JDK-8035582 : DeploymentRuleSet on run action
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2014-02-13
  • Updated: 2015-09-29
  • Resolved: 2015-02-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u60 b05Fixed 9Fixed
Related Reports
Relates :  
JDK-8049999 - DRS: Want customizable message in case of application blocking if only default rule is specified
Relates :  
JDK-8075478 - Update documentation for changes to DRS in 8u60/9
Description
A DESCRIPTION OF THE REQUEST :
We want there to be a message when an JNA is allowed to run when the rule matches a hash.

  <rule> <!-- allow anything signed with company's public cert --> 
    <id>
      <certificate hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" />
    </id>
    <action permission="run" version="SECURE">
		<message>This is an applet that was allowed to run because its SHA-256 hash is stored in the DeploymentRuleSet.jar file</message>
	</action>
  </rule>

JUSTIFICATION :
To inform users that the applet they are using was allowed to run for a specific purpose.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Show a message
ACTUAL -
No message shown
Comments
release note text: see "Release Notes" section in wiki: https://wiki.se.oracle.com/display/JPGC/DRS+1.2
20-07-2015
manual testing: http://oklahoma.us.oracle.com/www/tests/ruleset/1.2/test.html
24-02-2015
Crucible review: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-77
19-02-2015
For each of : 1.) Signed all-permission certificate dialog, 2.) Signed sandbox certificate dialog 3.) unsigned dialog When there is a DRS run rule (be it cert based, location based, or checksum based). If there is a <message> element in the run rule, then a simple information dialog will be shown, saying the application was allowed to run based on a DRS run rule, and including the text provided in the message element of that run rule. Thjis "Message Dialog" will only have an OK button This dilalog will be subject to the same rules of RDF, that is, it should only be shown once a day (or week if https) per application - unless cache is cleared or JCP "Restore Security Prompts" is used.
11-02-2015
consider as part of DRS 1.2
21-07-2014
This is contrary to the objective of DRS Run rule to run the content without annoying popups.
25-02-2014