The Exception Site List feature was introduced in the release of Java 7 Update 51. By adding application URL to the Exception list allows users to run Rich Internet Applications (RIAs) that would normally be blocked by security checks.

• If application is not signed with a certificate from trusted certificate authority.
• If application is hosted locally.
• Jar file not having the Permission manifest attribute.
• Application signed with an expired certificate.
• Certificate used to sign the application cannot be checked for revocation.

Manage the Exception Site List

The exception site list is managed in the Security tab of the Java Control Panel. The list is shown in the tab. To add, edit or remove a URL from the list, click Edit Site List.

Find the Java Control Panel

» Windows
» Mac OS X

Add a URL

• Click on the Edit Site List button.
• Click the Add in the Exception Site List window.
• Click in the empty field under Location field to enter the URL.
  URL should begin with http:// or https://
  eg. http://myexample.com or https://myexample.com
• Click OK to save the URL that you entered. If you click Cancel the URLs are not saved.
• Click Continue on the Security Warning dialog.

URL Format

• A protocol and domain are required.
  Supported protocols are FILE HTTP and HTTPS. HTTPS is recommended. If the protocol is not HTTPS a warning is shown.
• A port number is required only if the default port is not used.
• A path is optional.
• Wildcards are not supported.
  
  • If only a domain is provided, any RIA from that domain is allowed to run. A domain can have multiple entries, for example, https://www.example.com and http://www.example.com.
  • If the path ends with a slash (/), for example, https://www.example.com/apps/ RIAs in that directory and any subdirectory are allowed to run. If the path does not end with a slash, for example, http://www.example.com/test/applet.html only that specific RIA is allowed to run.

Only add a site to the exception site list if you trust the entire site. Even if a path is specified, adding a site that might contain other untrusted paths could present a security risk and is not recommended.

If an invalid URL is entered, an error icon is shown next to the item. If the URL is not corrected before OK is clicked, the invalid URL is not saved.

Edit a URL

• Double click the URL that you want to edit in the Exception Site List window.
• Make change to the URL.
• Click OK to save the changes. If you click Cancel the changes are not saved.

Remove a URL

• Click the URL that you want to remove in the Exception Site List window.
• Click Remove.
• Click OK to save your change. If you click Cancel the URLs are not removed from the list.

If the URL where the applet is hosted is different from the URL of the web page from which the applet is launched, then you will need to add both the URL for the applet as well as the URL for the web page.

Example with different URLs for the applet and the web page

For Yahoo games Checkers, you would enter both URLs (The urls listed can be different depending on which host is serving the game)

1. http://www.games.yahoo.com
   This is the url for the Yahoo games domain
2. http://yog36.games.sp2.yahoo.com
   This is the url where the game is hosted and shown in the dialog box for the blocked application

Deployment Rule Set

If an active deployment rule set is installed on the system, the deployment rules take precedence over the exception site list. The exception site list is considered only when the default rule applies. See Deployment Rule Set for more information about deployment rules.

Related Information