I'm trying to configured Deployment rule set for some internal application, but I run a problem with one of them.
RuleSet.xml:
<ruleset version="1.0+">
<rule>
<id location="machine1.domain.net" />
<action permission="run" />
</rule>
<rule>
<id />
<action permission="block">
<message>Blocked by corporate</message>
</action>
</rule>
</ruleset>
The JNLP file:
<title>Virtual KVM Client</title>
<vendor>IBM</vendor>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.6+ 1.5+ " />
<jar href="/aessrp/avctIBMViewer.jar"/>
</resources>
<resources os="Windows">
<nativelib href="/aessrp/avctKVMIOWin32.jar"/>
</resources>
<resources os="Linux">
<nativelib href="/aessrp/avctKVMIOLinux.jar"/>
</resources>
<application-desc main-class="com.avocent.ibmc.kvm.Main">
<argument>ip=machine1.donain.net</argument>
<argument>helpurl=https://machine1.domain.net.net/aessrp /help/contents.html</argument>
<argument>user=?????</argument>
<argument>passwd=</argument>
<argument>apcp=1</argument>
<argument>version=2</argument>
<argument>kmport=3900</argument>
<argument>vport=3900</argument>
<argument>title=machine1.domain.net-Video Viewer</argument>
</application-desc>
</jnlp>
The URL for the application:
https://machine1.domain.net/
The ruleset file is working fine for others URl "location" however for this one I will get allways the same error Blocked by corporate
could you see somthing wrong in this code? There is any special implication with Https and JNLP files?
Finally the problem was in the JNLP file since the codebase espcification doesn't do reference to JNLP file location himself.
[http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html]
The JNLP file without href field will be ignored and the default rule will be applied.
Alternatives:
Create the JNLP with href addressing the JNLP file itself.
Create the JNLP file without codebase, then the name of the JNLP will be used as href (not tested).
Make the filter by hash certificate, more secure but a bit hard to maintenance.