P4
A DESCRIPTION OF THE REQUEST :
Start with WInXP & Internet Explorer 7, that never had Java installed before.
Then install JRE 7 U4 (or even JRE 7 U6 beta 12).
When you run the Deployment Toolkit plugin in Internet Explorer for the very first time, by inserting an <object> tag with classid "CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA" into a web page, the browser gives a security popup. The popup says:
"This website wants to run the following add-on: Java SE Runtime Environment 7 Update 6 from Oracle America, Inc. If you trust the website and the add-on and want to allow it to run, click here...".
The reason why this security popup occurs is because the JRE installer did not add the following 2 Keys to the Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}]
(Apparently there are 2 classids associated with the Deployment Toolkit)
Also, when I use the Javascript code for the very first time:
var A = new ActiveXObject("JavaWebStart.isInstalled");
var B = new ActiveXObject("JavaWebStart.isInstalled.1.7.0.0");
I also get a security popup in Internet Explorer.
The reason why this security popup occurs is because the JRE installer did not add the following Key to the Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5852F5ED-8BF4-11D4-A245-0080C6F74284}]
I would like for the JRE installer to make sure that these Registry keys are present when installation occurs. And if they are not present, then the installer would add the keys to the Registry.
It would also be nice to make sure that this key is installed:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
Fore some reason, older JRE uninstallers would remove some of these keys from the Registry.
JUSTIFICATION :
1) Previous versions of Java installers made sure that these Registry keys were present.
JRE 7U3 did so, I believe, as well as many of the installers from JRE 6.
2) This enhancement would allow the overall Java experience to be more user friendly.
The user should not have to deal with these security popups in Internet Explorer the first time that they run Java or the Java Deployment Toolkit.
3) If the user already intentionally installed Java onto their computer, then they should not have to give permission in Internet Explorer for these plugins to run via a security popup. We do not get a security popup in Firefox the first time that Java runs.
These enhancements also will make Java plugin detection go more smoothly.
I am working on the Java detection code for PluginDetect at:
http://www.pinlady.net/PluginDetect/
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The first time that JRE 7 Update 4 is installed, and the very first time that the Deployment Toolkit plugin is run in Internet Explorer, we should NOT get a popup in the browser asking for permission.
Same thing goes for the Javascript: new ActiveXObject("JavaWebStart.isInstalled").
So, the installer should add the appropriate Registry keys, and perhaps leave them in place even after Java is uninstalled.
ACTUAL -
As I said, the actual behavior is that we get the security popups in Internet Explorer the first time the Deployment Toolkit plugin is run in the browser.
---------- BEGIN SOURCE ----------
Just put the following HTML into your web page to run the Toolkit plugin in Internet Explorer:
<object width="100" height="100" id="dtk1"
style="border:solid red 2px;"
classid="clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA" >
not installed
</object>
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The user can simply click on the security popup to allow the plugin to run. But that is not the point. The popup should preferably not occur in the first place.
Start with WInXP & Internet Explorer 7, that never had Java installed before.
Then install JRE 7 U4 (or even JRE 7 U6 beta 12).
When you run the Deployment Toolkit plugin in Internet Explorer for the very first time, by inserting an <object> tag with classid "CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA" into a web page, the browser gives a security popup. The popup says:
"This website wants to run the following add-on: Java SE Runtime Environment 7 Update 6 from Oracle America, Inc. If you trust the website and the add-on and want to allow it to run, click here...".
The reason why this security popup occurs is because the JRE installer did not add the following 2 Keys to the Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}]
(Apparently there are 2 classids associated with the Deployment Toolkit)
Also, when I use the Javascript code for the very first time:
var A = new ActiveXObject("JavaWebStart.isInstalled");
var B = new ActiveXObject("JavaWebStart.isInstalled.1.7.0.0");
I also get a security popup in Internet Explorer.
The reason why this security popup occurs is because the JRE installer did not add the following Key to the Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5852F5ED-8BF4-11D4-A245-0080C6F74284}]
I would like for the JRE installer to make sure that these Registry keys are present when installation occurs. And if they are not present, then the installer would add the keys to the Registry.
It would also be nice to make sure that this key is installed:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
Fore some reason, older JRE uninstallers would remove some of these keys from the Registry.
JUSTIFICATION :
1) Previous versions of Java installers made sure that these Registry keys were present.
JRE 7U3 did so, I believe, as well as many of the installers from JRE 6.
2) This enhancement would allow the overall Java experience to be more user friendly.
The user should not have to deal with these security popups in Internet Explorer the first time that they run Java or the Java Deployment Toolkit.
3) If the user already intentionally installed Java onto their computer, then they should not have to give permission in Internet Explorer for these plugins to run via a security popup. We do not get a security popup in Firefox the first time that Java runs.
These enhancements also will make Java plugin detection go more smoothly.
I am working on the Java detection code for PluginDetect at:
http://www.pinlady.net/PluginDetect/
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The first time that JRE 7 Update 4 is installed, and the very first time that the Deployment Toolkit plugin is run in Internet Explorer, we should NOT get a popup in the browser asking for permission.
Same thing goes for the Javascript: new ActiveXObject("JavaWebStart.isInstalled").
So, the installer should add the appropriate Registry keys, and perhaps leave them in place even after Java is uninstalled.
ACTUAL -
As I said, the actual behavior is that we get the security popups in Internet Explorer the first time the Deployment Toolkit plugin is run in the browser.
---------- BEGIN SOURCE ----------
Just put the following HTML into your web page to run the Toolkit plugin in Internet Explorer:
<object width="100" height="100" id="dtk1"
style="border:solid red 2px;"
classid="clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA" >
not installed
</object>
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The user can simply click on the security popup to allow the plugin to run. But that is not the point. The popup should preferably not occur in the first place.