My customer runs an Xpert.ivy server without the newest patches. Another customer runs an internal Xpert.ivy server and signs the server with a self generated certificate. With the newest JRE versions (1.7.51 and higher) the rich dialogs can no more be executed or do show a lot of security prompts. Is there a way to let these application run again?

asked 20.05.2014 at 08:11

MichaelD%C3%A4nzer's gravatar image

MichaelDänzer ♦
accept rate: 86%

edited 20.05.2014 at 08:36

First of all, please consider updating to the newest Hotfix release of Xpert.ivy. It supports all security improvements introduced by Oracle in Java 7 and will execute without any problems. See this blog post for more information.

Now, if you really need to run an old Xpert.ivy version or you need to sign the client library with your own certificate you have two JRE features to unblock the execution of your rich dialog application:

Exception Site List

The exception site list was introduced with Java 1.7.51. It is intended to be used by the end users themselves, i.e. each user must set it. To manage the exception site list go to the Security tab of the Java Control Panel and click the Edit Site List button. Then add the URL of your Xpert.ivy server. You need to set at least the protocol, the server name and the port. The path is optional, e.g. https://myIvyServer:8080 is sufficient.

edit the exception site list in the Java Control Panel

Note that the deployment rule set is stronger then the exception site list and takes precedence over it. More information about the exception site list in the official documentation and in this blog post.

Deployment Rule Set

The deployment rule set is the feature intended to be used by administrators. It means that you have to set it once globally and all users profit from it.

The first step to use the deployment rule set is to create the deployment rule set file. This is an XML file which contains one or more rules for the rich dialog applications. A simple example rule set file looks like this:

<ruleset version="1.0+">
    <id location="" />
    <action permission="run" />

A ruleset element contains one or more rule elements. A rule acts either is global (empty id element) or on a specific Xpert.ivy server. To identify Xpert.ivy applications you can either use the URL of the Xpert.ivy server or the title set in the JNLP file. To set/see the title used in Xpert.ivy JNLP's, just head to the configuration/jnlpconfig.any file. Valid values for the action element are run, block and default which are quite self-explanatory. In our context we will mostly use the run value.

When you have created the rule set, you need to package it in a signed JAR file named DeploymentRuleSet.jar. The JAR file must be signed with a valid certificate from a trusted certificate authority. You can use the jarsigner tool from the JDK to do that. In the end you must move the jar file to

  • On Windows platforms, install the file in the <user-directory>\AppData\LocalLow\Sun\Java\Deployment directory
  • On Solaris or Linux platforms, install the file in the /etc/.java/deployment directory.
  • On Mac OS X platforms, install the file in the /Library/Application Support/Oracle/Java/Deployment/ directory.

For detailed information about the deployment rule set, please see the official documentation or the corresponding blog post.


answered 20.05.2014 at 09:02

MichaelD%C3%A4nzer's gravatar image

MichaelDänzer ♦
accept rate: 86%

edited 26.05.2014 at 15:34

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 20.05.2014 at 08:11

Seen: 4,608 times

Last updated: 26.05.2014 at 15:34