>
    the provided links in yor dialogue ;)<br>
<br>
<br>
    If you need Extended applet security -> security settings on higher level then low, you<br></span>
    have to modify ~/.config/icedtea-web/__<u></u>deployment.properties file. If you will include line<br>
    deployment.manifest.__<u></u>attributes.check=false<span><br>
    then manifest attributes are not ever checked.<br>
<br>
<br>
    If you set this up, and will access outside of vpn, you may face mallicious programs.<br>
<br>
<br>
    I strongly encourages you to use "most correct solution"<br>
<br>
<br>
<br>
    If non of those solutions fits you, then good new for you is, that in upcoming version of<br>
    ITW (1.6) this dialogue have "remember decision" checkbox. But you must wait for few month<br>
    for it.<br>
<br>
<br>
    J.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</span></blockquote>
<br>
</blockquote></div></div></div><br></div></div>
</blockquote></div><br></div>