How to configure new security dialog for applets?

Question

I recently updated to Java 7 (Update 45) and now my website applet deployment is triggering two security dialogs. The first one is the "normal" one, that shows the information of the certificate that signed the applet. Everything fine with that. However a second popup occurs now right after that, asking again to allow the Java application (must be the applet).

Why is that second dialog appearing and how does one control what values are used there for application name and publisher?

Allow access to the following application from this website?

Answer 1

You need to include Caller-Allowable-Codebase: in your manifest file. If you need to be able to use it from different domains and you know them all in advance then you can just include them in a space separated list. If you don't know all domains you'll be deploying to then use * as the value instead.

See this page for details on this attribute: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#caller_allowable

Answer 2

http://java.com/en/download/help/javascript_applet.xml

The website uses JavaScript code in conjunction with the Java application. This message is shown to alert you of a possible security concern because the website was not explicitly granted access permission by the application.

This is part of the new security feature introduced in Java 7 update 45:

http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html#newft

The JavaScript to Java (LiveConnect) security dialog prompt is shown once per Applet classLoader instance

I don't checked it yet, but it looks like one needs to assamble different builds for each domain where the applet shall run, now.