First of all, please consider updating to the newest Hotfix release of Xpert.ivy. It supports all security improvements introduced by Oracle in Java 7 and will execute without any problems. See this [blog post][1] for more information.
Now, if you really need to run an old Xpert.ivy version or you need to [sign the client library with your own certificate][2] you have two JRE features to unblock the execution of your rich dialog application:
Exception Site List
-------------------
The exception site list was introduced with Java 1.7.51. It is intended to be used by the end users themselves, i.e. each user must set it. To manage the exception site list go to the Security tab of the Java Control Panel and click the *Edit Site List* button. Then add the URL of your Xpert.ivy server. You need to set at least the protocol, the server name and the port. The path is optional, e.g. `https://myIvyServer:8080` is sufficient.
![edit the exception site list in the Java Control Panel][3]
Note that the deployment rule set is stronger then the exception site list and takes precedence over it. More information about the exception site list in the [official documentation][4] and in this [blog post][5].
Deployment Rule Set
-------------------
The deployment rule set is the feature intended to be used by administrators. It means that you have to set it once globally and all users profit from it.
The first step to use the deployment rule set is to create the deployment rule set file. This is an XML file which contains one or more rules for the rich dialog applications. A simple example rule set file looks like this:
<ruleset version="1.0+">
<rule>
<id location="https://host.example.com" />
<action permission="run" />
</rule>
</ruleset>
A `ruleset` element contains one or more `rule` elements. A `rule` acts either is global (empty `id` element) or on a specific Xpert.ivy server. To identify Xpert.ivy applications you can either use the URL of the Xpert.ivy server or the title set in the JNLP file. To set/see the title used in Xpert.ivy JNLP's, just head to the `configuration/jnlpconfig.any` file. Valid values for the `action` element are `run`, `block` and `default` which are quite self-explanatory. In our context we will mostly use the `run` value.
When you have created the rule set, you need to package it in a signed JAR file named DeploymentRuleSet.jar. The JAR file must be signed with a valid certificate from a trusted certificate authority. You can use the [jarsigner][6] tool from the JDK to do that. In the end you must move the jar file to
- On Windows platforms, install the file in the *<User-directory>\AppData\LocalLow\Sun\Java\Deployment* directory
- On Solaris or Linux platforms, install the file in the */etc/.java/deployment* directory.
- On Mac OS X platforms, install the file in the */Library/Application Support/Oracle/Java/Deployment/* directory.
For detailed information about the deployment rule set, please see the [official documentation][7] or the corresponding [blog post][8].
[1]: http://answers.xpertivy.ch/questions/164/changes-with-java-1-7-51
[2]: http://www.xpertivy.ch/releases/Xpert.ivy/5.0.latest/documents/DesignerGuideHtml/ivy.extension.richdialog.htmlhttp://developer.axonivy.com/doc/5.0.latest/DesignerGuideHtml/ivy.extension.richdialog.html
[3]: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/images/ControlPanel-Security.png
[4]: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/exception_site_list.html
[5]: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/exception_site_list.html
[6]: http://docs.oracle.com/javase/8/docs/technotes/tools/windows/jarsigner.html
[7]: http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/security/deployment_rules.html
[8]: https://blogs.oracle.com/java-platform-group/entry/introducing_deployment_rule_sets
