We have some legacy javaws applications which are self signed. So we try to launch them with javaws from java 1.7.0_51 after enabling Deployment Rule Set. The applications are launching only the first time. After they first time, they fail to launch throwing an error about self-signed jars. However, the applications will launch after clearing the cache.
From the DRS documentation, it seems that self-signed jars will be not blocked if DRS is enabled. But this is not the behavior observed above. To me this looks like a bug. Please confirm and also let us know how we could launch the legacy application with DRS enabled and without clear the cache for every launch.
Note: this is only observed with "high" or "very high" security settings.
I found the problem and providing the solution here for anyone facing the same issue.
The problem was that I had a ruleset.xml file which contains an IP address matching rule. During the second launch, the jars are picked from cache and so does not match the IP address rule. The solution is to have a rule that match the certificate which is used to sign the application jars.
Now the rule in ruleset.xml would look like
<ruleset version="1.0+">
<rule>
<id>
<certificate hash="9208E7206B4BD02D891385A6162E58F5FA67B4B64EBF92A87A9C2DC" />
</id>
<action permission="run" />
</rule>
</ruleset>
Refer to the Deployment Rule Set documentation for steps to get the hash.