FULL PRODUCT VERSION :
java version "1.7.0_60"
Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
Java HotSpot(TM) Client VM (build 24.60-b09, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
My Java webstart application has <offline-allowed/> in the jnlp file.
The SHA256 hash of my certificate is listed in the DeploymentRuleSet.jar with <action permission="run" />
The webstart application is served from another computer in the local workgroup.
When the server computer is available the deployment rules are matched and applied as expected and the application runs with no warnings or prompts. When the server is not available and the application is started offline the certificate rule does not match and any default rule is applied. If no default rule a prompt appears asking "Do you want to run this application?" After hitting "more information" and "view certificate details" the fingerprints match the certificate that is trusted in the DeploymentRuleSet.jar
This bug can be reproduced always.