Issue
I/A Series R2 / G3 graphics are not displayed when using web browser after the Java version is updated to Java 7 Update 51 or later. A dialog box indicates "Application Blocked - Application Blocked by Security Settings."
Product Line
TAC IA Series
Environment
- I/A Series R2
- I/A Series G3
Cause
From Java 7 Update 51 and onwards, Java has enhanced the security model to make user system less vulnerable to the external exploits. The new version of Java does not allow users to run the applications that are not signed (Unsigned), Self signed (not signed by trusted authority) and the applications that are missing permission attributes.
- Risks involved in running each kind of applications
Unsigned applications: An application without a certificate (i.e. unsigned apps), or missing application Name and Publisher information are blocked by default. Running this kind of application is potentially unsafe and present higher level of risk.
Self signed application (Certificate not from trusted authority)
An application with self-signed certificate is blocked by default. Applications of this type present the highest level of risk because publisher is not identified and the application may be granted access to personal data on your computer. - Jar file missing Permission Attribute
Permissions Attribute verifies that the application requests the permission level that developer specified. If this attribute is not present, it might be possible for an attacker to exploit a user by re-deploying an application that is signed with original certificate and running the application at a different privilege level.
Resolution
As a workaround, the user can use Exception Site list feature to run the applications blocked by security settings. By adding the URL of the blocked application to the Exception Site list allows it to run with some warnings.
Steps to Add URL to the Exception Site list:
- In control panel go to the Java Control Panel
- Click on the Security tab and verify that the Security Level is set to "High" or "Medium".
- Click on the Edit Site List button
- Enter your site details (This example http://www.SBO-Site.com) where www.SBO-Site.com is the address of the R2 Enterprise Server or UNC serving graphics, expressed either by name or by IP address.
- Click the Add in the Exception Site List window.
- Select continue
- Repeat the process, adding the addresses of all the site's Enterprise Servers and UNCs/JACEs.
If this computer is used for browsing I/A Series G3 site graphics or StruxureWare for Building Operation site graphics, the addresses of those sites may be added as well.
