Java.com

Download Help

Printable Version

How can I configure the Exception Site List?


This article applies to:
  • Java version(s): 7.0

The Exception Site List feature was introduced in the release of Java 7 Update 51. By adding application URL to the Exception list allows users to run Rich Internet Applications (RIAs) that would normally be blocked by security checks.

Listed below are cases which will allow applications to run by adding the application url to the exception site list:
  • If application is not signed with a certificate from trusted certificate authority.
  • If application is hosted locally.
  • Jar file not having the Permission manifest attribute.
  • Application signed with an expired certificate.
  • Certificate used to sign the application cannot be checked for revocation.

Manage the Exception Site List

The exception site list is managed in the Security tab of the Java Control Panel. The list is shown in the tab. To add, edit or remove a URL from list, Click Edit Site List and follow the directions shown.

Add a URL

  • Click on the Edit Site List button.
  • Click the Add in the Exception Site List window.
  • Click in the empty field under Location field to enter the URL.
    URL should begin with http:// or https://
    eg. http://myexample.com or https://myexample.com
  • Click OK to save the URL that you entered. If you click Cancel, the URLs are not saved.
  • Click Continue on the Security Warning dialog.
URL Format
  • A protocol and domain are required.
    Supported protocols are FILE, HTTP, and HTTPS. HTTPS is recommended. If the protocol is not HTTPS, a warning is shown.
  • A port number is required only if the default port is not used.
  • A path is optional.
  • Wildcards are not supported.
    • If only a domain is provided, any RIA from that domain is allowed to run. A domain can have multiple entries, for example, https://www.example.com and http://www.example.com.
    • If the path ends with a slash (/), for example, https://www.example.com/apps/, RIAs in that directory and any subdirectory are allowed to run. If the path does not end with a slash, for example, http://www.example.com/test/applet.html, only that specific RIA is allowed to run.

Only add a site to the exception site list if you trust the entire site. Even if a path is specified, adding a site that might contain other untrusted paths could present a security risk and is not recommended.

If an invalid URL is entered, an error icon is shown next to the item. If the URL is not corrected before OK is clicked, the invalid URL is not saved.

Edit a URL

  • Double click the URL that you want to edit in the Exception Site List window.
  • Make change to the URL.
  • Click OK to save the changes. If you click Cancel, the changes are not saved.

Remove a URL

  • Click the URL that you want to remove in the Exception Site List window.
  • Click Remove.
  • Click OK to save your change. If you click Cancel, the URLs are not removed from the list.

MORE TECHNICAL INFORMATION

Deployment Rule Set

If an active deployment rule set is installed on the system, the deployment rules take precedence over the exception site list. The exception site list is considered only when the default rule applies. See Deployment Rule Set for more information about deployment rules.

Related Information
» Exception Site List in 7u51 (blogs.oracle.com)
» Exception Site List documentation (docs.oracle.com)

You might also be interested in:





Find expert help on Java installation and setup

Select Language | About Java | Support | Developers
Privacy | Terms of Use | Trademarks | Disclaimer

Oracle