Firefox 35.0 on Ubuntu 14.04.1 LTS 64-bit always prompted for
Jiri Vanek
jvanek at redhat.com
Tue Feb 24 14:23:36 UTC 2015
Hello Ongun,
I failed to return to your issue, hopwever your last statement was that you are trying withhead.
Have you been successful?
J.
On 02/03/2015 12:31 AM, Ongun Arısev wrote:
> I have tried modifying the file accordingly changing the security settings and modified the Extended
> Applet Security to Low in the IcedTea Web Control Panel and it still does not work. I have also
> attached a screen shot containing relevant settings for reference purposes. Furthermore, when I
> untick the check box seen inside the red rectangle in the SS it is not registered as I confirm when
> I launch the web settings again and see it ticked, why might this be the case? I should also note
> that on the system with Oracle Java installed I am never prompted for running this particular VPN
> application.
>
> Ongun Arısev
>
> On Mon, Feb 2, 2015 at 5:13 PM, Ongun Arısev <ongunarisev at gmail.com <mailto:ongunarisev at gmail.com>>
> wrote:
>
> Thanks for the reply, I am replying inline.
>
> Ongun Arısev
>
> On Mon, Feb 2, 2015 at 3:36 PM, Jiri Vanek <jvanek at redhat.com <mailto:jvanek at redhat.com>> wrote:
>
> The file you posted is invalid. You mixed two properties to one:
>
> Use
> deployment.security.level=__ALLOW_UNSIGNED
>
> or
>
> deployment.manifest.__attributes.check=false
>
> or
>
> deployment.manifest.__attributes.check=false
> deployment.security.level=__ALLOW_UNSIGNED
>
>
> not: deployment.security.level=__FALSE :)
>
> Where did you read that??
>
> Otherwise you edited correct file.
>
> (btw - iweb settings can handle setting of deployment.security.level via gui.)
>
> Okay so which setting does it correspond to on the GUI? I do not have access to that computer
> right now, but I will try it this week.
>
>
> gksudo itweb-settings x itweb-settings
>
> The first is lunching itweb settings as ROOT so you see ROOT's config. Second lunches it as
> you. Thats why they are different.
>
> If you wont to edit the deployment file for all users on machine.. it may be tricky, 1) its
> vaguely specified 2) itweb support for it is a bit buggy...
>
> As far as I am concerned it is best to change the settings per user and changing the settings
> for ROOT does not have any effect, am I correct here?
>
>
> Tou may try following locations where to place globally affecting file:
>
> deffined as : ${deployment.java.home}/lib/__deployment.config may result to
> /java/which/runitweb/lib/__deployment.config
> or
> /java/which/runitweb/lib/__deployment.properties
> or
> /etc/java/deployment.config
> /etc/java/deployment.__properties
>
> But I'm reallya fraid it is a bit broken :(
>
> Also you have to know, that deployment.config just contains url (file's url) to real
> deployment.properties. (and thats what is brolken in itw:( )
>
>
> What do you mean by "IcedTea 1.6 somehow" ?? Icedtea or icedtea-web?
> icedtea6 is OpenJDK6 + icedtea6.1.13
> icedtea-web (1.5 and older) works fine on icedtea-6
>
> Yes, you can build it on your own... But why would yo do so???
>
>
> By that I meant installing it or compiling it from source(the plugin which refers to Icedtea on
> the software center I guess) to use a newer version so that it retains my decision to launch the
> VPN services and ceases to ask for prompt every time.
>
> On 01/30/2015 04:21 PM, Ongun Arısev wrote:
>
> Dear Jiri Vanek,
>
> Does the IcedTea plugin have a configuration file elsewhere?
>
> Thanks,
>
> Ongun Arısev
>
> On Thu, Jan 29, 2015 at 8:55 PM, Ongun Arısev <ongunarisev at gmail.com
> <mailto:ongunarisev at gmail.com> <mailto:ongunarisev at gmail.com
> <mailto:ongunarisev at gmail.com>>__>
> wrote:
>
> Thanks for the quick reply I think I will contact with the IT department of my
> university and
> may forward your e-mail to point at the issue. Apart from that I changed the
> mentioned line on
> the file *~/.config/icedtea-web/__deployme**nt.properties *but it did not solve my
> issue, here is
> the modified version of the file for the trial of a quick fix:
>
> #Netx deployment configuration
> #Thu Jan 29 20:47:47 EET 2015
> #deployment.security.level=__ASK_UNSIGNED
> deployment.security.level=__FALSE
>
> I should also note that I use Firefox 35.0 as a regular user and noticed that the
> settings
> differ in the "IcedTea Web Control Panel" when launched within the terminal via the
> following
> command:
>
> gksudo itweb-settings
>
> itweb-settings
>
> Should I modify another file instead for a global change in effect for all the
> users on my PC?
> Furthermore, is it possible to install IcedTea 1.6 somehow(via using backports for
> example)?
>
> Ongun Arısev
>
> On Thu, Jan 29, 2015 at 11:52 AM, Jiri Vanek <jvanek at redhat.com
> <mailto:jvanek at redhat.com> <mailto:jvanek at redhat.com <mailto:jvanek at redhat.com>>> wrote:
>
> On 01/28/2015 08:45 PM, Ongun Arısev wrote:
>
> I could not attach the screen shot to the previous e-mail, I apologize for
> that here it is.
>
> Ongun Arısev
>
> On Wed, Jan 28, 2015 at 9:43 PM, Ongun Arısev <ongunarisev at gmail.com
> <mailto:ongunarisev at gmail.com>
> <mailto:ongunarisev at gmail.com <mailto:ongunarisev at gmail.com>>
> <mailto:ongunarisev at gmail.com <mailto:ongunarisev at gmail.com>
> <mailto:ongunarisev at gmail.com <mailto:ongunarisev at gmail.com>>__>__>
> wrote:
>
> Greetings,
>
> I would like to mark some of the Java applications I use regularly
> such as the
> campus VPN
> services as trusted so that I will not be prompted everytime I launch
> it about
> whether I am sure
> or not running the application. However, I could not find an easy way
> after doing
> an exhausting
> search on the web and using the *IcedTea Web Control Panel* both as a
> regular user
> and as an
> administrator. I am posting a screenshot too in order to illustrate
> the prompt that
> I want to
> get rid of. I would be very grateful if someone can assist or guide me
> in the right
> direction
> with this problem.
>
> Regards,
>
> Ongun Arısev
>
>
> hi!
>
> Luckily for you, there is multiple solutions for your case.
>
> If you have access to the application (as it is in your vpn, some administrator
> should be
> able to fix it) then you should apply the most correct solution:
>
> Most correct solution: adapt application manifest to valid state:
> http://docs.oracle.com/javase/____7/docs/technotes/guides/__jweb/__security/manifest.html <http://docs.oracle.com/javase/__7/docs/technotes/guides/jweb/__security/manifest.html>
>
> <http://docs.oracle.com/__javase/7/docs/technotes/__guides/jweb/security/manifest.__html
> <http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html>>
> http://docs.oracle.com/javase/____7/docs/technotes/guides/__jweb/__security/no_redeploy.__html
> <http://docs.oracle.com/javase/__7/docs/technotes/guides/jweb/__security/no_redeploy.html>
>
> <http://docs.oracle.com/__javase/7/docs/technotes/__guides/jweb/security/no___redeploy.html
> <http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html>>
>
> In your case, the non-set/wrongly set attribute is
> http://docs.oracle.com/javase/____7/docs/technotes/guides/__jweb/__security/manifest.html#__app___library
> <http://docs.oracle.com/javase/__7/docs/technotes/guides/jweb/__security/manifest.html#app___library>
>
> <http://docs.oracle.com/__javase/7/docs/technotes/__guides/jweb/security/manifest.__html#app_library
> <http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library>>
> Your admin just can put :
>
> Application-Library-Allowable-____Codebase: https://vpn.ku.edu.tr/*
>
> to main jar's manifest. (note, the application must be signed again after this
> change)
>
> If you will go by this way, you may wont to fill in most of the rest security
> manifest
> attributes
>
>
>
>
> Other solution are customization of your itw via itweb settings:
> If you put
> Extended applet security -> security settings to LOW then
> Application-Library-Allowable-____Codebase attribute is not checked. (you could
> read this in
> the provided links in yor dialogue ;)
>
>
> If you need Extended applet security -> security settings on higher level then
> low, you
> have to modify ~/.config/icedtea-web/____deployment.properties file. If you
> will include line
> deployment.manifest.____attributes.check=false
> then manifest attributes are not ever checked.
>
>
> If you set this up, and will access outside of vpn, you may face mallicious
> programs.
>
>
> I strongly encourages you to use "most correct solution"
>
>
>
> If non of those solutions fits you, then good new for you is, that in upcoming
> version of
> ITW (1.6) this dialogue have "remember decision" checkbox. But you must wait
> for few month
> for it.
>
>
> J.
>
>
>
>
>
>
>
>
>
>
>
More information about the distro-pkg-dev
mailing list