Is that true?

真的吗？

Don't know, but had heard the same. What is your source?

不知道，但听说过。你的来源是什么？

In case it is true, do I have any chance to build a workaround for my JNLP application, so that I am able to start the application even after January 2014?

如果是真的，我是否有机会为我的 JNLP 应用程序构建一个解决方法，以便我能够在 2014 年 1 月之后启动应用程序？

The only realistic way to deploy code in that situation is have it signed using a digital certificate from a Certification Authority (i.e. signed, but not self-signed).

在这种情况下部署代码的唯一现实方法是使用来自证书颁发机构的数字证书对其进行签名（即签名，但不是自签名）。

Any 'workaround' would be a security bug. So if you find one, please let us know so we can raise a bug report and get it fixed.

任何“解决方法”都是安全漏洞。所以如果你找到了，请告诉我们，这样我们就可以提出错误报告并修复它。

Yes, this is true. This blog entryfrom Oracle has the details.

是的，这是真的。 这篇来自 Oracle 的博客条目有详细信息。

As I understand it, you have three options for continuing to work:

据我了解，您有三种选择可以继续工作：

1. Sign your app with a trusted cert
   • Normally, this is done by acquiring a cert from one of the vendors whose root certs are trusted by Java by default.
   • You can also use a self-signed certificateif your community of users is controlled (e.g. all within a managed corporate network, or all students in the same intro to programming class).
2. Have your end users configure their machines to trust your app despite it being self-signed
   • via deployment rule sets(Oracle's intention is that DRSs are only to be used in corporate environments, where you can push out this configuration update via a centralized management technology)
   • via the exception site list(I believe this is intended to be analogous to DRSes, but for individual end users without centralized management)
3. Have your users lower their security slider from High (the default) to Medium

1. 使用受信任的证书为您的应用签名
   • 通常，这是通过从默认情况下 Java 信任根证书的供应商之一获取证书来完成的。
   • 如果您的用户社区受到控制（例如，所有用户都在受管理的公司网络内，或者所有学生都在同一编程课程介绍中），您也可以使用自签名证书。
2. 让您的最终用户将他们的机器配置为信任您的应用程序，尽管它是自签名的
   • 通过部署规则集（Oracle 的意图是 DRS 仅用于企业环境，您可以在其中通过集中管理技术推送此配置更新）
   • 通过例外站点列表（我认为这类似于 DRS，但对于没有集中管理的个人最终用户）
3. 让您的用户将他们的安全滑块从高（默认）降低到中

See also my questionabout obtaining pre-release versions of these updates to test with.

另请参阅我关于获取这些更新的预发布版本以进行测试的问题。

I have a self-signed app that just needs to run through the end of the semester (December), so I won't be affected by the January deadline. However, we are experiencing trouble even with earlier builds. This just started last week (perhaps due to some kind of automatic update). The JRE is build 40.

我有一个自签名的应用程序，只需要运行到学期末（12 月），所以我不会受到 1 月截止日期的影响。但是，即使使用早期版本，我们也遇到了麻烦。这只是上周开始（可能是由于某种自动更新）。JRE 是构建 40。

I changed the manifest file to include the required attributes of permission and codebase and then re-signed the jar, but it still causes a security block to appear at our school.

我更改了清单文件以包含所需的权限和代码库属性，然后重新签署了 jar，但它仍然导致我们学校出现安全块。

Can anyone suggest other steps I should take? Is a commercial certificate my only option?

谁能建议我应该采取的其他步骤？商业证书是我唯一的选择吗？

Thanks, Nina

谢谢，尼娜

Oracle just announced that a new feature called the Exception Site Listwill be available in 7u51.

Oracle 刚刚宣布将在 7u51 中提供称为异常站点列表的新功能。

If it means what I thinkit means, then in-house-only apps who are currently self-signing their jars can simply ask their users to whitelist the app without the user having to do anything "complicated" for an end user, like importing a cert (for example).

如果这意味着我认为的意思，那么目前正在对他们的 jar 进行自签名的内部应用程序可以简单地要求他们的用户将应用程序列入白名单，而用户不必为最终用户做任何“复杂”的事情，比如导入证书（例如）。

UPDATE:

更新：

Java 7u51 was just released, and I can confirm that the Exception Site List solution works quite easily. Just go to Java Control Panel -> Security -> Edit Site List, and add the URL of the self-signed JNLP app to the list of Locations.

Java 7u51 刚刚发布，我可以确认异常站点列表解决方案很容易工作。只需转到 Java 控制面板 -> 安全性 -> 编辑站点列表，然后将自签名 JNLP 应用程序的 URL 添加到位置列表。

for me..sel-signed web is working when changed security setting to Medium..

对我来说..sel-signed web 在将安全设置更改为 Medium 时正在工作..

This is for WindowsONLY

这仅适用Windows于

Go to Java configuration in Windows, "java configure", choose "Security" tab and Choose "Edit Site List", add your self signed url into the list.

转到 Windows 中的 Java 配置，“ java configure”，选择“ Security”选项卡并选择“ Edit Site List”，将您的自签名 URL 添加到列表中。

Sometimes you need to add the full url of the java application into the list to make it work, you cannot just add https://xxx.abc.com, should be https://xxx.abc.com/application_blah_blahinstead.

有时您需要将 java 应用程序的完整 url 添加到列表中以使其工作，您不能只添加https://xxx.abc.com，而应该添加https://xxx.abc.com/application_blah_blah。

After added the url, restart the java application by input that url in the browser, it will work.

添加 url 后，通过在浏览器中输入该 url 重新启动 java 应用程序，它将起作用。

Check out Java official help to allow the access:

查看 Java 官方帮助以允许访问：

Control untrusted programs

控制不受信任的程序