1.) Use 7u40-b43
2.) Open the Java ControlPanel and turn off caching
3.) Setup DRS with the hash from a certificate (in the example below it is the hash from the Oracle cert)
<certificate hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" />
<action permission="run" />
4.) Open any Java Web Start application
A warning message called "Do you want to run this application ?" is shown to the user before the apps starts.
no interactive warnings at all, the app simply starts.
When I open a signed applet, everything works as expected, I don't see any security warnings.
However, when I open a signed Java Web Start app, I see the security warning.
When I setup DRS with a location id (e.g. *.oracle.com), everything works as expected for both signed Java Web Start app and signed Java applets.
When I enable caching, it also works as expected.
Reproducible on both Windows and Linux.
The issue only occurs if the ruleset is about a certificate rule AND it is a Java Web Start app AND Java cache is turned off. Cross platform problem probably.