JDK-8073492 : Blocked Dialog masthead text is confusing in DRS cases.
  • Type: Enhancement
  • Component: deploy
  • Affected Version: 8u20,9
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-02-19
  • Updated: 2017-09-08
  • Resolved: 2017-06-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10
10 b23Fixed
Related Reports
Relates :  
JDK-8049999 - DRS: Want customizable message in case of application blocking if only default rule is specified
Description
The Blocked Dialog contains a masthead that says:
"For security, applications must now meet the requirements for the High or Very High security settings, or be part of the Exception Site List, to be allowed to run."

This applies when an application is blocked because the security settings will not allow it to run (such as RIA using the default DeploymentRuleSet), but in other cases this text doesn't apply.
In cases such as jar is blacklisted or revoked, app has a DRS Block rule applying to it, app has a DRS run rule requiring a version that is not available, this text misleads the user into thinking adding to ESL will help.

In the case of an explicit "default" rule, we have added in JDK-804999 the ability of DRS to add a message to override the above message.
1.) I think we should do the same with any block rule with DRS defined message.  Put the custom message in masthead (instead of reason) and put in reason filed a generic message saying a block rule applies.
2.) for DRS block rule without specific DRS message, we should show a different message in masthead.
3.) for error conditions, such as invalid DRS and everything is blocked, we should show a different message here.
Comments
Crucible Review: https://java.se.oracle.com/code/cru/CR-JDK10CLIENT-63
14-06-2017
you can test this by running both javaws -J-Djnlp.tk=jfx http://oklahoma.us.oracle.com/www/tests/javaws/generic/sparc/sparc2.jnlp , and javaws http://oklahoma.us.oracle.com/www/tests/javaws/generic/sparc/sparc2.jnlp 1.) without DRS or http://oklahoma.us.oracle.com on ESL You will see normal blocked dialog with main text and link 2.) with DRS block rule without message: <ruleset version="1.0"> <rule> <id/> <action permission="block"/> </rule> </ruleset> 3.) with DRS block rule with message <ruleset version="1.0"> <rule> <id/> <action permission="block"> <message> Application is Blocked. All non approved applications will be blocked till further notice. (for more info contact jonsmith.company.com) </message> </message> </rule> </ruleset> 4.) with DRS run rule with forced unavailable (or invalid) version: <ruleset version="1.0"> <rule> <id location="http://oklahoma.us.oracle.com/www/"/> <action permission="run" version="1.5*" force="true"/> </rule> </ruleset>
14-06-2017
In the cases where it is blocked by DRS, we already have all pertinent information in "reason" and "masthead" - It would be best to just skip the maintext including the more info link. Will do this by passing empty string as maintext.
14-06-2017
for 1.) we put the custom drs message in the reason - it is important we do it here since it has room to contain anything included in the message in the DRS. for 2.) we put a generic message in the reason - "The Deployment Rule Set has prevented this app from running." for 3.) in the case of invalid DRS we put the reason the DRS is invalid in the reason. So I believe all that needs to be done for all three of these cases is to replace the text in the mainText with text indicating that app is blocked by DRS - and if possible, to remove the MoreInfo link to https://java.com/en/download/help/jcp_security.xml that dosn't apply to these cases.
08-06-2017