Jamf Nation Community

jwojda · ‎01-30-2014

I have a group that's demanding admin rights so they can add some sites to the java exceptions. Is there a way for me to script (or something) that out so I don't have to grant the rights?

rtrouton · ‎01-30-2014

Your users should be able to manage exceptions on their own as well, as that should be a user-level function. I have a post showing how they can add entries themselves:

http://derflounder.wordpress.com/2014/01/15/oracle-java-7-update-51-blocks-unsigned-java-applets-by-...

View solution in original post

rtrouton · ‎01-30-2014

I have a post showing how you can manage the Java 7 Exception Site list:

http://derflounder.wordpress.com/2014/01/16/managing-oracles-java-exception-site-list/

The script associated with the post is set up to set two servers. If you need more than that, Eric Holtam developed this script to do the same job with as many servers as needed:

#!/bin/bash

exceptionList="$HOME/Library/Application Support/Oracle/Java/Deployment/security/exception.sites"
exceptionListPath="$HOME/Library/Application Support/Oracle/Java/Deployment/security/"
SITES=( "https://server.example.com" "https://server2.example.com" "https://server3.example.com" )
MYLOG="$HOME/Library/Logs/java_exception.log"

if [ ! -d "$exceptionListPath" ]
then
    mkdir -p "$exceptionListPath"
    /bin/echo "Created exception list path in: $exceptionListPath " >> "$MYLOG"
fi

touch "$exceptionList"
touch "$MYLOG"

/bin/echo "=================Start `date "+DATE: %m-%d-%Y TIME: %H:%M:%S"`===================" >> "$MYLOG"
for MYSITE in "${SITES[@]}"
    do
        if grep -Fxq "$MYSITE" "$exceptionList"
        then
            /bin/echo "NOT ADDED:  $MYSITE - Already exists." >> "$MYLOG"
        else
            echo "$MYSITE" >> "$exceptionList"
            /bin/echo "ADDED:  $MYSITE" >> "$MYLOG"
        fi
    done

/bin/echo "=================Complete `date "+DATE: %m-%d-%Y TIME: %H:%M:%S"`===================" >> "$MYLOG"

rtrouton · ‎01-30-2014

Your users should be able to manage exceptions on their own as well, as that should be a user-level function. I have a post showing how they can add entries themselves:

http://derflounder.wordpress.com/2014/01/15/oracle-java-7-update-51-blocks-unsigned-java-applets-by-...

jwojda · ‎01-30-2014

Thank you!

The 2nd option seems to be the best to me, however using Casper to push down some Config Profiles to 10.9.x seems to automatically grey out the Java settings, so the users don't have access to that.

Edit: FOund this which is supposed to address my greyed out preference - https://jamfnation.jamfsoftware.com/article.html?id=204

tuinte · ‎01-30-2014

@jwojda:

I followed that article for Java and Wacom tablet prefs. Worked like a charm.

RickNTX · ‎01-30-2014

I was trying to figure out how to handle exceptions where the site changes port numbers throughout the session.

Wildcards don't seem to work from my tests so far...

E.g. server starts out of servername:2002 and then after a login I've watched it change to another port number and the process continues throughout the session where the URL changes to a different port number.

It is a Cisco web tool that we're using and it is doing this...

Any thoughts on handling exceptions lists with a wildcard? Trying to capture all the ports would be a nightmare...

ammar_hassan · ‎11-26-2014

Hey Rick, I am facing the same problem with CISCO ACS. did you find a solution ?

Regards,

Jamf Nation Community

add java exceptions