Defining a Java Access Control Autopolicy
A Java access control autopolicy defines the list of servers and ports to which Java applets can connect. This autopolicy also specifies which resources the system signs using the code-signing certificate that you upload.
When you enable Java access control using this autopolicy, the system automatically enables the Allow Java applets option on the Users > User Roles > Select Role > Web > Options page of the admin console.
To create a Java access control autopolicy:
1.Create a custom Web application resource profile.
2.Click Show ALL autopolicy types.
3.Select the Autopolicy: Java Access Control check box.
4.In the Resource field, specify the server resources to which this policy applies using the format: host:[ports]. (By default, the system populates this field with the server specified in your resource profile's base URL.)
5.Select one of the following options from the Action list:
•Allow socket access - To enable Java applets to connect to the servers (and optionally ports) in the Resource list.
•Deny socket access - To prevent Java applets from connecting to the servers (and optionally ports) in the Resource list.
6.Click Add.
7.Select the Sign applets with code-signing certificate check box to resign the specified resources using the certificate uploaded through the System > Configuration > Certificates > Code-signing Certificates page of the admin console. (The system uses the imported certificate to sign the server resources that you specify in the Resources field.)
8.Click Save Changes.
Defining a Server to Which Java Applets Can Connect
When defining servers to which Java applets can connect, you must use the following format:
host[:ports]
Within this format, the two components are:
•Host (required) - Possible values:
•DNS Hostname - For example: www.pulsesecure.net
You may use the following special characters allowed in the hostname:
|
* |
Matches ALL characters. |
|
% |
Matches any character except dot (.) |
|
? |
Matches exactly one character |
•IP address/Netmask - You must enter the IP address in the format: a.b.c.d.
You may use one of two formats for the netmask:
Prefix: High order bits
IP: a.b.c.d
For example: 10.11.149.2/24 or 10.11.149.2/255.255.255.0 You cannot use special characters in the IP address or netmask.
•Ports - You must use the delimiter ":" when specifying a port. For example: 10.11.149.2/255.255.255.0:* The following table lists the possible port values.
|
* |
Matches ALL ports; you cannot use any other special characters |
|
port[,port]* |
A comma-delimited list of single ports. Valid port numbers are [1-65535]. |
|
[port1]-[port2] |
A range of ports, from port1 to port2, inclusive. |
You can mix port lists and port ranges, such as: 80,443,8080-8090.