Java 8 Update 45
(please note that this was written for Java version 7. This has not been tested with 8)
As you've likely been made aware, Java is getting more secure as it goes. We've been using Java on our Citrix environment, but have been having more issues with Java content on websites used by our staff.
Very recently, I was put in to a situation where if I upgraded Java to the latest version, it would break our payroll/time punch web site. If I stayed at the old version, we were nagged about security alerts and had plug-ins blocked due to Java being out of date.
Java security settings are maintained at the user level by default. This creates a problem for Citrix and RDS environments. By deploying centralized Java security settings, we were able to upgrade to the newest Java, while maintaining full functionality on all of the sites that we use.
Reference the following document for a more detailed list of options:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html
- Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. Java allows applications to be downloaded over a network and run within a guarded sandbox. Security restrictions are easily imposed on the sandbox.
- Java SE 8 Update 45: 2015-04-14 13 bug fixes Java SE 8 Update 51: 2015-07-14 Added support for native sandbox on Windows platforms (disabled by default); also, 25.
- Java 8 Update 45 free download, and many more programs.
Java 8 Update 45 Download
Windows 8 using Firefox 38.0 win32 File: npjp2.dll Path: C: Program Files (x86) Java jre1.8.045 bin plugin2 pjp2.dll Version: 11.45.2.14 State: Enabled (STATEVULNERABLENOUPDATE) Next Generation Java Plug-in 11.45.2 for Mozilla browsers File: npdeployJava1.dll Path: C: Program Files (x86) Java jre1.8.045 bin dtplugin pdeployJava1.
5 Steps total
Step 1: Create three new files
Using notepad, create the following files:
deployment.config
deployment.properties
exception.sites
in the following directory:
%SystemRoot%SunJavaDeployment
Be sure not to save them as TXT files. Use Notepad to 'Save As'. Select the file type as 'All Files' and write the name of each file as described above. Permissions are fine to inherit from the parent folder.
Step 2: File 1: deployment.config
Open deployment.config in Notepad and list your preferred options. Mine was configured as such (I've numbered the lines here for readability. The actual files should not have the lines numbered):
1. deployment.system.config.mandatory=FALSE
2. deployment.system.config=file:///C:/Windows/Sun/Java/Deployment/deployment.properties
Step 3: File 2: deployment.properties
For deployment.properties, I made the preferred settings in the Java control panel as the administrator. I copied my file from my local profile to the central folder. Your local copy can be found here:
%UserProfile%AppDataLocalLowsunjavaDeployment
Referencing the Oracle site linked above, set your settings as you'd prefer. In my case, I copied the file with my settings and added the following lines to point to my exception.sites file.
1. deployment.user.security.exception.sites=C:WindowsSunJavaDeploymentexception.sites
2. deployment.user.security.exception.sites.locked
Step 4: File 3: exception.sites
This file is fairly simple and can either be created or copied from your local profile. It's located in %UserProfile%AppDataLocalLowsunjavaDeploymentsecurity
List the URL's of the sites that you wish treated as a trusted site by Java. If you added any sites in the Java control panel, you should see an example in your local profile version. Also note that, as far as I understand it, wildcard characters do not work on this file.
Step 5: Reboot the server
If this is a standard Citrix / RDS environment, simply reboot the machine. If you're using Citrix PVS, you'll want publish these changes in the next version of your image. Once servers boot from the new image, all of the changes will be in effect.
The changes took effect once the machines were rebooted. I didn't have to wipe any user profiles or implement any group policy changes for this to take effect.
Hopefully this article helps you out.
References
- Oracle Tech Notes for deployment.properties
Java 8 Update 45 After Uninstalling
5 Comments
Java 8 Update 45 Download Free
- Pimientomikewilliams9 Jul 2, 2015 at 10:45am
This is a great article and I think has me on the right path. However, I can't get an app that is linked off of a web page going to an exception listed in my exception.sites to keep from popping up a security warning asking do I want to run this application? An unsigned application from the location below is requesting permission to run.I have this in my deployment properties:
#Thu Jul 02 05:51:00 EDT 2015
deployment.modified.timestamp=1435830660388
deployment.security.tls.revocation.check=NO_CHECK
#Wed Jul 01 14:08:07 EDT 2015
deployment.modified.timestamp=1435774087793
deployment.security.askgrantdialog.notinca=true
deployment.security.mixcode=HIDE_RUN
deployment.version=8
install.disable.sponsor.offers=false
Anyone able to tell from Oracle's documentation what I need to add? I sure haven't been able to. I am running Java Version 8 Update 45. - Pimientonikkicoash Sep 17, 2015 at 07:27pm
Seems to work fine for XenDesktop 7.6 with Provisioning Services and Java 8 Update 60.
- SerranoJoel2824 Oct 15, 2015 at 05:27pm
Thank you!! Note to others - if that sundeployment folder does not exist, just make it.
- Pimientomuralikrishna9 Sep 21, 2016 at 04:11pm
Hi All,
We are using roaming profile and Citrix PVS component to deploy machines. It is taking 4 to 5 minutes to load java applet.
I have done all the settings as recommended above, still folder is created under%UserProfile%AppDataLocalLow
and it is not fetching file from %SystemRoot%SunJavaDeployment.
Is there any other setting where it will stop creating the folder %UserProfile%AppDataLocalLow and fetch from %SystemRoot%SunJavaDeployment. Iam using both java 7 update 80 and java 6 update 31 - PimientoAA2913 Mar 22, 2018 at 07:00pm
We have everything as mentioned here, and we keep adding the sites to the exception list. But, it still pops up with the message 'Application blocked by Java Security' when accessed through Citrix (XenApp) servers. Sometimes it works, sometimes it does not work.
The Java version is JRE 1.8
This is being used for Oracle PMS system and we are just frustrated.