Java Deployment Rule Set Configuration Issues

Our company is working with a new company that has an web app that requires Java 6u16 so I figured it would be a good time to finally learn how to better secure Java in our enviroment.  We currently are using Java 7u75 with a few users using Java 8u25.  I have read I can run both (or all 3) version of Java on 1 computer.  

 I now have Java 8u25, 7u75, and 6u16 on my test computer. I have created my ruleset and signed the jar file. I also have a deployment.config & deployment.properties along with the signed (Self Signed and cert depolyed via GPO) jar file in C:\Windows\Sun\Java\Deployment

 Now on any website that uses Java I get this error

Blocked
I have read https://blogs.oracle.com/java-platform-group/entry/introducing_deployment_rule_sets thouroughly but still no luck.
deployment.properties.txt
deployment.config.txt
ruleset.xml
BHeshkaAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
In fact, as advised by principal, the (other) Patch-In-Place is the default chosen approach and you should use static installations only on systems known to require a specific version. Since it is specific to certain appls it is much better to tie to specific version in a machine with multiple rather than leaving it open.

Regardless, when specifying the version in a DRS, it is best to choose a version equal to or higher than the one requested by the launching file. Of course, specifying a version in your DRS that looks like SECURE or SECURE-1.X is simpler choice but can lead to execution not within control and lockdown, kinda of differing the DRS intent to lockdown where possible.
0
 
David Johnson, CD, MVPOwnerCommented:
introduced in Java 7 update 40 not available in java 6 update 16.  You have to set your path's to use the applicable version.. I'd set the default path in the path environment variables and only for specific applications use a batch file to change the path
default in path environment variable  C:\Java\jdk1.7.0\bin
--
rem need java 6
set javahome = c:\java\jdk1.6.0\bin
java version6.ja

for your browser you can change which is used in the java control panel
0
 
btanExec ConsultantCommented:
quick check on this source as well
When specifying a version for your DRS, it is easiest to go in order of: SECURE (no version), then SECURE-1.X (major version only), and only use specific versions like 1.7.0_51 for a verified compatibility issue. Because rules are specified explicitly by a system administrator, their results are applied before other checks that would affect program execution.
https://blogs.oracle.com/java-platform-group/entry/managing_multiple_java_versions
0
 
BHeshkaAuthor Commented:
Thanks for your respoonses.


@btan
Thanks for the link.  I didnt install the different versions as static installes but wonder if I would as each are major versions.  I guess I should incase someone decides for some reason to install a old java version, it would prevent the "specific" version that I force on them from being overwritten.

@ David Johnson
I thought that the below in deployment.properties would specify the locations and the the rule set would tell the app what version to use?  Is what you stated for desktop java apps only? I should have specified that we only have browser based java apps in our enviroment. If not how would I specify a path only for certain websites?

deployment.javaws.jre.0.args=
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.osarch=x86
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.platform=1.8
deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre8\\bin\\javaw.exe
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.product=1.8.0_25

deployment.javaws.jre.1.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.1.args=
deployment.javaws.jre.1.enabled=true
deployment.javaws.jre.1.registered=false
deployment.javaws.jre.1.product=1.7.0_71
deployment.javaws.jre.1.path=C\:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe
deployment.javaws.jre.1.osarch=x86
deployment.javaws.jre.1.osname=Windows
deployment.javaws.jre.1.platform=1.7

deployment.javaws.jre.2.enabled=true
deployment.javaws.jre.2.platform=1.6
deployment.javaws.jre.2.osname=Windows
deployment.javaws.jre.2.osarch=x86
deployment.javaws.jre.2.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.2.registered=true
deployment.javaws.jre.2.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.2.product=1.6.0_16
0
 
BHeshkaAuthor Commented:
Removed Secure form DRS and all is working.  Also reinstalled using STATIC paramater.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.