Deploying rulesets for Java Applet based MII Applications
Java Applets is a component of SAP MII which is used for displaying data in different ways like Charts,Grids,Drop down Boxes ..etc . Java applets have a dependency on Java installed on local machine. Due to security policies for companies ,the Java version maintained on machine has to be latest. Java applets when used to build SAP MII applications face security popup issues due to these continuous updates on Java. SAP has recommended a set of steps to be followed as a solution to avoid these popups in article 1955567
One of the solution mentioned in the article is to deploy Java Deployment Rulesets. In this article I will show the steps to do that.
Java Deployment Ruleset is a feature where enterprises can define a whitelist for their applications.Once enabled Java will bypass the security checks for the mentioned sites thus avoiding the security popups.
The first step is to create a ruleset.xml file which will mention all the MII links which are to be bypassed for security checks.
Java Deployment Ruleset on Oracle site mentions additional attributes which you can use like specifying the Java version to be used and giving specific message for some errors.
Once the ruleset is defined,you need to create the jar file named Deploymentruleset for ruleset.xml by running below command in CMD.
The jar file needs to be signed to mark it as Trusted.You can create your own Self Signed certificate by running the below command in CMD –
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 365 -keysize 2048
Here note the password which you enter as it is required while signing the jar file later.
Enter the details of last name ,first name,Organisational Unit,Country when prompted
Following these steps will create keystore.jks file.
Export the keystore.jks created to SelfSigned.cer to import to Java Control Panel later.
keytool -export -alias server-alias -storepass changeit -file SelfSigned.cer -keystore keystore.jks
Now sign your jar file by running the jarsigner utility of Java in CMD-
These steps will create a SelfSigned Deployment Rule Set which contains the whitelist for applications to avoid the Java security popups.
Place the DeploymentRuleset.jar in C:\WIndows\Sun\Java\Deployment location to apply the ruleset.
Once the ruleset is active you can see a ‘View active Deployment ruleset’ option under Security Panel in Java Control Panel.
The ruleset is now active but not verified as it is not linked with the Selfsigned certificate which was created.You may see the error as below-
To import the certificate follow the below steps in Manage Certificates option under Security.
You can now use Applet based SAP MII pages without getting any security prompts !!
The Deployment ruleset can be pushed to multiple machines via various Software distribution techniques.
Applets are a legacy technique for data communication and it is always advisable to migrate Applet based logic to newer techniques like UI5 which is based on HTML5 standards and don’t have dependency on Java installed on local machines.
You can refer to this blog post to get an idea of implementing UI5 for your MII application.