0 Replies Latest reply: Mar 18, 2014 3:15 AM by JMorillas RSS

    Deployment Rule Set (DRS) in Java 7 Update 40 (7u40) String syntax in Rule

    JMorillas

      I'm running into a problem with new security feature in of Java 1.7.0_51. What I wanted to do is to Deploy the rule set in a Citrix environment for all my user. Following the Oracle documentation it's available to do with DRS. I've followed the all steps and it is working well for most of the URL but I have problem with one of them, I've tried almost everything but I don't get to make it works.

       

       

      I have two version of Java installed:

       

       

      1.7.0_51

      1.6.0_43

       

       

      I've signed and deploy my .jar file with my ruleset.xml:

       

       

      <ruleset version="1.0+">

      <!-- URL test. -->

        <rule>

                      <id location="https://eblab17-1-r.swptt.ch:443/" />

                      <action permission="block">

                       <message>This application has been blocked by JMD reason: (1 rule).</message>

                      </action>

        </rule>

        <rule>

                      <id location="https://eblab17-1-r.swptt.ch/" />

                      <action permission="block">

                       <message>This application has been blocked by JMD reason: 2).</message>

                      </action>

        </rule>

        <rule>

                      <id location="http://localhost:8080/" />

                      <action permission="block">

                       <message>This application has been blocked by JMD reason (Rule 3).</message>

                      </action>

        </rule>

        <rule>

                      <id location="*.net" />

                      <action permission="block">

                        <message>This application has been blocked by JMD reason: (Rule 4).</message>

                      </action>

        </rule>

                                          <!-- URL test. -->

        <rule>  

                       <id location="http://www-pw.physics.uiowa.edu/" />

                       <action permission="block">

                         <message>This application has been blocked by police. (Rule 5)</message>

                       </action>

        </rule>

        <rule>

                      <id location="*." />

                      <action permission="run" />

        </rule>

        <rule> 

                      <id />             

                      <action permission="block">

                       <message>This application has been blocked by Corporate reason: (Last Rule).</message>

                      </action>

        </rule>

      </ruleset>

       

       

       

       

      This file is deploy in c:/windows/SUN/Java/Deployment:

       

       

      The security setting in java in Java Control Panel is "High"

       

       

      When I try to open this URL:

      Java Platform Test Page

       

       

      I received the following messages:

       

       

      This application has been blocked by police.  (Which is ok, (Rule 5))

       

       

      How ever when I try to open the next URL and run the JNLP file:

       

       

      <https://eblab17-1-r.swptt.ch>

       

       

      I'm receiving the next messages:

       

       

      This application has been blocked by Corporate reason: (Last Rule). (Instead to receive (messages + Rule 1) or (messages + Rule 2))

       

       

      The JNLP file which launch is:

       

       

       

       

      <?xml version="1.0" encoding="utf-8"?>

      <jnlp spec="1.0+" codebase="https://eblab17-1-r.swptt.ch:443">

      <information>

         <title>Virtual KVM Client</title>

          <vendor>IBM</vendor>

      </information>

       

      <application-desc main-class="com.avocent.ibmc.kvm.Main">

         <argument>ip=eblab17-1-r.swptt.ch</argument>

         <argument>helpurl=https://eblab17-1-r.swptt.ch:443/designs/imm/aessrp/help/contents.html</argument>

         <argument>user=0x11CF896A</argument>

         <argument>passwd=</argument>

          <argument>apcp=1</argument>

          <argument>version=2</argument>

          <argument>kmport=3900</argument>

          <argument>vport=3900</argument>

          <argument>title=eblab17-1-r.swptt.ch-Video Viewer</argument>

          <argument>version=2</argument>

          <argument>immversion=2</argument>

          <argument>statusbar=led</argument>

          <argument>vm=1</argument>

          <argument>power=1</argument>

        </application-desc>

       

      <security>

        <all-permissions/>

      </security>

       

      <resources>

          <j2se version="1.6+ 1.5+ " />

          <jar href="/designs/imm/aessrp/avctIBMViewer.jar" download="eager" main="true" />

      </resources>

       

      <resources os="Windows" arch="x86">

          <nativelib href="/designs/imm/aessrp/avctKVMIOWin32.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmWinLib32.jar" download="eager"/>

      </resources>

       

      <resources os="Windows" arch="amd64">

          <nativelib href="/designs/imm/aessrp/avctKVMIOWin64.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmWinLib64.jar" download="eager"/>

      </resources>

       

      <resources os="Windows" arch="x86_64">

          <nativelib href="/designs/imm/aessrp/avctKVMIOWin64.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmWinLib64.jar" download="eager"/>

      </resources>

       

      <resources os="Linux" arch="x86">

          <nativelib href="/designs/imm/aessrp/avctKVMIOLinux32.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmLinuxLib32.jar" download="eager"/>

      </resources>

       

      <resources os="Linux" arch="i386">

          <nativelib href="/designs/imm/aessrp/avctKVMIOLinux32.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmLinuxLib32.jar" download="eager"/>

      </resources>

       

      <resources os="Linux" arch="i586">

          <nativelib href="/designs/imm/aessrp/avctKVMIOLinux32.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmLinuxLib32.jar" download="eager"/>

      </resources>

       

      <resources os="Linux" arch="i686">

           <nativelib href="/designs/imm/aessrp/avctKVMIOLinux32.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmLinuxLib32.jar" download="eager"/>

      </resources>

       

      <resources os="Linux" arch="amd64">

           <nativelib href="/designs/imm/aessrp/avctKVMIOLinux64.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmLinuxLib64.jar" download="eager"/>

      </resources>

       

      <resources os="Linux" arch="x86_64">

           <nativelib href="/designs/imm/aessrp/avctKVMIOLinux64.jar" download="eager"/>

          <nativelib href="/designs/imm/aessrp/avmLinuxLib64.jar" download="eager"/>

      </resources>

       

       

      </jnlp>

       

      Could anybody give me a clue or point out what is wrong?

       

      Do somebody knows what is the exactly syntax Java DRS is following to match rules?