Applet refuses to run even with sandbox permissions and with site added to exception list

Question

Before you close this for being a duplicate for one of the below posts, Java changed the requirements for runnable applets in Java 1.8. These requirements make it impossible to run an applet that is not signed by a trusted certificate. The only way to get around this is to add websites to an exception list, which isn't working for me either strangely.

Related, but out of date, posts:

• Java Error: "Your security settings have blocked a local application from running"
• "application blocked by security settings" prevent applets running using oracle SE 7 update 51 on firefox on Linux mint
• Run local java applet in browser (chrome/firefox) "Your security settings have blocked a local application from running"

Generating our jar file

Me and my 'company' have created a game that we want to put on our website. We converted the java app into an Applet. The applet runs in the appletViewer perfectly but it will not run in a webpage. Here is our manifest that we are using:

Manifest-Version: 1.0
Application-Name: Battle-Ship
Permissions: sandbox 
Created-By: Chetter-Games
// empty line

Signing our jar file

The jar file is signed using a keystore that we have generated ourselfs (it is not from a trusted certificate distributor). Here is the output from jarsigner:

Enter Passphrase for keystore: 
jar signed.

Warning: 
No -tsa or -tsacert is provided and this jar is not timestamped. Without a 
timestamp, users may not be able to validate this jar after the signer 
certificate's expiration date (2015-12-09) or after any future revocation date.

I was pretty sure that this error is negligible. This might cause problems later, but we just want to get something up and running right now.

HTML page containing our Applet

Here is the html for our page with the embedded applet:

<html>
<body>
<applet code='battleShip.WindowApplet'
    archive='signed-BattleShip.jar'
    width=500
    height=500>
</applet>
</body>
</html>

Here is a server-side ls of our working directory, which contains the applet page battle.html and the applet signed-BattleShip.jar:

-rw-rw-r-- 1 www-data      www-data      12136 Dec  5 21:57 back.jpg
-rw-r--r-- 1 www-data      www-data        195 Dec  9 14:25 battle.html
-rw-rw-r-- 1 www-data      www-data        116 Dec  9 12:59 index.html
-rw-r--r-- 1 www-data      www-data      27509 Dec 10 12:19 signed-BattleShip.jar

What are the problems?

No matter what we try, we always get this prompt:

So far we have tried all of the following:

1. Restricting applet to sandbox
2. Adding page to security exception list
   • We have tried adding www.example.com, www.example.com/, and www.example.com/battle.html and none of those have helped
3. Generating a new keystore
4. Running it locally (did not help)
5. Using Object tag instead of Applet

We think it has something to do with there no longer being a 'medium' option in the java control panel. We are just trying to get something up and running, any help would be very appreciated.

Answer 1

Finally got my applet to work after hours and hours of messing around with it. Hopefully this works for you and saves others from hours of frustration:

My Manifest file includes the following:

Manifest-Version: 1.0 Permissions: sandbox Application-Name: Your Application Name Goes Here (Blank Line)

My HTML file includes:

And as for adding the domain to the Site Exception List, NOTHING worked until I added it in this format:

http://mywebsite.com/ (note that it doesn't have the www. and includes a forward slash at the end. No other combination worked for me.)

Make sure to include the manifest file in your jar. I used Eclipse Juno and this function is found when you export to a JAR. I placed my manifest.txt file in the src directory where the main classes were. I tried other manifest attributes like Codebase and Entry-Point, etc. but those gave me problems as well, so I removed them.

My game currently runs perfectly aside from one problem - sound. No sound plays on the web version, though they play fine when run through eclipse. I'm satisfied with it as it stands, currently, and got an A for the project anyway... so i'll fix the sound issue later.

Hope this helps!

Posted the following previously, but it was removed due to not being an answer (but i did return with an answer, as promised). Mods, remove this if you want, but I think a little background might help other visitors identify with the issues they're having.

I'm in the exact same position. I have a final project (also a game) due this week and I can't get my applet to load.

Been researching for hours now and am still stuck. The weird thing is, I tested a simple "Hello World" applet that just prints the string on the screen, and that worked fine. I also tried running an applet with multiple classes to see if that was causing any issues, yet that ran fine, too. Then I tried running that same applet in a jar file, and that also worked.

Tried loading my game with high hopes but was crushed to see that java blocked it. Funny thing is, I can no longer run the simple applets now...

Not sure what that implies. Either java's security guards are buggy, or if the site gets flagged because of one "threat", it shuts down all applets from the same domain. I tried adding all variations of the domain to the Exception Site List to no avail.

I'm going to keep trying, because my grade depends on it - will post here if I'm able to find a fix.

I'm running win7 64bit, java 8 update 25 (1.8.0), browsers - chrome, ie x86, ie64, applet compiles and runs fine in Eclipse 64bit. My game includes about 18 classes, and a bunch of png, gif, and wav files. None of the classes make any outside url/http requests or anything like that.

Answer 2

I have been getting the same error message as John, however my applet already exists in a web page and was not developed by me. I don't understand any of what was given (jar files and manifests) so I looked for a simpler option. For those who don't know much about languages and working around limitations:

The way to let the exception list accept the settings is to run it as an admin. The link below specifies running command prompt as an admin and opening the control panel as such. :

https://www.java.com/en/download/help/javacpl.xml

Steps I took:

1. Run command prompt as an admin
2. Since I am using windows 8, the directory i typed in looks like this: "c:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe"
3. Inside the security tab, add the site you wish to be an exception

After following these steps adding the exception was a success.

Answer 3

After a long time of messing with this I stumbled across the answer to this the other day. Hopefully this will save someone some time.

Java 8 no longer supports the medium security level which is required for running self signed or unsigned applets.

The solution for me was to completely uninstall Java 8 from my machine and reinstall using Java 7. I then opened my Java settings:

Once Java 7 is installed, you should be able to select the medium security option. This will allow you to run an applet after a security prompt telling you that you're about to run an unsigned applet.

Answer 4

I just went through that same problem. What you need to do is make sure you have the latest version of Java. Then you need to look find the Java Control panel. Depending of what type of operating systems you have, the java website will tell you. Then just access your SECURITY tab in the Java control panel and add the specific website to the "exception site list" then click Edit site list . starting with HTTPS: and just add the website... it sucks really.