- Jamf Nation Community
- Products
- Jamf Pro
- Re: Safari 6.0.4 (and 5.1.9): WhiteList for Java
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2013 02:20 PM
http://support.apple.com/kb/HT5678
The details are saved in ~/Library/Preferences/com.apple.Safari.plist as follows; this is an example of a saved site where Java is always permitted to run:
<key>WhitelistedBlockedPlugins</key>
<array>
<dict>
<key>PluginHostname</key>
<string>foo.company.com</string>
<key>PluginIdentifier</key>
<string>com.oracle.java.JavaAppletPlugin</string>
<key>PluginLastVisitedDate</key>
<date>2013-04-16T21:14:29Z</date>
<key>PluginName</key>
<string>Java Applet Plug-in</string>
<key>PluginPageURL</key>
<string>https://foo.company.com/somejavathing</string>
<key>PluginPolicy</key>
<string>PluginPolicyNeverBlock</string>
</dict>
</array>Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2013 09:42 AM
I've found if you create the Plist in /Library/Preferences it is applied to all users rather than having to manage this user-by-user.
Does anyone see where this would be an issue for managed clients? The user is still allowed to add individual sites while I don't have to worry about running at login.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2013 12:12 PM
SHUT YOUR FACE! I swear I tried this before, and got nowhere.
Are you populating a complete plist or just the relevant keys?
Edit: Got it working by creating com.apple.Safari.plist in /Library/Preferences with ONLY these keys:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>WhitelistedBlockedPlugins</key>
<array>
<dict>
<key>PluginHostname</key>
<string>url1.domain.com</string>
<key>PluginIdentifier</key>
<string>com.oracle.java.JavaAppletPlugin</string>
<key>PluginLastVisitedDate</key>
<date>2013-04-26T14:47:26Z</date>
<key>PluginName</key>
<string>Java Applet Plug-in</string>
<key>PluginPageURL</key>
<string>https://url1.domain.com/somejavathing</string>
<key>PluginPolicy</key>
<string>PluginPolicyNeverBlock</string>
</dict>
<dict>
<key>PluginHostname</key>
<string>url2.domain.com</string>
<key>PluginIdentifier</key>
<string>com.oracle.java.JavaAppletPlugin</string>
<key>PluginLastVisitedDate</key>
<date>2013-05-14T16:37:09Z</date>
<key>PluginName</key>
<string>Java Applet Plug-in</string>
<key>PluginPageURL</key>
<string>https://url2.domain.com/anotherjavathing</string>
<key>PluginPolicy</key>
<string>PluginPolicyNeverBlock</string>
</dict>
</array>
</dict>
</plist>
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2013 08:46 PM
I have already tested converting the plist entry using Tim Sutton’s most excellent mcxtoProfile tool for our 2 required ‘sites’ (VPN and internal digital media tool). Imported into a new Configuration Profile and machines seem to honor the settings very well. I modified the plist before import to use the PluginPolicyNeverBlock setting rather than the default PluginPolicyBlockWhenInsecure. This is the difference in the GUI setting from Always Allow and a simple Allow. Once imported into the config profile and applied as a User level setting - the setting is not changeable by the user, but the user is still allowed to ‘clear’ them until the next profile push. I could not get a Computer level setting to take with this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2013 06:55 AM
I've written a couple of scripts, a login script and a separate first boot script, to handle managing Safari's new Java whitelist. I have a post about them available here:
http://derflounder.wordpress.com/2013/04/19/managing-safaris-java-whitelist/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-25-2013 12:05 PM
Thanks Rich
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2013 09:42 AM
I've found if you create the Plist in /Library/Preferences it is applied to all users rather than having to manage this user-by-user.
Does anyone see where this would be an issue for managed clients? The user is still allowed to add individual sites while I don't have to worry about running at login.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2013 12:12 PM
SHUT YOUR FACE! I swear I tried this before, and got nowhere.
Are you populating a complete plist or just the relevant keys?
Edit: Got it working by creating com.apple.Safari.plist in /Library/Preferences with ONLY these keys:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>WhitelistedBlockedPlugins</key>
<array>
<dict>
<key>PluginHostname</key>
<string>url1.domain.com</string>
<key>PluginIdentifier</key>
<string>com.oracle.java.JavaAppletPlugin</string>
<key>PluginLastVisitedDate</key>
<date>2013-04-26T14:47:26Z</date>
<key>PluginName</key>
<string>Java Applet Plug-in</string>
<key>PluginPageURL</key>
<string>https://url1.domain.com/somejavathing</string>
<key>PluginPolicy</key>
<string>PluginPolicyNeverBlock</string>
</dict>
<dict>
<key>PluginHostname</key>
<string>url2.domain.com</string>
<key>PluginIdentifier</key>
<string>com.oracle.java.JavaAppletPlugin</string>
<key>PluginLastVisitedDate</key>
<date>2013-05-14T16:37:09Z</date>
<key>PluginName</key>
<string>Java Applet Plug-in</string>
<key>PluginPageURL</key>
<string>https://url2.domain.com/anotherjavathing</string>
<key>PluginPolicy</key>
<string>PluginPolicyNeverBlock</string>
</dict>
</array>
</dict>
</plist>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-27-2014 02:11 PM
This method seems to work but I can't seem to set the specific sites to run in UnSafe Mode which is required for Juniper VPN client to work properly. The properties I am trying to use is:
<key>PluginPolicy</key>
<string>PluginPolicyAllowWithSecurityRestrictions</string>
When I place the plist in the /Library/Preferences folder it does populate Safari with the sites but they are all set at ALLOW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-13-2014 11:36 AM
@theraven were you able to get around this? I am currently trying to automate this for my users so they do not get this popup
