JDK-8033245 : RFE: Instructions Not Clear For Adding Site To ESL
  • Type: Enhancement
  • Component: deploy
  • Affected Version: 7u51,7u55
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-01-30
  • Updated: 2015-02-13
  • Resolved: 2014-11-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u76 b08Fixed 8u31Fixed 9Fixed
A trailing slash is needed only when the URL includes a path.  IOW,
http://www.java.com does not need a trailing slash, but
http://www.java.com/somepath/ does need a trailing slash for it to be
treated @ as a path, otherwise it will be treated an application 
rather than a path.

This information needs to be added to the "Add ESL" dialog.

Verified in 7u76 b08.

Correct the approval level.

Pending RT to switch label to approved.

No issues with the fix in 8u40. SQE OK to take it PSU15_01

- Justification : Already fixed in 8 and this fix is for internal CAP customer - Risk Analysis : Low Risk, no functional changes - Webrev : https://java.se.oracle.com/code/cru/CR-JDK7UDEV-10 - Testing (done/to-be-done) : Manual Testing done - Back ports (done/to-be-done) : None - FX Impact : CLIENT_ONLY

110314 - pushed to PSU 7u80, working with Nakul to add the critical request for PSU15_01

Likely to fix for the PSU (checking if needed in the CPU --> doubtful).

request to include in 8u20: CAP internal issue, low risk. Provides users with better information about adding sites to Exception Site List.

Crucible review submitted: https://java.se.oracle.com/code/cru/CR-JDK8UDEV-36

I have attached the fix to give an idea of the two scenario's of showing the hint. The first is by default when a user clicks on add. The second is the case where the new row is highlighted (in case user clicks on Esc or if the user clicks on another field and clicks again on the new row). In the second case the visibility is less and not clear. Is this acceptable or should we change the font color in this scenario.

Here is a mockup of the UX recommendation for this bug. Add in a line of grey text as an example that would cue the user into using a trailing slash for directories. https://www.example.com/dir/ or https://www.example.com/app.html

I suggest adding an example in grey in the text field to hint to the user that 1) a full URL is needed and 2) trailing slashes are needed for directories. See attached mockup.

Changing the wording of this enhancement to match the bugdb entry. This is no longer a doc issue (as it's already documented), but instead a request to add the trailing slash information to the add ESL dialog. Reassigning to Deploy.

The documentation at http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/security/exception_site_list.html#addurl (JDK 8) and http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/exception_site_list.html#addurl (JDK 7) says: ---------------------- A path is optional. Wildcards are not supported. If the path ends with a slash (/), for example, https://www.example.com/apps/, RIAs in that directory and any subdirectory are allowed to run. If the path does not end with a slash, for example, http://www.example.com/test/applet.html, only that specific RIA is allowed to run. --------------------- What needs to be added or changed?