Oracle released version 7u51 of Java on Tuesday. Along with the update’s release, they flipped the switch on a security setting to block unsigned or self-signed Java applets. This impacts previous version of Java 7 but not Java 6. As a result, if you have Java 7 installed and try to run a Java application, you may get a message like the following that says:
“Application Blocked by Security Settings
Your security settings have blocked a self-signed application from running.”
Java 7u51 introduced a security exception list where you can list domains that should be allowed to run Java applications that would be blocked on the default High security setting because they are self-signed or unsigned. The update also cleared all previous security messages that users have checked the box to always remember an application and not warn about security concerns.
To add a site to the exception list, you can find the Security tab on the Java Control Panel (through the Windows Control Panel).
You can click on the Edit Site List button to get a simple interface to whitelist sites that should be allowed to run. You may have to include the full URL and the port for the exception site list to work with your application.
The file is just a simple text file with each site listed per line stored at %userprofile%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites
I put my exceptions in through the Java Control Panel. I then copied the file to a central server and deployed it to the network to add our default exceptions. You can use a script or a group policy preference to push out your master list and you now have a managed Java site exceptions list. I went the route of the group policy preference to push a file to users. So far, it seems to have worked out pretty well.
For the Mac side, you can do the same thing. Under System Preferences, go to the Java Control Panel. Switch to the Security tab and add your application’s domain to the site exception list.