We recently upgraded the JDK on our Java application server from JRockit to Java 7. While most of the applications worked as expected, users for one of the applications reported issues. We ended up upgrading the JDK on the client nodes to get it to work. While it works for most users, some users are still complaining about intermittent pop up complaining about security warnings.
Obviously applets are quite old and should the application should be replaced. But I am not part of the software team and looking for any suggestions to deal with this issue.
Related
We have an optimizer software written using Java and Optimj (https://en.wikipedia.org/wiki/OptimJ), a tool that is tied to Eclipse.
However, Optimj is no longer mantained and we are stuck in using Eclipse Indigo (last version supported) for this reason. Also, that means we cannot use newer versions of Java for our application because they won't work with Eclipse Indigo.
Our software is a standalone java program, totally developed by our team and runs in our servers, so we control 100% of the environment.
The only outside connection to the software (via modbus/TCP) is done by means of VPN with the company's other sites, so they can have access to the results. Our application is not directly exposed to the WWW.
In that situation, sticking to Eclipse Indigo and Java 6 poses any kind of security threat for us, so that a considerable investment in porting our optimization problem to another (considerably different) tool is justified?
While you may not be able to use Java 7+ language constructs, you should be able to run the software on newer Java runtimes. And that's where the security bugs are. *
– zapl Dec 22 '16 at 15:29
*
(I'm posting this on behalf of the legendary: "zapl" a hero without a cape)
I'm using GlassFish 3.1.2.2 on a AIX machine and it is working fine. The company's security policy requires me to upgrade it to the latest version, but everytime I try to deploy my application (the same that is working fine in version 3.1.2.2) I get the error Type javax.rcm.ResourceAttributes not present and a nasty stack trace afterwards.
I read the server's specification and it is not clear if it will run on AIX or not. Previous releases had a separate distribution specific for AIX, but that is not the case now.
Does anyone know if it just not compatible or if it is some sort of bug in the JDK implementation?
Kind regards,
Carlos Ferreira
GlassFish 4.x and higher is not "supported" on anything. The reason is that Oracle have withdrawn commercial support, so GlassFish is only available as an open source edition.
If you do need commercial support, the Payara project exists to provide commercial support and custom builds of GlassFish.
Coincidentally, there is a recently opened issue on their Github relating to known issues with GlassFish on the IBM JDK, so it is probably worth commenting on that issue (or creating a new one) with your errors and stack traces.
Payara Blue is the version of Payara that should run on IBM AIX on the IBM JDK. Get Payara Blue from the Payara WebSite Payara is derived from GlassFish 4.x Open Source Edition.
I am trying to integrate Glassfish server support to an already existing eclipse java (maven) project. IMore precisely, I am looking into JMS and queues. I have completed a tutorial wih NetBeans, due to lack of success in Eclipse, but as my skills and familiarity with Eclipse are a lot better, I would really like to make it work there too.
I've tried a lot of different, but similar tutorials, and here is what happens in all of them:
1. Download Glassfish Tools for eclipse. As far as I can tell, this is done:
2. Create new server, if not existing. No servers available. No Glassfish option available.
3. Try Downloading additional server adapters. Still no glassfish options...
None of the tutorials available seems to deal with this scenario. And they are all dependent on completing these steps. I am in the dark here. Any idea of what my problem might be? I am behind company firewall. There might be proxy-settings involved in this issue, but I have not been able to find the right concepts to explore if that is the case.
If it still doesn't work for you (2014.10.07) use the following link to install GlassFish 7.2 (with Eclipse's Install New Software mechanism):
http://download.oracle.com/otn_software/oepe/12.1.3.1/luna/repository
The one from the marketplace is 7.3, and it is broken for now.
Courtesy of Jan Kowalski
A new version of GlassFish Tools (7.3.0.201409251743) was released recently, which seems to be broken. There is this bug report, and I myself experienced buggy behavior after upgrading my installed version, too, like not being able to start the server anymore.
This is very annoying because apparently one can't revert to the previous version anymore either:
No repository found containing: org.eclipse.update.feature,oracle.eclipse.tools.glassfish,7.2.1.201407111426
Got the same problem at first when using the GlassFish Tools or the OEPE downloads (both deliver the same version) via Eclipse Marketplace. The installation runs smoothly, but no GlassFish option when adding a new server.
I'm running Kepler SR2 and Java 6 update 45.
Then, when browsing the Oracle site for OEPE, I found that the latest few versions are for Java 7/8. Via the archive page for OEPE http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/oepe-archive-1716547.html
I downloaded version 12.1.2.3 which is the last one for Kepler and Java 6.
With this version, the GlassFish option in the New Server dialog finally turned up.
Took me a few hours to find out. It's a bit disappointing that there were no error messages in neither the Eclipse UI nor in de Eclipse log.
(No comments on me using an old JDK please :-) I'll upgrade in the near future.
Greetings .
I've encountered a Java Error ,which is actually giving me a nightmare .
It says :
" Application Blocked by Security Settings "
" Your security settings have blocked an application from running with an out-of-date or expired version of Java "
Java Version : 1.7_25 ( Recommended for my work and not an old one i believe)
Workaround i have performed (which did not work) :
Lowered Security Level to Medium.
Cleared Browser Cache and Cookies.
Checked a few settings in the Advanced Tab of the Java Control Panel like :
General : Allow user to grant permissions to signed content.
Java Cache was also cleared.
Even after performing the above workarounds, one after other, the issue doesn't go and there is no exceptions site list in the security tab either(just for information).
Majority of the issues related to the error would go after the security level is lowered to medium. But mine doesn't.
Hope some one could help me out.
Shall be ever grateful.
Thank you !
AK
"[Java 1.7.0_25 is] recommended for my work and not an old one i believe".
Unfortunately, your belief is incorrect. As of now (when you asked the Question), Java 1.7.0_u25 is over a year old, and there have been 4 security-relevant releases to Java 1.7 since that release.
In fact, you probably don't have any option apart from upgrading ... if you want to use that application via your web browser. The version checks cannot be overridden (AFAIK) for Java applications launched via your web browser and/or using Java Web Start. This is a good thing too.
So how does this jive with your "work recommendation"?
You need to talk to your system admins, or security people, or whoever made that recommendation. Under normal circumstances, it is bad to use an out-of-date version of Java, especially if you enable it in your web browser. It leaves you open to all sorts of security exploits.
It may turn out that there is a sound reason for this "recommendation"; for example a compatibility issue for some other Java-based apps that they need to support. If that is the case, you have a hard choice to make:
You could upgrade to the latest Java 1.7 release and risk not being able to use applications that (really) require an older release of Java.
You could not upgrade, and give up on the idea of using the app that is giving you problems.
You install a second web browser, and configure on to use the latest Java release, and the other to use the older "recommended" release. This could be messy, but (at least) Java is designed to allow you to have multiple JRE or JDK installs on your system simultaneously.
... but my application(on which i am working, unfortunately supports up to this version (i.e. 7_25).
Developing an application that only runs on old versions of Java doesn't seem like a good business strategy.
But assuming there is a good reason, you should be able to install BOTH 1.7.0_25 AND a later version on your system ... and use one for your development work and the other for running web-based applications.
Or if that isn't appealing, then use different virtual machines, or different physical machines for doing the different types of work that you need to do.
"Your security settings have blocked an application from running with an out-of-date or expired version of Java"
Java Version : 1.7_25 ( Recommended for my work and not an old one i believe)
From Java SE Downloads:
Java SE 7u67
This release addresses a regression introduced in the most recent security update. Oracle strongly recommends that all Java SE 7 users upgrade to this release.
You are not on the latest release for version 1.7.
There have been 7 releases since 1.7.25.
Actual problem can be not an outdated Java but applet jar sign/manifest/jnlp.
Workaround:
1.Install latest JRE from Oracle site
2.Uncheck "Enable Java content in browser" in old java/jre (javacpl.exe)
3.Make sure that applet correctly works with latest JRE
4.Uncheck "Enable Java content in browser" in latest JRE and check it in your old JRE
I had same issue, I reduced security level from high to medium and allowed to run the application at risk, it worked for me.
I recommend adding the site URL to the Security Exception Site list without lowering your overall security level.
Recently I took over a relative old project, which is running on weblogic 9.2. I need work on some change requests. I don't know much about weblogic product.
The old DEV-Env is windows based, however I dont have a windows machine. I tried to download Weblogic9.2 for linux (32bits), however I cannot find the link on Oracle website, after quite a lot google, still no working link found.
So the options for me:
find out a working link, download weblogic9.2 and work with it
download and use the 10.x version from oracle
setup a windows box (we have the installer of weblogic9.2 for win)
the 3 is the last thing I want to do. If someone knows where can I get the 9.2 version, it would be great. If there is no weblogic9.2 available, can I work on weblogic10.x and release to 9.2 in production? how risky is it?
Developing in WLS 10.x and deploying in 9.2 may cause some trouble.
There are quite a no of features which have been upgraded in 10.x, such as Java 5 to 6, J2EE 1.4 to 5, Servlet 2.4 to 2.5, JSP 2.0 to 2.1, EJB 2.1 to 3.0.
While most of the features here do have backward compatibility, you have to be extra careful when you develop.
I would suggest to develop based on the lowest common denominator features only, and build on the same server you are deploying it to. (i.e. 10.x has a diff build, and 9.2.x has different one.)
EDIT: There seems to be a authentic binary available on PeopleSoft's FTP site.
It's definitely a risk. Different versions of Weblogic use different jars, so what works on 10.x may not work on 9.x. It's a good practice to have your QA and PROD environments as similar as possible including node setup and startup variables.
If your current PROD deployed code works on 10.x then I would upgrade your PROD environment to 10.x and continue your development on 10.x. If not then do what you can to have 9.x on your DEV environment as well.