Java Managed Plugin Policy on Safari not sticking!

Hey everyone Happy Friday!!
I am working on a script to set the com.apple.Safari.plist to allow the java applet to run in untrusted mode for our VPN to work. The script below works and the changes appear in the plist but then are quickly erased and replaced with the original version. I am at my wits end today with this. Right now the only way to have it stick is to change it manually through safaris preferences. Please Help!!

some useful info
System OS: 10.10.2
Safari version:8.03

#!/bin/bash

# @Author: Roger Herling w/credit to maxbehr and bajankinch

# @email: roger.herling@ul.com

# @Date:   2014-11-10 14:22:27

# [~Last] Modified by:   46199

# [~Last] Modified time: 2014-11-11 13:25:58

# Purpose: Cheange Safari's default security settings for Java to allow the SSL VPN Extender to run on Mac OS X



#Casper User variable

USER=$3



# enable logging

exec 3>&1 4>&2

trap 'exec 2>&4 1>&3' 0 1 2 3

exec 1>/var/log/javafix1.log 2>&1





#path to user's Safari plist

theFile=/Users/$USER/Library/Preferences/com.apple.Safari.plist

echo "path set to "$theFile

##############

#JAVA Plug-In#

##############



#Determine how many DICT items exist in plist

DICT_COUNT=`sudo -u $USER /usr/libexec/plistbuddy -c "print ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies" $theFile | grep "Dict" | wc -l | tr -d " "`

echo "Number of DICT="$DICT_COUNT

#Determine if a entry already exists for your server

VPN_PRESENT=`sudo -u $USER /usr/libexec/plistbuddy -c "print ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies" $theFile | grep "ra.ul.com" | wc -l | tr -d " "`







if [ $DICT_COUNT -gt 0 ] && [ $VPN_PRESENT -gt 0 ]; then

  echo "Both DICT exists and a VPN entry exists"

#Both DICT exists and a vnet entry exists. Set the preferences

for idx in `seq 0 $((DICT_COUNT - 1))`

do



     val=`/usr/libexec/PlistBuddy -c "Print ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${idx}:PlugInHostname" $theFile`



    if [ $val = "ra.ul.com" ]; then

       sudo -u $USER /usr/libexec/plistbuddy -c "set ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${idx}:PlugInHostname ra.ul.com" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "set ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${idx}:PlugInLastVisitedDate $(date)" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "set ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${idx}:PlugInPageURL  https://ra.ul.com/SNX/extender" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "set ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${idx}:PlugInPolicy PlugInPolicyAllowNoSecurityRestrictions" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "set ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${idx}:PlugInRunUnsandboxed  True" $theFile

    fi

done



elif [ $DICT_COUNT -gt 0 ] && [ $VPN_PRESENT -eq 0 ]; then

  echo "Java array has DICT entries, but VPN is not one of them"

#Java array has DICT entries, but vnet is not one of them. Add it to the next available array index

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies array" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${DICT_COUNT}:PlugInHostname string ra.ul.com" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${DICT_COUNT}:PlugInLastVisitedDate date $(date)" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${DICT_COUNT}:PlugInPageURL string https://ra.ul.com/SNX/extender" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${DICT_COUNT}:PlugInPolicy string PlugInPolicyAllowNoSecurityRestrictions" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:${DICT_COUNT}:PlugInRunUnsandboxed bool True" $theFile



else

  echo "No DICT entries exist. Creating new one at index 0"

#No DICT entries exist. Create new one at index 0

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies array" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:0:PlugInHostname string ra.ul.com" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:0:PlugInLastVisitedDate date $(date)" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:0:PlugInPageURL string https://ra.ul.com/SNX/extender" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:0:PlugInPolicy string PlugInPolicyAllowNoSecurityRestrictions" $theFile

       sudo -u $USER /usr/libexec/plistbuddy -c "add ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInHostnamePolicies:0:PlugInRunUnsandboxed bool True" $theFile

fi

Page 1 / 1

Unfortunately, scripted methods of managing Safari's internet plug-ins generally stopped working after Safari 6.1.*

In 10.10.x, I would recommend using a profile instead. Apple has a KBase article that describes how to set one up to manage Safari's plug-ins available from here:

http://support.apple.com/en-us/HT202947

*I have a post on how I used to manage the Java whitelist available from here:

https://derflounder.wordpress.com/2013/04/19/managing-safaris-java-whitelist/

Thanks Rich I will check it out!

@RogerUL, the behaviour you were seeing with the plist sounds like preference caching. https://macmule.com/2014/02/07/mavericks-preference-caching/

I agree with @bentoms about the cached preferences, I had a similar script to the one you posted working but used "killall cfprefsd" just before all of the plistbuddy commands.....seemed to stick then. I am abandoning that in favor of the configuration profile (as Rich suggested above).

If you need a sample of a custom Safari Plug-In Configuration Profile you can reference this:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>ManagedPlugInPolicies</key>

    <dict>

        <key>com.oracle.java.JavaAppletPlugin</key>

        <dict>

            <key>PlugInFirstVisitPolicy</key>

            <string>PlugInPolicyAsk</string>

            <key>PlugInHostnamePolicies</key>

            <array>

                <dict>

                    <key>PlugInHostname</key>

                    <string>java.com</string>

                    <key>PlugInLastVisitedDate</key>

                    <date>2015-02-06T13:52:36Z</date>

                    <key>PlugInPageURL</key>

                    <string>https://www.java.com</string>

                    <key>PlugInPolicy</key>

                    <string>PlugInPolicyAllowNoSecurityRestrictions</string>

                    <key>PlugInRunUnsandboxed</key>

                    <true/>

                </dict>

            </array>

        </dict>

    </dict>

</dict>

</plist>

This is only preferences for one plug-in (Java) and for one URL (Java.com)...but you can copy the whole ManagedPlugInPolicies key out of com.apple.Safari (after you manually configure Safari to taste) and paste it into a plist then upload it to make your custom Config Profile. Seems to be working well for me with 3 plug-ins and 14 different URLs.

thanks for the advice I decided to go with config profile and it seems to be working!

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded