Mac OS X: Java – “Application Blocked by Security Settings” Solution

Starting with Java 8 Update 20 (Java 8u20) and later versions the option to lower the security setting in the Java Console Panel to Medium has been removed. Prior, changing the setting to Medium would quickly resolve issues where certain unsigned Java applets would not run. Now, with Java 8u20 and later, only High and Very High levels are available. These security levels are described on the java.com website as stated below.

Very High
This is the most restrictive security level setting. All the applications that are signed with a valid certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked.

High
This is the minimum recommended (and default) security level setting. Applications that are signed with a valid or expired certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.

Medium (removed from Java 8 Update 20 and later versions)
Only unsigned applications that request all permissions are blocked. All other applications are allowed to run with security prompts. Selecting the Medium security level is not recommended and will make your computer more vulnerable should you run a malicious application.

This new default, although enabled for security reasons, presents challenges for those simply wanting to run unsigned applets they trust locally on their PC or those developing applets or just learning how to code who want to run applets for quick testing. Below, I demonstrate how to resolve this on Mac OS X Yosemite (10.10.1) by updating the security settings. Note, new Java security defaults were implemented for additional security precautions, so you may want to use the below method only when needed and then revert back once complete.

1. Click on the Apple icon on the top left of the screen, and select System Preferences.
2. Click on the Java icon.
3. Click on the Security tab.

You should now see the below.




Mac OS X Java Console (Java 8 Update 25)

4. Click the Edit Site List… button; then click the Add button; next, type file:/ and hit enter. Finally, click Ok.

You will get a security warning prompt as shown below. Click Continue.




Mac OS X Java Security Warning

After the update you should see the below.




Mac OS X Java Console (Java 8 Update 25) with Updated Exception Site List

You can now simply double click an html file with Java applet code and have it run as expected. For demonstration purposes, I created a simple Java Applet with the below code.

HumairApplet - Example Java Applet Code

Next, I compile the Java code into bytecode with the javac HumairApplet.java command at the cli. I then, add this class to my HTML code as shown below. Note, for this example, my applet class and HTML file are in the same folder.

HTML Code Utilizing HumairApplet.class

Opening the HTML in Firefox, I get a security warning, and just click Run. I then see the below final output.

Output of HTML File with Embedded Applet Tag