The Java Runtime will automatically warn the user about possible security sensitive issues. If you are confident that applications you use are safe, then it is possible to bypass security dialogs to simplify user experience.
The following are two scenarios to avoid security dialogs.
If a Java applet/webstart application is signed, a certificate security warning dialog box will pop up and the user must click Run to give all permissions to the code of the application.
To avoid seeing this dialog, you can do one of the following:
User accepts the certificate used to sign the application and selects the Always trust content from this publisher check box. Then, next time permissions will be granted to this application automatically (until the certificate expires or is removed from the trusted key store).
The certificate can be manually imported into the JRE trusted certificate store. To import the certificate using the Java Control Panel, on the Security tab, click Certificates and then Trusted Certificates. To import a certificate into the certificate store from the command line, use the keytool utility (in the JRE's bin folder).
Grant AllPermissions in the Java policy file located at ${user.home}/.java.policy, or point to any Java policy file which has AllPermissions in the $(JRE_HOME)/lib/security/java.security file. Permissions can be granted to all applications or restricted to a particular URL. See Default Policy Implementation and Policy File Syntax for more details on .java.policy.
|
Note: If automatic granting of permissions is not desired, then use the Java Control Panel to remove certificates from trusted certificate keystore. This will result in security dialog box popup again in the future. |
Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. The latest versions of the Java runtime raise a mixed code warning dialog when a program contains both signed and unsigned components and suspicious use is detected.
Bypassing this dialog generally requires making changes to application implementation or repackaging the application. It is also possible to completely disable the software from checking for mixing trusted and untrusted code, but it is not recommended as this allows the user to run potentially unsafe code with no warning and without additional protections. For details on mixed code and ways to bypass this security warning dialog box, please refer to Mixing Privileged Code and Sandbox Code.
