Firefox 35.0 on Ubuntu 14.04.1 LTS 64-bit always prompted for
Ongun Arısev
ongunarisev at gmail.com
Mon Feb 2 23:31:05 UTC 2015
I have tried modifying the file accordingly changing the security settings
and modified the Extended Applet Security to Low in the IcedTea Web Control
Panel and it still does not work. I have also attached a screen shot
containing relevant settings for reference purposes. Furthermore, when I
untick the check box seen inside the red rectangle in the SS it is not
registered as I confirm when I launch the web settings again and see it
ticked, why might this be the case? I should also note that on the system
with Oracle Java installed I am never prompted for running this particular
VPN application.
Ongun Arısev
On Mon, Feb 2, 2015 at 5:13 PM, Ongun Arısev <ongunarisev at gmail.com> wrote:
> Thanks for the reply, I am replying inline.
>
> Ongun Arısev
>
> On Mon, Feb 2, 2015 at 3:36 PM, Jiri Vanek <jvanek at redhat.com> wrote:
>
>> The file you posted is invalid. You mixed two properties to one:
>>
>> Use
>> deployment.security.level=ALLOW_UNSIGNED
>>
>> or
>>
>> deployment.manifest.attributes.check=false
>>
>> or
>>
>> deployment.manifest.attributes.check=false
>> deployment.security.level=ALLOW_UNSIGNED
>>
>>
>> not: deployment.security.level=FALSE :)
>>
>> Where did you read that??
>>
>> Otherwise you edited correct file.
>>
>> (btw - iweb settings can handle setting of deployment.security.level via
>> gui.)
>>
>> Okay so which setting does it correspond to on the GUI? I do not have
> access to that computer right now, but I will try it this week.
>
>>
>> gksudo itweb-settings x itweb-settings
>>
>> The first is lunching itweb settings as ROOT so you see ROOT's config.
>> Second lunches it as you. Thats why they are different.
>>
>> If you wont to edit the deployment file for all users on machine.. it may
>> be tricky, 1) its vaguely specified 2) itweb support for it is a bit
>> buggy...
>>
>> As far as I am concerned it is best to change the settings per user and
> changing the settings for ROOT does not have any effect, am I correct here?
>
>>
>> Tou may try following locations where to place globally affecting file:
>>
>> deffined as : ${deployment.java.home}/lib/deployment.config may result
>> to
>> /java/which/runitweb/lib/deployment.config
>> or
>> /java/which/runitweb/lib/deployment.properties
>> or
>> /etc/java/deployment.config
>> /etc/java/deployment.properties
>>
>> But I'm reallya fraid it is a bit broken :(
>>
>> Also you have to know, that deployment.config just contains url (file's
>> url) to real deployment.properties. (and thats what is brolken in itw:( )
>>
>>
>> What do you mean by "IcedTea 1.6 somehow" ?? Icedtea or icedtea-web?
>> icedtea6 is OpenJDK6 + icedtea6.1.13
>> icedtea-web (1.5 and older) works fine on icedtea-6
>>
>> Yes, you can build it on your own... But why would yo do so???
>>
>>
>> By that I meant installing it or compiling it from source(the plugin
> which refers to Icedtea on the software center I guess) to use a newer
> version so that it retains my decision to launch the VPN services and
> ceases to ask for prompt every time.
>
>
>> On 01/30/2015 04:21 PM, Ongun Arısev wrote:
>>
>>> Dear Jiri Vanek,
>>>
>>> Does the IcedTea plugin have a configuration file elsewhere?
>>>
>>> Thanks,
>>>
>>> Ongun Arısev
>>>
>>> On Thu, Jan 29, 2015 at 8:55 PM, Ongun Arısev <ongunarisev at gmail.com
>>> <mailto:ongunarisev at gmail.com>>
>>> wrote:
>>>
>>> Thanks for the quick reply I think I will contact with the IT
>>> department of my university and
>>> may forward your e-mail to point at the issue. Apart from that I
>>> changed the mentioned line on
>>> the file *~/.config/icedtea-web/deployme**nt.properties *but it did
>>> not solve my issue, here is
>>> the modified version of the file for the trial of a quick fix:
>>>
>>> #Netx deployment configuration
>>> #Thu Jan 29 20:47:47 EET 2015
>>> #deployment.security.level=ASK_UNSIGNED
>>> deployment.security.level=FALSE
>>>
>>> I should also note that I use Firefox 35.0 as a regular user and
>>> noticed that the settings
>>> differ in the "IcedTea Web Control Panel" when launched within the
>>> terminal via the following
>>> command:
>>>
>>> gksudo itweb-settings
>>>
>>> itweb-settings
>>>
>>> Should I modify another file instead for a global change in effect
>>> for all the users on my PC?
>>> Furthermore, is it possible to install IcedTea 1.6 somehow(via using
>>> backports for example)?
>>>
>>> Ongun Arısev
>>>
>>> On Thu, Jan 29, 2015 at 11:52 AM, Jiri Vanek <jvanek at redhat.com
>>> <mailto:jvanek at redhat.com>> wrote:
>>>
>>> On 01/28/2015 08:45 PM, Ongun Arısev wrote:
>>>
>>> I could not attach the screen shot to the previous e-mail, I
>>> apologize for that here it is.
>>>
>>> Ongun Arısev
>>>
>>> On Wed, Jan 28, 2015 at 9:43 PM, Ongun Arısev <
>>> ongunarisev at gmail.com
>>> <mailto:ongunarisev at gmail.com> <mailto:ongunarisev at gmail.com
>>> <mailto:ongunarisev at gmail.com>>__>
>>> wrote:
>>>
>>> Greetings,
>>>
>>> I would like to mark some of the Java applications I
>>> use regularly such as the
>>> campus VPN
>>> services as trusted so that I will not be prompted
>>> everytime I launch it about
>>> whether I am sure
>>> or not running the application. However, I could not
>>> find an easy way after doing
>>> an exhausting
>>> search on the web and using the *IcedTea Web Control
>>> Panel* both as a regular user
>>> and as an
>>> administrator. I am posting a screenshot too in order
>>> to illustrate the prompt that
>>> I want to
>>> get rid of. I would be very grateful if someone can
>>> assist or guide me in the right
>>> direction
>>> with this problem.
>>>
>>> Regards,
>>>
>>> Ongun Arısev
>>>
>>>
>>> hi!
>>>
>>> Luckily for you, there is multiple solutions for your case.
>>>
>>> If you have access to the application (as it is in your vpn,
>>> some administrator should be
>>> able to fix it) then you should apply the most correct solution:
>>>
>>> Most correct solution: adapt application manifest to valid state:
>>> http://docs.oracle.com/javase/__7/docs/technotes/guides/
>>> jweb/__security/manifest.html
>>> <http://docs.oracle.com/javase/7/docs/technotes/
>>> guides/jweb/security/manifest.html>
>>> http://docs.oracle.com/javase/__7/docs/technotes/guides/
>>> jweb/__security/no_redeploy.html
>>> <http://docs.oracle.com/javase/7/docs/technotes/
>>> guides/jweb/security/no_redeploy.html>
>>>
>>> In your case, the non-set/wrongly set attribute is
>>> http://docs.oracle.com/javase/__7/docs/technotes/guides/
>>> jweb/__security/manifest.html#app___library
>>> <http://docs.oracle.com/javase/7/docs/technotes/
>>> guides/jweb/security/manifest.html#app_library>
>>> Your admin just can put :
>>>
>>> Application-Library-Allowable-__Codebase:
>>> https://vpn.ku.edu.tr/*
>>>
>>> to main jar's manifest. (note, the application must be signed
>>> again after this change)
>>>
>>> If you will go by this way, you may wont to fill in most of the
>>> rest security manifest
>>> attributes
>>>
>>>
>>>
>>>
>>> Other solution are customization of your itw via itweb settings:
>>> If you put
>>> Extended applet security -> security settings to LOW then
>>> Application-Library-Allowable-__Codebase attribute is not
>>> checked. (you could read this in
>>> the provided links in yor dialogue ;)
>>>
>>>
>>> If you need Extended applet security -> security settings on
>>> higher level then low, you
>>> have to modify ~/.config/icedtea-web/__deployment.properties
>>> file. If you will include line
>>> deployment.manifest.__attributes.check=false
>>> then manifest attributes are not ever checked.
>>>
>>>
>>> If you set this up, and will access outside of vpn, you may face
>>> mallicious programs.
>>>
>>>
>>> I strongly encourages you to use "most correct solution"
>>>
>>>
>>>
>>> If non of those solutions fits you, then good new for you is,
>>> that in upcoming version of
>>> ITW (1.6) this dialogue have "remember decision" checkbox. But
>>> you must wait for few month
>>> for it.
>>>
>>>
>>> J.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150203/f4b8e452/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Selection_001.png
Type: image/png
Size: 82803 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150203/f4b8e452/Selection_001-0001.png>
More information about the distro-pkg-dev
mailing list