Restricting client JRE
My application is configured to use j2se1.5.0_15 using <j2se version="1.5.0_15" .../> in the JNLP file.
Client machine having two JREs 1.5.0_15 and 1.6.x installed. When client is trying to access my application, the client machine's java web start using the JRE 1.6.x. But I want make sure that the client should use JRE 1.5.0_15 only eventhough the client have multiple JREs installed in his/her machine.
I want to do it programmatically without using Java-plugin to enable/disable JRE manually.
Aresponse is higly appriciate.
AFAIK jnlp gets always downloaded/managed by default JRE, then you get the JRE you specified to run your application.
Are you sure you're running on 1.6, did you print the java version?
Similar Messages
-
Restrict client request to site by IP address. If the request is?
Hi all,
I have a requirement like as follows.
Requirement:
Restrict client request to site by IP address. If the request is from specific IP address. I mean here standard bloack address (Eg: 127.0.0.1,default subnet mask...)
I am looking for alread predefined method from java libs....Can please any one help on this issue.
regards
prasad.nadendlaUse a SecurityManager and a .policy file that only grants SocketPermissions for the required hosts.
-
How can I use charsets.jar without installing it in the client JRE?
Hi! I've an applet that needs to do some CP850. Since many of the clients are from english speaking countries, they do not have the appropriate JAR that supports the CP850 encoding. Now, I have the charsets.jar which has this encoding. If I install it in the client jre/lib/ext folder, my applet works perfectly, but I don't want to do that. Instead, I want the applet to read it from its own jar or, including the charsets.jar in the archive parameter. I have tried both, adding the whole of charsets.jar to my applet jar using jar -xc dependences\charsets.jar, and also, by putting it in the archive parameter of the applet. None of them works, and I don't know why. If someone can tell me why it didn't work, and how can I make it to work, I'll be very thankfull.
I've been trying also to use a URLClassLoader, but here I got access exceptions:
URL urlCharsets = new URL("http://url.com/jars/charsets.jar");
URL[] urls = {urlCharsets };
URLClassLoader classloader = new URLClassLoader(urls);
classloader.loadClass("sun.io.ByteToCharCp850");Security Access exception here... and the charsets.jar that I'm loading IS signed. No idea what to do here.
Best regards and happy new year!
Message was edited by:
obirenokenobiHi,
Assuming your applet jar and the charset jar are ine the same location on your
server, I'll suggest to use this:
<applet code="myapplet/myapplet.class" archive="myapplet.jar,charset.jar" height="400" width="550"></applet>Hope that help,
Jack -
Batch upgrading client JRE's over Windows network
Does anyone know of a tool or method that can be used to force/exert upgrade of windows client JREs on all machines within a domain/network? This prob won't be anything to do with java, and rather it will most likely be a admin tool used to rollout any application over windows networks. Just thought someone might have used it for java.
You can use the login script, SMS, Zenworks, Footprint, Altiris, Orbiter, AD policies, Managesoft, or any other systems management software. Some of these are better suited for large organizations but others work well within a smaller group. Talk to your systems/network administrator? They can't all be rabid.
The key is to create a completely silent installation. Here's the install string for jre 1.4.2_01. If you paste this into a command prompt (ensuring that your either use the full path to the exe file, or make that directory active), it will install silently with all defaults. Using one of the tools above, you can update every machine in your organization.
j2re-1_4_2_01-windows-i586.exe /S /V"/qr /l %LOGDIR%\J2RE-1.4.2_01\JRE142.log REBOOT=SUPPRESS ALLUSERS=1"
Make sure the %logdir% is created prior to running this string.
Hope this helps,
Margaret -
Jar file for multiple client JRE version
I have two jar file. Fjtable.jar & fjtable16.jar
fjtable.jar is for clients those who are using JRE 1.5 & fjtable16.jar is for jre 1.6 version client Users.
both the jar file i have given in
In formsweb.cfg :
Archive = fjtable.jar , fjtable16.jar
But this give error when accessing forms for those jre1.5 users.
Exception in thread "AWT-EventQueue-2" java.lang.UnsupportedClassVersionError: Bad version number in .class file
How do i give a condition in formsweb.cfg, if client java is jre1.5 then use fjtable.jar else use fjtable16.jar.It's used in the page that calls the Forms configuration with the correct jars : this should tell you which JRE your client is on and can be adapted for your config:
<html>
<body>
<table width="100%">
<tr><td>Click on the link below to run your app:
<script src="http://www.java.com/js/deployJava.js"></script>
<script>
var version = '1.6' ;
if (deployJava.versionCheck(version)) {
document.write("<a href=\"http://myhost.local/forms/frmservlet?config=app16\">MyApp v1.6</a>");
} else {
document.write("<a href=\"http://myhost.local/forms/frmservlet?config=app15\">MyApp v1.5</a>");
</script>
</td></tr>
</table>
</body>
</html>PS. Thanks Francois I'm sure this'll come in useful at some point know how to do this :)
Steve -
This problem is killing me! I need to check what version the
client's JRE is so that they can download and run my app from my web server. They need JRE 1.4.1, and if they don't have it, I want to redirect (potentially) to a page I will create that will inform them of the requirements. (The client will never have admin rights, so can't install it directly from Sun)
I've looked at Jsp and applet solutions but can't get anywhere with it. Does anyone have any ideas on getting around the security issues?
To clarify a bit more, I can have code in the applet to check the
version on the client (jsps will only check the server version) ---
String value = System.getProperty("java.specification.version");
if (value == "1.4.1") {
continue and go to a http page -- but can't redirect from an applet
else {
redirect to an error page or inform the server somehow so I can
redirect the browser.
Any way I can redirect a http page somehow from an applet?
Or set a property in the server which could be read elsewhere...
elpicouse Applet.getAppletContext() to get the AppletContext that represents the page currently displayed by the browser.
then do AppletContext.showDocument(URL�url) to redirect to another page.
AppletContext currentPage = this.getAppletContext();
String value = System.getProperty("java.specification.version");
if (value == "1.4.1")
//OK -> continue.htm
currentPage.showDocument(new URL("http://localhost/continue.htm"));
else {
//ERROR -> error.htm
currentPage.showDocument(new URL("http://localhost/error.htm"));
}thx for the dukes ;),
elchaschab -
Restrict client web access by network port?
I have a set of Mac OS X 10.6.5 client systems that are connected to both ethernet and wireless networks. I need to restrict internet access while the clients are connected to the ethernet connection and allow unrestricted access while on the wireless network.
I currently ask that the users turn on/off AirPort (highest priority network) to change to the ethernet network, but they obviously forget
I do not have total control over the networks themselves, but it occurred to me that I may be able to use a local Mac OS X 10.6.5 server as a DNS server that could be used in the ethernet configuration on the client machines; and perhaps THAT could redirect traffic to any other domains to an error page.
I only want the clients (while connected to the ethernet network) to be able to visit "http://approved-domain.com" or any of the various "http://*.approved-domain.com sub-domains that exist.
Again, I know it would be easier with control of the network/router itself, but I don't and am hoping for a workable solution without it.
A whitelist through a DNS server seemed like a good idea. Is it possible? How might I set it up?The wired network only really needs to access http://aproved-domain.com and all other types of traffic are fine for the wireless network
Oh, well that's radically easier - there may be no need to go to huge lengths here, and users can leave both links active if it's setup correctly - the OS will automatically choose the wired link for approved-domain.com and the wireless link for everything else.
The simplest solution is just DNS - assuming that the approved-domain.com addresses are on the same LAN subnet as the client's ethernet port all you need to do is setup DNS such that it hands out the LAN address of those services and you're done.
You see, whenever the client tries to access a server it looks at the destination IP address to work out how to get there. The first thing it checks is whether the IP address is on the same subnet as a link on the client itself. if it is, then the connection uses that link. If it isn't then it checks to see if it has a static route for the target IP address, and if that fails it sends it to the default gateway address (that's why it's called the default gateway - all traffic that doesn't have a more direct route will take that path).
So as long as your DNS server hands out the LAN address for approved-domain.com there shouldn't be anything more you need to do. Do you have any control over the DNS server for your LAN? or can you change your LAN clients to use a different DNS server that you do control? Those will be important elements in using DNS to manage this setup. -
Restrict clients from a distribution Point
Is there any way to restrict distribution points to clients from a particular limiting collection or at least change the priority of a distribution point used?
Our organization has several entities that provide support desktop. Central IT provides core services support such as networking, directory services and email services to the entire organization. Central IT also provides Desktop support to a large
portion of our organization. We offer the entities of our organization that have their own desktop support use of our tools such as SCCM. It is configured with collection limiting to limit access to each entities OU so that the admins can administer
the machines in their ou and that's it. We also allow them to use the content, i.e. Applications, programs, task sequences etc that we (Centeral IT) create. In some cases the admins distribute our content to their Distribution points. I am
noticing that this causes some of our deployments to use their distribution points for content and not ours. We don't have a very clear cut IP configuration to break out each entities with their own boundary group. I just want our clients to use
our distribution points because with they use other distribution points, we are noticing slowness in deployments such as OSD. -
How to restrict clients download rate
Hi everbody,
i was looking for some time but i couln't even found a old threat. maybe somebody can give me a hint. i have a mac with a timecapsule. and another 2 pc's using the internet via airport (timecapsule). now i'd like to restrict the possible download rate for these two pc`s. how do i do it? can anybody help me.
cheersThere is no configuration option on the Time Capsule nor any of Apple's base stations to do something like this.
-
Client JRE Requirement for Portal 9.0.2.6
I would like to know what the minimum Java Runtime Environment requirement on the client machine is for using Oracle 9iAS Portal 9.0.2.6 and 9.0.4 (10g). I have searched on OTN but to no avail. Does Oracle recommend the Microsoft JVM or the Sun JVM (e.g., Java 1.4.1._02)?
Thanks,
KendraHere you find certification information on the Oracle Application Server.
Peter -
What can i do to restrict client switching between AP's
Hello Community.
Problem is in one office if the client is exact in the middle of the two AP's the clients jumps from one AP to another all the time if he moves one step to right or one step to the left. How do i change these ap switching sensing ? The client uses a WLAN phone and during the AP's switch he get a little noise on the phone.
Thanks for your help and best regardsThe APs are on differenet channels because of DCA, the power level where on Automatic "1" i set the power level in TPC from Automatic to fixed "2".
The show wlan:
WLAN Identifier.................................. 1
Profile Name..................................... internet
Network Name (SSID).............................. internet
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 17
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 64800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... WLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
--More-- or (q)uit
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled -
Restrictions on production client
hi
i need to restrict client independent on production client. can any one advise me how to do it?urgent please
thanksHi,
When you create new client, there you will get option to set security levels.
Four possible options for this setting are:
Changes to repository and client?independent customizing allowed. With this option there are no
restrictions on this client for changes and development.
¨
No changes to client?independent customizing objects. This option allows for development on
repository objects but not on client?independent customizing.
¨
No changes to repository objects. This option lets users perform client?independent customizing but
no development or modifications to repository objets.
¨
No changes to repository and client?independent customizing objects. This setting prohibits any
client?independent modifications and is common on productive systems.
So select the second or last option according to your business scenario. your problem will be solved.
Enjoy...... -
Got a problem launching Forms from e-biz 11.5.10.2 using JRE 1.6.
Our setup :
E-biz: 11.5.10.2
Forms: 6i Patchset 19
DB: 10.2.0.3
JRE: 1.6.0_07 (e-biz is config to use this version)
on windows desktop clients:
JRE: 1.6.0_13
As a non-privileged user account on the workstation, users cannot launch the forms using the 1.6.0_13 JRE.
When a privilieged(Admin) user account logs in, the forms launch fine using 1.6.0_13.
We understand that IA enforces many policy settings in our environment, but can anyone identify which types of policy settings would break this access?
Thanks everyone!
GabeThanks for the docs! We've reviewed them, and are satisfied that the JRE family of 1.6 is working properly.
Our issue is that there are some windows security policies/ maybe group policies, that are restricting the launching of the forms using the newer 1.6.0_13 JRE. This is what we are after, and I would like to know if anyone else has faced similar issue.
Some more clarification:
if the workstation has the 1.6.0_07 JRE, and a non-privileged account logs in, the forms launch fine.
Once 1.6.0_13 is pushed (as our NetAdmin is requesting), the non-privileged account cannot launch forms. Instead, they get an active X request to install 1.6.0_07, which they do not have privilege to install.
Hope this helps.
Gabe -
Clients unable to connect and get DHCP - LAP1142N AP and 5508 WLC
Hi,
I have 19 locations, each with 1 or more LAP1142N AP's in FlexConnect mode, AP's are primed using CAPWAP to my 5508 WLC at the datacenter. The AP's join the WLC without issue every time. I have two WLAN's, one guest and one staff, the guest network is open and obtains DHCP from a WatchGuard XTM33 firewall at each of the remote locations. The staff side is WPA2/RADIUS and DHCP is assigned from the WLC. Each AP is assigned a static IP that is not in the DHCP scope. For example: DHCP scope on the branch firewall is 192.168.1.10-250 the AP will be assigned static IP of 192.168.1.1.. The AP's are connected to a HP procurve switch that has a untagged VLAN, the firewall is using the native vlan 1 and so is the AP.
I have been running this network for over a year and it has not had a single issue until the last two weeks. Nothing on the network has changed or has been upgraded.
Now for the issue: The issue I am seeing is that clients are no longer able to connect to the AP and do not get DHCP assigned to them. I am able to get it working, if I remove the static IP from the AP, the AP will reboot, join the controller, then begin working, users can connect and DHCP is assigned from the firewall as it should. However, If the AP then reboots, the AP will join back to the controller but no clients can connect nor do they get a DHCP address. So, I then reassign a static IP to the AP again and it reboots, connects to the controller and clients then can connect and get DHCP.
Attached is a running config from one of the APs
I've found several posts on this topic, in fact the patch of unassigning or reassigning static IP is one that I found. However, I wanted to post this to see if there is any further assistance I can get on this. I am also waiting on my SmartNet to start up and will be contacting Cisco support as well.
Thanks for any help.Alright, so I finally figured out the issue with this. I had a Mobility Anchor set on the guest WLAN and once I removed that all started working again.
What is Mobility Anchor?
A. Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic. Refer to the Configuring Auto-Anchor Mobility section of Cisco Wireless LAN Controller Configuration Guide, Release 7.0 for more information on this feature. -
Applet won't get client certificate from browser
Hi,
We have an applet that runs fine as long as we don't have the web server require a client certificate. This applet runs inside a protected Intranet with a standard client JRE version 1.4.2 The rules of the intranet state that client certificates are required. So we registered our certificates with the JRE plug in in the browser and NaDa...
I have read all sorts of things out there on the web that says the end user must register a personal Keystore and then we must code the applet to look into the end user's keystore for the certificate and the user must type in their personal password for the keystore into some sort of a form for the applet to read the keystore certificate.
This sounds illogical and I strongly suspect that I am mis-interpreting what is being said...
Can anyone help me understand what I am missing? (or perhaps point to a tutorial that has some better info in it...) I have looked at the Sun Java tutorial for applets didn't see any specific info regarding this type of problem- solution.
Thanks for any pointers or suggestions you might have.
JpGuyHi,
We have an applet that runs fine as long as we don't have the web server require a client certificate. This applet runs inside a protected Intranet with a standard client JRE version 1.4.2 The rules of the intranet state that client certificates are required. So we registered our certificates with the JRE plug in in the browser and NaDa...
I have read all sorts of things out there on the web that says the end user must register a personal Keystore and then we must code the applet to look into the end user's keystore for the certificate and the user must type in their personal password for the keystore into some sort of a form for the applet to read the keystore certificate.
This sounds illogical and I strongly suspect that I am mis-interpreting what is being said...
Can anyone help me understand what I am missing? (or perhaps point to a tutorial that has some better info in it...) I have looked at the Sun Java tutorial for applets didn't see any specific info regarding this type of problem- solution.
Thanks for any pointers or suggestions you might have.
JpGuy
Maybe you are looking for
-
Are multiple PHYSICAL databases supported in one Oracle 10g RAC environment
Hi alls, as of Metalink 220970.1 Oracle RAC is also supporting different databases in one cluster installation. RAC handles any resource as a service and it doesn't matter if these services belongs to only one or to different databases. You install
-
I need use a webcam in labview. Is it possible?
I need use a webcam in labview, is it possible? BYEE!!!
-
"The Adobe DRM Activator is not responding"
I am new to this whole world of on-line books and am trying to download a PDF file for one of my textbooks at my on-line college. I have Adobe 7.0.9 (they told us not to use 8.0) and have attempted to "authorize" my computer for two days now. Everyti
-
After Effects CS 5.5 renders brighter gamma than my CS3. Files gamma don't match
I just upgraded to After Effects CS 5.5 last week. I had a project come back that was originally done in CS3. All the renders were done as the animation codec with an alpha channel. When I open the CS3 project in CS5.5 and render out a composition
-
Problem importing users from LDAP (AD) server in administration tool.
Hello, I have a problem integrating an LDAP server in the Security Manager of the Administration tool. When trying to import users from an LDAP Server, i receive this error> "53002 - LDAP server referral is not supported." [http://download.oracle.com