The Exception Site List feature was introduced in the release of Java 7 Update 51. By adding application URL to the Exception list allows users to run Rich Internet Applications (RIAs) that would normally be blocked by security checks.Listed below are cases which will allow applications to run by adding the application url to the exception site list:
The exception site list is managed in the Security tab of the Java Control Panel. The list is shown in the tab. To add, edit or remove a URL from the list, click Edit Site List.
HTTPSis recommended. If the protocol is not
HTTPS, a warning is shown.
https://www.example.com/apps/, RIAs in that directory and any subdirectory are allowed to run. If the path does not end with a slash, for example,
http://www.example.com/test/applet.html, only that specific RIA is allowed to run.
Only add a site to the exception site list if you trust the entire site. Even if a path is specified, adding a site that might contain other untrusted paths could present a security risk and is not recommended.
If an invalid URL is entered, an error icon is shown next to the item. If the URL is not corrected before OK is clicked, the invalid URL is not saved.
If an active deployment rule set is installed on the system, the deployment rules take precedence over the exception site list. The exception site list is considered only when the default rule applies. See Deployment Rule Set for more information about deployment rules.
You might also be interested in: