JDK-6749517 : Request to enhance the 6u10 Security Warning appearance
  • Type: Enhancement
  • Component: client-libs
  • Sub-Component: java.awt
  • Affected Version: 6u10
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic,windows
  • CPU: generic
  • Submitted: 2008-09-17
  • Updated: 2017-05-16
  • Resolved: 2008-11-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6u12 b01Fixed
Related Reports
Relates :  
JDK-6765065 - Security Warning needs better icons
Relates :  
JDK-6750376 - Yellow flashing security warning border remains on the toplevel when popup is visible
Relates :  
JDK-6750338 - PIT:- Clicking on the closed popup security warning icon, flashes the border of popup
Relates :  
JDK-6742990 - PIT :- Java security warning flashing border on can be seen in the other application
Description
User complains the new security warning appearance make their apps look "cheap":

Quote from user:
"I understand that the intention of the blue flash is for "security reasons" My view is that it's just silly and annoying and carries no meaning. I challenge you to test your design decision on real people out in the real world. Set up in the closest mall and demonstrate the blue flash to them and see if they think it makes Java more secure."

This is discussed in forum:
http://forums.java.net/jive/thread.jspa?threadID=45553&tstart=0

In addition to the flashing border design issue, the icon currently carries no meaning of the security concern. It will be helpful if the tooltip of the icon can be more expressive.
Comments
EVALUATION By means of the fix the following functionality has been implemented: /** * Security Warning control interface. * * This class provides a couple of methods that help a developer relocate * the AWT security warning to an appropriate position relative to the current * window size. A "top-level window" is an instance of the {@code Window} * class (or its descendant, such as {@code JFrame}). The security warning * is applied to all windows created by an untrusted code. All such windows * have a non-null "warning string" (see {@link Window#getWarningString()}). * <p> * <b>WARNING</b>: This class is an implementation detail and only meant * for limited use outside of the core platform. This API may change * drastically between update release, and it may even be * removed or be moved to some other packages or classes. */ public final class com.sun.awt.SecurityWarning; /** * Gets the size of the security warning. * * The returned value is not valid until the peer has been created. Before * invoking this method a developer must call the {@link Window#pack()}, * {@link Window#setVisible()}, or some other method that creates the peer. * * @param window the window to get the security warning size for * * @throws NullPointerException if the window argument is null * @throws IllegalArgumentException if the window is trusted (i.e. * the {@code getWarningString()} returns null) */ public static Dimension getSize(Window window); /** * Sets the position of the security warning. * <p> * The {@code alignmentX} and {@code alignmentY} arguments specify the * origin of the coordinate system used to calculate the position of the * security warning. The values must be in the range [0.0f...1.0f]. The * {@code 0.0f} value represents the left (top) edge of the rectangular * bounds of the window. The {@code 1.0f} value represents the right * (bottom) edge of the bounds. Whenever the size of the window changes, * the origin of the coordinate system gets relocated accordingly. For * convenience a developer may use the {@code Component.*_ALIGNMENT} * constants to pass predefined values for these arguments. * <p> * The {@code point} argument specifies the location of the security * warning in the coordinate system described above. If both {@code x} and * {@code y} coordinates of the point are equal to zero, the warning will * be located right in the origin of the coordinate system. On the other * hand, if both {@code alignmentX} and {@code alignmentY} are equal to * zero (i.e. the origin of the coordinate system is placed at the top-left * corner of the window), then the {@code point} argument represents the * absolute location of the security warning relative to the location of * the window. The "absolute" in this case means that the position of the * security warning is not effected by resizing of the window. * <p> * Note that the security warning managment code guarantees that: * <ul> * <li>The security warning cannot be located farther than two pixels from * the rectangular bounds of the window (see {@link Window#getBounds}), and * <li>The security warning is always visible on the screen. * </ul> * If either of the conditions is violated, the calculated position of the * security warning is adjusted by the system to meet both these * conditions. * <p> * The default position of the security warning is in the upper-right * corner of the window, two pixels to the right from the right edge. This * corresponds to the following arguments passed to this method: * <ul> * <li>{@code alignmentX = Component.RIGHT_ALIGNMENT} * <li>{@code alignmentY = Component.TOP_ALIGNMENT} * <li>{@code point = (2, 0)} * </ul> * * @param window the window to set the position of the security warning for * @param alignmentX the horizontal origin of the coordinate system * @param alignmentY the vertical origin of the coordinate system * @param point the position of the security warning in the specified * coordinate system * * @throws NullPointerException if the window argument is null * @throws NullPointerException if the point argument is null * @throws IllegalArgumentException if the window is trusted (i.e. * the {@code getWarningString()} returns null * @throws IllegalArgumentException if the alignmentX or alignmentY * arguments are not within the range [0.0f ... 1.0f] */ public static void setPosition(Window window, Point2D point, float alignmentX, float alignmentY);
29-01-2009
SUGGESTED FIX http://sa.sfbay.sun.com/projects/awt_data/6u12/6749517/
14-10-2008
EVALUATION 1. The security icon for an untrusted window is to be displayed when the window has keyboard focus, and/or the mouse pointer is located within the bounds of the window. As soon as the window looses the focus, and the mouse leaves the bounds, the icon will smoothly fade out during some two or three seconds. 2. The flashy border/content highlighting must be completely removed. Perhaps, there will also be an API to give Java a hint on the preferred position of the icon.
24-09-2008
EVALUATION The Security Warning concept should be reworked completely. And the flashy border is likely to go away.
18-09-2008