Java 7u51 and AutoVue

Hello all - As you may be aware, Java 7u51 was released earlier this week.  This release includes a lot of important security fixes for java - However these fixes do have some impact on users of the AutoVue client.

The first potential impact is that all applets (including the AutoVue client) must define a 'permissions' attribute in order for them to run.  We released a patch for all supported versions of AutoVue late last year that included this attribute.

The other issue is that 'LiveConnect', which is what allows Javascript to call Java code, is disabled in Java 7u51.  Most AutoVue integrations, including our integrations to Agile PLM, Web Center Content, and Documentum, make use of this mechanism to open files, start comparing files, and various other operations.  

Additionally, some older versions of Java, including Java 7u45, will disable LiveConnect once they 'notice' that Java 7u51 is available, so if a user is prompted to upgrade to Java 7u51 and refuses, LiveConnect will also be disabled.

To renable 'LiveConnect' in Java 7u51, the easiest approach is to make use of the 'Exception Site' configuration.  This configuration allows a user to indicate that a certain set of URLs are trusted - and any Java code provided from those URLs will have LiveConnect enabled.  

The 'Exception Site' list can be configured by an individual user by going into the Java control panel, but it is ultimately controlled by a text file stored inside the local Java deployment - so administrators can update the file centrally, and then push the file out to all members of an organization who need to use AutoVue.

We've published KM note 1615032.1 with more details on how to deal with these issues.

Comments:

This blog mentions:
The first potential impact is that all applets (including the AutoVue client) must define a 'permissions' attribute in order for them to run. We released a patch for all supported versions of AutoVue late last year that included this attribute.

Exactly which version of AutoVue are you referring to?

I have tested with AutoVue 20.2.2 and jvue.jar does not have the permission attribute set - the error message shows up in the Java console.

Posted by Tim Hodgson on January 23, 2014 at 09:40 AM EST #

Hi Tim - The permissions attribute was released as a patch - so it is not in the stock AutoVue 2.2.2 jar, but you can download a patched jar.

The links for the patches are in the KM note mentioned above - for 20.2.2 you can search for patch 17807469 on the support portal.

One final note - If you go through the 'exception site' method described above, you won't need the patched jar - this method overrides the need for the permissions attribute.

Posted by Warren Baird on January 23, 2014 at 09:46 AM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

The authors of this blog are members of the AutoVue Enterprise Visualization team at Oracle. The views expressed on this blog reflect those of the members and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today