To protect our users from maliciuos applets I wanted to disable the Java browser plug-in.
In a test (JRE 7) I noticed that deactivating the plug-in also disables Java Web Start. We need to use one Web Start application so it seems that we have no choice than keeping the browser plug-in enabled.
Is this correct, or is there a way to use Web Start without enabling the browser plug-ins?
Test steps:
in a command window I enter the following command
the following error box appears:
Its message translates to
This application could not be downloaded because Java over Internet is deactivated. You can activate Java on this system over the Java Control Panel
I have not seen an option to activate "Java over Internet" in the Java Control Panel. When I enable the browser plug-in, the Java Web Start application can be launched.
The same error message appears if I execute a local copy of the JNLP file
jawas
<path to local jnlp file>
The jnlp file (slightly cleaned up):
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="https://example.com/path/to/" href="webstartapp.jnlp">
<information>
<title>...</title>
<vendor>...</vendor>
<homepage href="..." />
<description>...</description>
<description kind="short">...</description>
<description kind="tooltip">...</description>
<offline-allowed />
</information>
<security>
<all-permissions />
</security>
<resources>
<j2se version="1.7+" initial-heap-size="128m" max-heap-size="256m" />
<jar href="Client/lib/Launcher.jar" main="true" />
</resources>
<application-desc main-class="com.veda.launcher.Start">
<argument>...</argument>
<argument>*</argument>
</application-desc>
</jnlp>
jawas <path to local jnlp file>
– mjn