JDK-8049999 : DRS: Want customizable message in case of application blocking if only default rule is specified
  • Type: Enhancement
  • Component: deploy
  • Affected Version: 7u51
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2014-07-11
  • Updated: 2015-09-29
  • Resolved: 2015-02-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u60 b05Fixed 9Fixed
Related Reports
Relates :  
JDK-8035582 - DeploymentRuleSet on run action
Relates :  
JDK-8075478 - Update documentation for changes to DRS in 8u60/9
Relates :  
JDK-8075951 - There is no custom message if fx applet blocked by default rule (DRS1.2)
Relates :  
JDK-8073492 - Blocked Dialog masthead text is confusing in DRS cases.
Description
Most customers using DRS configure only "run" and "default" rules while avoiding explicit block rules.
This way they can add additional rules using ESL in case of urgency. It is often not possible to 
quickly change the DRS rules as they must be validated, tested, signed and deployed. This typically 
takes a week or more. In particular signing is often a bureaucratic process in many companies. 

DRS does support a customizable message as part of blocking rules only. The enhancement 
request is to add such a configurable message also for default rules. In case an application is blocked by default since it's untrusted then a user could be informed to contact e.g. the help desk.

It is understood that such an enhancement is not trivial to implement as there are many places in the
code where security warnings are being launched. Nevertheless such a functionality should be considered as it's a common requirement by customers today.
Comments
release note text: see "Release Notes" section in wiki: https://wiki.se.oracle.com/display/JPGC/DRS+1.2
20-07-2015
testing: http://oklahoma.us.oracle.com/www/tests/ruleset/1.2/test.html
24-02-2015
There are only 4 Classes that call showBlockedDialog, and in each case, the DRS is available. It will be easy to pass DRS as are to showBlockDialog, where, if the DRS rule has a custom message element, that will be shown below the generic blocking message.
09-02-2015
specific request to modify the blocking dialog when using an explicit default rule (as opposed to having no explicit rule apply). requires update of DRS version to 1.2, modify dtd and implementation to allow message sub-element of default rule. There is also a request to allow message element in a run rule when cert hash is used (https://bugs.openjdk.java.net/browse/JDK-8035582), we could allow message element in any rule, defining the UE for each case.
21-07-2014