Deploying JRE (Native Plug-In) For Windows Clients in Oracle E-Business Suite 11i

Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite 11i (Doc ID 290807.
1)
Modified: 11-Feb-2014 Type: WHITE PAPER
In This Document
Section 1. Overview
Section 2. Prerequisites
Section 3. Installation & Configuration
Section 4. Post-Installation Steps
Section 5. Known Issues
Appendices
This document covers the procedure to upgrade the version of the JRE Native Client being used in Oracle E-Business Suite 11i.
The most current version of this document can be obtained in Document 290807.1.
There is a change log at the end of this document.
Note 1: Oracle strongly recommends that Oracle E-Business Suite 11i customers move to the latest and therefore most secure certified version of the JRE
Native Plug-in on either the the JRE 7 stream, JRE 1.7.0_51 (7u51), or the JRE 6 stream, JRE 1.6.0_71 (6u71).
For further information about new functionality and other changes in JRE 1.7.0_51, see the Update Release Notes. Amongst other changes and features
this includes:
Changes to Security Slider
Self-Signed and Unsigned applets are now blocked on the default 'High' Security Setting. This setting also requires the inclusion of the
'permission' attribute. For information on signing jar files with a 'Trusted Certificate', see Document 1591073.1 titled 'Enhanced Jar Signing
for Oracle E-Business Suite'.
Exception Site List
The 'Exception Site List' allows end users to control their own application whitelist to by-pass a number of security rules. For example this
would allow applications and sites to run even though they are using using self-signed certificates for example. For further information on
this feature see the Java SE Exception Site List document.
Note 2: See JRE 1.7.0_45 (7u45) and Higher issue when using JDK 4 on the application tier within Section 5. Known Issues
Note 3: The JRE 6 stream has reached End of Life therefore JRE 1.6.0_51 (6u51) and higher are no longer available through the public download sites.
Oracle E-Business Suite users can continue to run JRE 6 during the extended support period of their EBS release and can download the latest JRE 6
releases through My Oracle Support. For a full list of JRE patch numbers please see Document 1439822.1, titled 'All Java SE Downloads on MOS'. For
further information see Implications of Java 6 End of Public Updates for EBS Users.
Latest JRE 6 Patch Numbers
The Windows 32-bit and 64-bit version of JRE 1.6.0_71 (6u71) are available in 'Patch 17777920 - Oracle JDK 6 Update 71'.
(All Java patches contain both the JRE and JDK releases. Please extract and use the JRE version of Java from the patch, the JDK version is
not required for the purposes of this document.)
Section 1. Overview
The Oracle E-Business Suite 11i has two interfaces: a web-based model for modules like iProcurement and iStore, and an Oracle Forms-based model for our
professional services modules like Oracle Financials.
This document will explain the steps needed to upgrade to the latest certified version of JRE Native Client for supporting forms-based modules used with
Oracle E-Business Suite 11i. It is important that you read and follow this document in its entirety before starting an upgrade or applying any patch.
Unraveling Java Terminology
A wide range of products are available for the Java platform. Many of these product names sound similar, and are sometimes even used interchangeably in
Sun's own documentation. For more information on Java terminology please see the Unraveling Java Terminology webpage. JRE 6 family refers to JRE 1.6.x.
JRE 7 family refers to JRE 1.7.x.
To access Oracle Forms-based content in the Oracle E-Business Suite, end-users require the "Sun Java2 Standard Edition Java Runtime Engine". In this
documentation, this is referred to as "JRE", since it is the runtime component required for end-user desktop clients.
For historical reasons, certain parts of this documentation, particularly the installation scripts, may refer to "J2SE". You should interpret these references to be
equivalent to "Sun Java2 Standard Edition Java Runtime Engine" or "JRE".
Section 2. Prerequisites
JRE 7 Minimum Patch Requirements
The JRE 7 Plug-in is certified for Oracle E-Business Suite 11i with the following minimum patch requirements:
Windows XP SP3, Windows Vista SP1 & SP2, Windows 7 & Windows 7 SP1 (32-bit & 64-bit) and Windows 8 (32-bit & 64-bit)
Oracle Applications 11.5.10 CU2 with ATG.RUP6 (Patch 5903765) or higher.
Oracle Developer 6i Patch 19 (6.0.8.28.x)
Additional developer 6i - 6.0.8.28 Patch 14615390 or later.
(See Document 125767.1 titled, 'Upgrading Developer 6i with Oracle Applications 11i' for the latest available patches).
JRE 6 Minimum Patch Requirements
The JRE 6 Plug-in is certified for Oracle E-Business Suite 11i with the following minimum patch requirements:
Windows XP SP3 Desktop Clients
Oracle Applications 11.5.10 CU2 or higher.
Oracle Developer 6i Patch 18 (6.0.8.27.x) or higher.
Windows Vista, SP1 & SP2 Desktop Clients
Oracle Applications 11.5.10 CU2 with ATG.RUP4 or higher.
Oracle Developer 6i Patch 18 (6.0.8.27.x) or higher.
Windows 7 and Windows 7 SP1 Desktop Clients (32-bit and 64-bit), Windows 8 (32-bit and 64-bit)
Oracle Applications 11.5.10 CU2 with ATG.RUP6 (Patch 5903765) or higher.
Oracle Developer 6i Patch 19 (6.0.8.28.x) (See Document 125767.1).
Note: New fixes are no longer provided on top of Oracle Developer 6i Patch 18 (6.0.8.27.x). Please upgrade to PS19 (6.0.8.28.x) to uptake any new or
existing fixes for developer 6i.
Please see the Section 5. Known Issues for any further requirements or limitations that may be applicable.
For further information on Oracle E-Business Suite 11.5.10 minimum patch requirements see Document 883202.1 titled, 'Patch Requirements for Extended
Support of Oracle E-Business Suite Release 11.5.10'
Certification Matrix for JRE (64-bit) Releases
This table outlines the currently certified 64-bit Browser, Windows Desktop Client Operating System and 64-bit JRE streams with minimum versions, where
applicable.
Internet Explorer, Windows desktop operating system and service pack requirements are available from Microsoft.
Browser
Version
Windows 8 (Desktop Mode)
(64-bit
1
)
Windows 7
(64-bit
1
)
IE 10 (64-bit)
JRE 1.6.0_37 (64-bit) and higher
IE 9 (64-bit)
Not Certified JRE 1.7.0_10 (64-bit) and higher
IE 8 (64-bit) Not Certified
1
Microsoft Office: Microsoft Office (64-bit) is NOT certified with Oracle E-Business Suite 11i. Please continue to run the Microsoft Office (32-bit) version with the 64-bit
stack.
For further information regarding the 64-bit stack see Appendix A: Information for JRE 64-bit Users within this document.
Certification Matrix for JRE (32-bit) Releases
This table outlines the currently certified 32-bit Browser, Windows Desktop Client Operating System and 32-bit JRE streams with minimum versions, where
applicable
Internet Explorer, Windows desktop operating system and service pack requirements are available from Microsoft.
Browser Version
Windows 8
(32-bit and 64-bit
1
)
Windows 7
(32-bit and 64-bit
1
)
Windows Vista
(32-bit)
Windows XP
(32-bit)
IE 10
JRE 1.6.0_37 and higher
Not Certified
IE 9 Not Certified
Not Certified
IE 8 Not Certified
IE 7 Not Certified Not Certified
IE 6 Not Certified Not Certified Not Certified
Firefox ESR 24.x
Included for Historical Purposes
2
Firefox ESR 17.x
Firefox ESR 10.x Not Certified
1
Windows 7 (64-bit) desktop client operating system shows the Oracle E-Business Suite certification matrix when running 32-bit client based products, Browsers, JRE
Plug-in and Microsoft Office.
2
Firefox versions 3.0.x, 3.5.x, 3.6.x, ESR 10.x & ESR 17.x are no longer supported by the vendor. It is recommended that any users running these versions upgrade
to Firefox ESR 24.x. Oracle will continue to offer support with earlier Firefox versions with Oracle E-Business Suite 11i on a 'Best Effort' basis only.
For further information on browsers, see Document 285218.1 entitled 'Recommended Browsers for Oracle E-Business Suite 11i'.
Compatibility with Higher JRE releases
Oracle has certified the Oracle E-Business Suite with the minimum JRE releases noted above on the JRE 1.6 and JRE 1.7 families. Oracle E-Business
Suite end-users may use or upgrade to higher production releases of the JRE Plug-in on either family at their discretion.
Oracle will continue to test and certify the Oracle E-Business Suite with selected future versions of JRE 1.6.x and JRE 1.7.x releases in advance of
their general availability to the public. Oracle will update this documentation with known compatibility issues or workarounds as needed. All current
JRE 1.6.x and JRE 1.7.x production versions equal to or higher than the minimum versions stated above are compatible with Oracle E-Business
Suite 11i.
Section 3. Installation & Configuration
This section outlines the steps required to upgrade the required JRE Plug-in release on the Oracle E-Business Suite web tier.
Step 1. Download Required Patches
Step 1.1. Download the JRE Plug-in Oracle E-Business Suite interoperability patch
Download the JRE Plug-in Oracle E-Business Suite interoperability Patch 6863618.
Note: If you have previously applied this patch and are simply upgrading your Oracle E-Business Suite web tier to another JRE version there is no need to
apply it again.
This patch is required for both JRE 1.6.x and JRE 1.7.x and contains the required versions of the txkSetPlugin JRE upgrade scripts to ensure that the
context file is updated both seamlessly and correctly:
Unix: $FND_TOP/bin/txkSetPlugin.sh v115.4
Windows: %FND_TOP%\bin\txkSetPlugin.cmd v115.5
Step 1.2. Download the JRE Plug-in
JRE uses a 'Non-Static Versioning' model, meaning the version installed here denotes the minimum version that will be used to access Oracle E-Business
Suite. (Historically when running a 'Static Versioning' model the version installed would denote the specific version that would have to be used to access
Oracle E-Business Suite from the desktop client.)
For further information including the behavior when using 'next-generation Java Plug-in technology' (JRE 1.6.0_10 and higher) please see, Appendix B: Static
vs Non-Static Versioning and Set Up Options
Download the JRE Plug-in (Step 1.2.1.):
Note: Only one version of the JRE plug-in can be installed for download through Oracle E-Business Suite and can be either a 32-bit or a 64-bit version as
required.
Step 1.2.1. Download the JRE Plug-in
Download the latest JRE 6 or JRE 7 update from the Java SE Downloads page.
Click the JRE Download button for the appropriate Java version
Click the Accept License Agreement button
Download the Windows x86 Offline (32-bit) or Windows x64 (64-bit) version as required
If an earlier version of the JRE Plug-in is required, it can be downloaded from the Oracle Java Archive site.
Click on the required Java SE version link e.g. Java SE 6
Select the required Java SE Runtime Environment version link e.g. Java SE Runtime Environment 6u32
Click the Accept License Agreement button
Download the Windows x86 Offline (32-bit) or Windows x64 (64-bit) version as required
Proceed to Step 2.
Step 2. Rename the JRE Plug-in and Place it on the Web Server
Step 2.1. Rename the JRE 6 Native Plug-in
Rename the downloaded JRE 6 Native Plug-in file to j2se<version>.exe
For example:
jre-7u21-windows-i586.exe or jre-7u21-windows-x64.exe would be renamed j2se17021.exe
jre-6u45-windows-i586.exe or jre-6u45-windows-x64.exe would be renamed j2se16045.exe
jre-6u7-windows-i586.exe would be renamed j2se16007.exe
Step 2.2. Place the Renamed JRE Plug-in on the Web Application Tier
Move the renamed j2se<version>.exe file to the web application tier and place it in $[COMMON_TOP]/util/jinitiator.
[COMMON_TOP] refers to the top level directory where the common utilities are installed. By default, this is the parent directory of $JAVA_TOP.
See the 'Installing Oracle Applications' manual for more details on the Oracle E-Business Suite file system.
Proceed to Step 3.
Step 3. Apply Prerequisite Patches
If you are using Developer 6i Patch 18 (6.0.8.27.x) or lower please upgrade to Developer 6i Patch 19 (6.0.8.28.x) by following Document 125767.1 titled,
'Upgrading Developer 6i with Oracle Applications 11i'.
Note: Oracle no longer provides new fixes on top of Oracle Developer 6i Patch 18 (6.0.8.27.x).
It is strongly recommended that the latest Developer 6i - 6.0.8.28 patches are applied if not applied previously.
Developer 6i - 6.0.8.28 Patch
Please apply the latest Additional Developer 6i - 6.0.8.28 patch.
For information on the latest Developer 6i patch requirements please see Document 125767.1 titled, 'Upgrading Developer 6i with Oracle
Applications 11i'.
Developer 6i Interop Patch
Please apply the Developer 6i Patch 19 (6.0.8.28.x) interop Patch 9935935 or later. Failure to apply this patch can result in the following error:
Exception in thread "thread applet-oracle.forms.engine.Main-1" java.lang.NoClassDefFoundError:
oracle/forms/ui/FLWTextArea
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at oracle.forms.handler.TextAreaItem.class$(Unknown Source)
at oracle.forms.handler.TextAreaItem.getDefaultClass(Unknown Source)
at oracle.forms.handler.UICommon.instantiate(Unknown Source)
at oracle.forms.handler.UICommon.onCreate(Unknown Source)
at oracle.forms.handler.TextAreaItem.onCreate(Unknown Source)
Step 4. Apply the JRE Interoperability Patch
If not applied previously apply the JRE Plug-in Interoperability Patch 6863618 by following the steps below.
Note: Users must be AutoConfig enabled to upgrade to the JRE Native Plug-in. For more information about AutoConfig, please refer to Document
165195.1 titled, 'Using AutoConfig to Manage System Configurations with Oracle Applications 11i').
Step 4.1. Enable Maintenance Mode
If you are using Oracle Applications Release 11.5.10 or Minipack 11i.AD.I or higher, you must enable 'Maintenance Mode' before applying the patch driver from
the JRE Interoperability Patch, as follows;
Step 4.1.1. Shutdown Apache
Shutdown Apache (on normal mode) by running;
adapcctl.sh stop
or
adstpall.sh apps_user/apps_pwd
Step 4.1.2. Enable 'Maintenance Mode'
Enable 'Maintenance Mode' by running adadmin, and selecting the following options;
Select menu option 5, 'Change Maintenance Mode'
Select menu option 1, 'Enable Maintenance Mode'
(For further information on Maintenance Mode please review Document 291901.1 titled, 'Maintenance Mode - A New Feature in 11.5.10')
Step 4.2. Apply the JRE Interoperability Patch (UNIX Users only)
If your application-tier server nodes are running on Microsoft Windows Server, skip this step and proceed to Step 4.3.
Applying the JRE Interoperability Patch for the first time is a two stage process:
Step 4.2.1. Apply the Patch Driver
If you are upgrading to the JRE native Plug-in for the first time, please apply the interop patch using AutoPatch.
Note:If you wish to alter the JRE version you are currently running and have previously applied the interop patch on your environment, there is no
need to apply it again. Please skip this step and continue to step Step 4.2.2 below.
Step 4.2.2. Run the txkSetPlugin.sh Script
Run the $FND_TOP/bin/txkSetPlugin.sh script against the web node of the application tier.
The txkSetPlugin.sh script will update the new JRE version information into your AutoConfig context file, update the version used by Workflow and
run AutoConfig to incorporate the new values throughout your application. This script must be run using the following command:
txkSetPlugin.sh jversion
Where: jversion represents the JRE version you wish to install, without decimal points or underscores. (e.g. 16045)
This value is listed in the 'jversion Parameter' column of appendix JRE Parameter Settings.
For example; the command to install JRE 1.7.0_21 is:
txkSetPlugin.sh 17021
The script will prompt you for the following values, if it does not find them automatically:
Location of APPSORA.env file, if not present in the default location $APPL_TOP.
Location of the AutoConfig Context File.
Password for the APPS user in the database (If the correct value is returned by the script you may press the return key at the prompt).
Step 4.2.3. Multiple Application-Tier Web Server Nodes
If you have multiple web application tier server nodes, repeat the steps above to apply the patch driver in the JRE Interoperability Patch against all
other web application tier server nodes.
Step 4.3. Apply the JRE Interoperability Patch (Windows Server)
If your application-tier server nodes are running UNIX, skip this step and proceed to Step 4.4.
Applying the interop patch for the first time is a two stage process;
Step 4.3.1. Apply the patch driver in the interop patch using AutoPatch.
If you are upgrading to the JRE native Plug-in for the first time, please apply the interop patch using AutoPatch.
Note: If you wish to alter the JRE version you are currently running and have applied this patch previously, there is no need to apply it again.
Please skip this step and continue to Step 4.3.2. below.
Step 4.3.2. Run the txkSetPlugin.cmd Script
Run the txkSetPlugin.cmd script from the patch_top/interop_patch_number/fnd/bin/ directory, against the web node of your middle tier, where
patch_top is the directory in which you unzipped this patch.
The txkSetPlugin.cmd script will update the new JRE version information into your AutoConfig context file, update the version used by Workflow and
Discoverer and run AutoConfig to incorporate the new values throughout your application. This script must be run using the following command:
txkSetPlugin.cmd appsora_path apps_pwd jversion
Where:
Parameter Value Parameter Description
appsora_path Full path to your APPSORA.cmd file (This may be APPSsid_host.cmd)
apps_pwd Password for APPS user in the Database
jversion
The JRE version you wish to install, without decimal points or underscores. (e.g. 16026)
This value is listed in the 'jversion Parameter' column of appendix JRE Parameter Settings.
For example; the command to install JRE 1.6.0_26 would be similar to:
txkSetPlugin.cmd C:\oracle\visappl\APPSORA.cmd apps_pwd 16026
Step 4.3.3. Multiple Application-Tier Web Server Nodes
If you have multiple application-tier web server nodes, repeat the steps above to apply the patch driver in the JRE Interoperability Patch against all
other application-tier web server nodes.
Step 4.4. Disable Maintenance Mode
Disable Maintenance Mode by following these steps:
Step 4.4.1. Disable 'Maintenance Mode'
Disable 'Maintenance Mode' by running adadmin, and selecting the following options;
Select menu option 5, 'Change Maintenance Mode'
Select menu option 2, 'Disable Maintenance Mode'
Step 4.4.2. Restart Apache
Restart Apache (on normal mode) by running;
adapcctl.sh start
or
adstrtal.sh apps_user/apps_pwd
Section 4: Post-Installation Steps
Step 5. Verify your upgrade
Once the JRE Plug-in has been installed on your client, follow these steps to verify that you have successfully upgraded JRE.
Step 5.1. Enable Java Console
Enable the Java Console on your desktop client through the 'Java Control Panel' by setting:
'Control Panel' -> 'Java' (icon) -> 'Advanced' -> 'Java Console' -> 'Show Console'.
Step 5.2. Close Browser Windows
Close all browser windows. Wait a minute or so after the windows are closed until the processes have finished saving their data to disk.
Step 5.3. Sign into Oracle E-Business Suite
Sign into Oracle E-Business Suite, and choose a Forms-based (Professional user interface) responsibility.
For information on requirements and possible issues when trying to connect to a new or freshly upgraded Oracle E-Business Suite environment, please see
Accessing Oracle E-Business Suite from a Desktop Client in the Appendices section.
Step 5.4. Check the Console Window
A window titled Java Console should appear and display lines describing the JRE version being used.
Examples:
JRE 6 32-bit Version
Java Plug-in 1.6.0_38
Using JRE version 1.6.0_38-b05 Java HotSpot(TM) Client VM
Java Plug-in 10.10.2.18
Java Plug-in 1.6.0_38
Using JRE version 1.6.0_38-b05 Java HotSpot(TM) 64-Bit Server VM
Using JRE version 1.7.0_10-b18 Java HotSpot(TM) 64-Bit Server VM
Note: If a higher version of JRE than the one just installed is shown, it may be because a higher version has previously been installed on the desktop. You
can check the versions installed through the 'Java Control Panel':
Control Panel -> Java (icon) -> Java (tab) -> View (button)
Section 5: Known Issues
Depending on which products technologies and products you are using, there may be some limitations to be aware of and/or other steps you need to perform.
Java Plug-in Issues
General Technology Issues
Product Specific Issues
Java Plug-in Issues
Java Update Needed
JRE 1.7.0_45 (7u45) and Higher
JRE 1.7.0_11 (7u11)
JRE 1.6.0_24 (6u24)
Java Update Needed
"Your Java Version is Insecure"
Trying to run a version of JRE that is below the security baseline or past its expiration date can cause the following warning message to display:
Windows 7 Users
Clicking "Update" will download and attempt to install the latest version of the JRE Plug-in from java.com.
Clicking "Block" will stop the application from running.
Clicking "Later" will close the message and allow the application to run.
Windows XP Users
Clicking "Update" will download and attempt to install the latest version of the JRE Plug-in from java.com.
Clicking "Block" will stop the application from running.
Clicking "Later" will close the message and allow the application to run.
Suppressing the Message
If you want to prevent this message appearing again until the next new JRE release becomes available check the "Do not ask again until the next
update is available" checkbox and then select the "Later" button.
This option updates the users deployment.properties file as follows:
deployment.expiration.decision.timestamp.10.17.2=5/14/2013 11\:0\:19
deployment.expiration.decision.10.17.2=later
deployment.expiration.decision.suppression.10.17.2=true
The above example is based on JRE 1.7.0_17, if the JRE version was 1.7.0_21 the numbering would be "10.21.2" rather than "10.17.2"
An administrator may update this information for all their users deployment.properties file so that they do not need to go through the manual
steps outlined above on first launch.
Depending on which Desktop O/S you are running the users deployment.properties file is held in the following directory:
Windows Vista, 7 and 8: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment
Windows XP User: %USERPROFILE%\Application Data\Sun\Java\Deployment
Other Ways to Suppress this Message
Customers who wish to keep up to date with the later Java releases but also want control over when they upgrade can prevent this message appearing
by using a special build of JRE 7 which has the Java Auto Update function turned off. These versions are available as a patch download, see Document
1439822.1 titled 'All Java SE Downloads on MOS' for a list of JRE versions and their patch numbers. Although Java patches contain both the JRE and JDK
releases you only need the JRE version installed on the desktop client to uptake this feature.
Auto Update is turned off by default on all builds of JRE 1.6.0_60 (6u60) and higher.
For further information on using this patch please see:
Document 1553875.1 - Handling New JRE Security Dialogs
Document 1557737.1 - Support entitlement for Java SE when used as part of another Oracle Product
JRE 1.7.0_40 and Higher Users
If your installed JRE 7 release falls below the security baseline, or passes it's built-in expiration date, an additional 'JRE Out of Date' warning is shown
to users to update their installed JRE to the latest version.
To suppress this specific warning message, add the following entry in the deployment properties file:
deployment.expiration.check.enabled=false
For more information, see Deployment Configuration File and Properties.
Certificate Revocation Lists Error using LDAP URL
The Certificate Revocation Lists (CRL) check may fail if using an LDAP URL causing forms launch to fail with the following error:
java.lang.ClassNotFoundException: oracle.apps.fnd.formsClient.FormsLauncher.class
The CRL check was introduced in JRE 7u25 so this error may also be seen when using earlier releases than JRE 7u45 in certain circumstances.
How to Fix this Issue
This Issue is fixed in JRE 7u51-b32 and higher which is only available through Patch 17981166.
(All Java patches contain both the JRE and JDK releases. Only extract the JRE version of Java from the patch and install on your desktop to fix this
issue.)
Workaround
If you are unable to upgrade at this time, turn off the CRL check in the Java Control Panel as a temporary workaround:
Java Control Panel -> Advanced (tab) -> Perform certificate revocation checks on -> Do not check (not recommended)
Unsigned Entry in Resource Error
Running JRE 1.7.0_45 (7u45) on an Oracle E-Business Suite environment that is using JDK 4 on the application tier will fail with the following error in
the Java Console (Jar files signed against JDK 4 are not compatible with this JRE release):
java.lang.SecurityException: com.sun.deploy.net.JARSigningException: Found
unsigned entry in resource:
http://server1.example.com:10403/OA_JAVA/oracle/apps/fnd/jar/fndforms.jar
at com.sun.deploy.cache.CacheEntry.getJarFile(Unknown Source)
at com.sun.deploy.model.ResourceProvider.getCachedJarFile(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack$1.run(Unknown Source)
How to Fix this Issue
To fix this issue follow the steps below:
1. Upgrade the JDK version of your application tier node by following the appropriate document below:
Using J2SE Version 6 with Oracle E-Business Suite 11i (Document 401561.1)
2. Regenerate the jar files using the 'force' option through adadmin.
Workaround
If you are unable to upgrade your JDK at this time, you can workaround this issue by turning off Java caching through the Java Control Panel on the
desktop:
Java Control Panel -> General (tab) -> Settings (button) -> Keep Temporary Files on the Computer (Uncheck)
JRE 7u25 includes a new security function for permissions and attributes in the Jar Manifest file. This can result in the following warning messages appearing
in the Java Console:
Missing Permissions manifest attribute for: https://ap123vis.us.oracle.com:4443/OA_JAVA/oracle/apps/fnd/jar/fndforms.jar
Missing Codebase manifest attribute for: https://ap123vis.us.oracle.com:4443/OA_JAVA/oracle/apps/fnd/jar/fndforms.jar
Missing Permissions manifest attribute for:
https://ap123vis.us.oracle.com:4443/OA_JAVA/oracle/apps/fnd/jar/fndformsi18n.jar
Missing Codebase manifest attribute for: https://ap123vis.us.oracle.com:4443/OA_JAVA/oracle/apps/fnd/jar/fndformsi18n.jar
etc.
For further information regarding this function please see the New JAR Manifest File Attributes section within the Java 7u25 Update Release Notes.
Patch Fix
To fix this issue, apply Patch 17191279. This patch also contains a number of other AD fixes which incorporate the latest jar signing architectiure. For further
information see Document 1591073.1 titled, 'Enhanced JAR File Signing for Oracle E-Business Suite'.
"Your security configuration will not allow granting permission to self signed certificates"
JRE 1.7.0_21 (7u21) and higher will no longer run with a 'Very High' security setting set within the Java Control Panel when using Self-Signed
certificates. Trying to run Oracle Forms-based content using such a certificate will pop the following message:
After clicking through or closing these messages the following error will appear in the Java Console and forms will not launch:
ExitException[ 6]java.security.cert.CertificateException: Your security configuration will not allow granting
permission to self signed certificates,
at sun.plugin2.applet.Plugin2Manager.isAppletTrusted(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
JRE 1.7.0_21 and higher run on a default security setting of 'High'. If you wish to use a 'Very High' security setting please sign the jar files with a
Trusted Certificate. The security level can be changed using the slider under the 'Security' tab within the 'Java Control Panel'.
For full details regarding the code signing changes, see - Java Applet & Web Start - Code Signing and Setting the Security Level of the Java Client.
For further information on Jar signing in EBS see Document 1591073.1 titled, 'Enhanced JAR File Signing for Oracle E-Business Suite'.
JRE 1.7.0_11 (7u11)
Security Alert
JRE 1.7.0_11 (7u11) is a CPU security release which includes the fix for Oracle Security Alert CVE-2013-0422. It is highly recommended that customers
on the JRE 7 stream upgrade to this release of higher.
JRE 1.6.0_24 (6u24)
Security Alert
JRE 1.6.0_24 (6u24) is a critical patch update which fixes security vulnerabilities in Oracle Java SE including CVE-2010-4476 (Java Runtime
Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number) which can affect users running JRE 1.6.0_23
(6u23) and earlier.
For further information regarding this security alert please see alert-cve-2010-4476-305811.html
Although the impact of this vulnerability on desktops is minimal and the desktop will not be compromised Oracle recommends that customers upgrade
to "JRE 1.6.0_24 (6u24) or higher" as soon as possible.
Java Certificate Warning - Publisher Unknown
If you are using a self-signed certificate for jar signing the Publisher will display as UNKNOWN in the Java 'Warning - Security' window when running
JRE 1.6.0_24 (6u24) or higher. For further information please see Connecting to an Oracle E-Business Suite Instance for the First Time.

General Technology Issues
Adding Custom Jar Files
Application Freeze/Hang Issues
File Export / Form Attachments Functions
Forms Launch Issues
Forms Focus Issues
Forms Closure Issues
Forms Listener Socket Mode Issues
Mismanaged Session Cookie Issue
NLS/MLS Issues
Security Warning Running JRE 6u19 and Later
SSL Issues
Other Issues
Adding Custom Jar Files
Adding custom jar files to appsweb.cfg through the use of "userjarfile=<custom.jar>", can cause the forms navigator to function incorrectly after the initial
launch of a form. On subsequent form launches the initial navigator window is closed and a new one is opened with the new form. The standard behavior is
for the subsequent form to open in the same navigator window. To fix this issue please apply Patch 10210925 by following its readme.
Application Freeze/Hang Issues
Resizing the Forms Applet Window
Resizing the forms applet window multiple times may cause the application to freeze when using JRE 1.6.0_10 or JRE 1.6.0_11. This is fixed in JRE
1.6.0_12 (6u12). For further details please see Bug 7485019 - Resizing the Forms Applet Window Hangs the Forms Session.
Right Click in Forms Field
Menu access by right clicking in a forms field may cause the application to freeze when using next-generation Java Plug-in through JRE 1.6.0_10 or JRE
1.6.0_11. This is fixed in JRE 1.6.0_12 (6u12).
Windows Rendering slowly using JRE 1.6.0_10 and Higher
Certain graphics cards (for example NVIDIA GeForce, ATI Radeon) may cause windows to render and display slowly, after moving the form within the
window when using next-generation JRE Plug-in technology through JRE 1.6.0_10 or higher. This issue is fixed in JRE 1.6.0_14 and higher.
If you are unable to upgrade at this time to workaround the issue in Oracle E-Business Suite it is recommended to either update the appsbase.htm file
on the web server OR update the individual desktop clients.
Solution 1: Modify the appsbase.htm file
Change both the $OA_HTML/US/appsbase.htm and $FND_TOP/html/US/appsbase.htm files by adding the following data in the
appropriate places as shown below;
1) Add - var xjavarguments = '-Dsun.java2d.d3d=false' to the 'Sun JDK Parameters Section';
var xjdkprogcolor = "%jdk_progresscolor%"
var xjavarguments = '-Dsun.java2d.d3d=false'
2) Add - IEhtml += '' + 'PARAM name= java_arguments value="' + xjavarguments + '"'; to the 'IE Section';
if(xplugin == "jdk"){
IEhtml += ' codebase="' + xpluginurl + '"';
IEhtml += '' + 'PARAM name=java_arguments value="' + xjavarguments + '"';
IEhtml += '' + 'PARAM name=legacy_lifecycle value="' + xsunpluginlifecycle + '"';
3) Add - IEhtml += '' + 'PARAM name=java_arguments value="-Dsun.java2d.d3d=false"'; to the 'IE Section';
IEhtml += '' + 'PARAM name=serverUserParams value="' + xenv + " ';
IEhtml += '' + 'PARAM name=java_arguments value="-Dsun.java2d.d3d=false"';
IEhtml += '' + 'PARAM name=colorScheme value="' + xuics + '"';
4) Add - PARAM name=java_arguments value="-Dsun.java2d.d3d=false" to the 'Netscape Section';
PARAM name="%nparam4%" value="%vparam4%"
PARAM name=java_arguments value="-Dsun.java2d.d3d=false"
Solution 2: Update each Individual Desktop Client
1) Open the' Java Control Panel' on the desktop client, Control Panel - Java
2) Add -Dsun.java2d.d3d=false to the appropriate JRE version under;
Java -> Java Applet Runtime Settings -> View -> Java Runtime Parameters
File Export / Forms Attachments Functions
JRE 1.6.0_27 (6u27) adheres more strictly to Internet Explorer browser settings. Users may find that the File -> Export and Forms Attachments functions (for
example opening Word, *.rtf and Excel attachments) will not work after upgrading to this Plug-in version when running IE6, IE7 or IE8. Trying to run these
functions may cause a window to open briefly before closing again, the 'File Download' window will not open.
To fix this issue please set the following browser setting within IE under the appropriate security zone (using 'Trusted Sites' as an example):
Navigate to: Tools -> Internet Options -> Security -> Trusted Sites -> Custom level.
Set: Downloads -> Automatic prompting for file downloads to Enable
This setting no longer exists in IE9 therefore these functions will not be affected by this issue when running this browser release.
Forms Launch Issues
Forms Do Not Launch Running JRE 7.x
"FRM-92095: Oracle JInitiator version too low. Please install version 1.1.8.2 or higher."
The above error may be seen when trying to launch forms using the JRE 7.x client Plug-in. To fix this issue please ensure you have applied the JRE 7
pre-requisite Patch 14615390 or later as outlined in JRE 7 Minimum Patch Requirements.
After applying the patch regenerate your jar files through ADADMIN with the the force option on.
Forms will not Launch on Windows XP after upgrade to JRE 1.6.0_32 and Higher
Some customers running on Windows XP with only 'User' rather than 'Administrator' responsibility on the desktop client may find that forms will not
launch after upgrading to JRE 1.6.0_32 (6u32) or higher when running through Internet Explorer. The JRE version used by Internet Explorer is governed
by the sun_plugin_classid parameter in the $OA_HTML/bin/appsweb_<sid>_<host>.cfg file. This problem is due to the historical CLSID's not
filtering through to the Windows registry for non admin user accounts, for further information please see Bug 14370550 - Forms do not Launch for Non-
Admin Users after upgrade to JRE 6U32 and Higher.
Note: This issue is fixed for JRE 6 in JRE 1.6.0_51-b31 (6u51-b31) which is available through 'Patch 16916123 - Oracle JDK 6 Update 51 b31'.
This issue is also fixed in the base releases of:
JRE 1.6.0_60 (6u60) and higher.
JRE 1.7.0_40 (7u40) and higher.
If you cannot apply this update at this time or are running JRE 7 you can work around the issue with one of the following three options:
1. All our users run on the same JRE release
If all the users accessing Oracle E-Business Suite forms run on the same JRE version and need to run JRE 1.6.0_32 (6u32) or higher simply
upgrade the environment to the applicable release by following the standard upgrade steps as outlined in Section 3. Installation & Configuration
within this document.
2. Different Users run different JRE Releases across the JRE 6 Stream
If you have individual users running different versions of JRE releases from the JRE 6 stream (for example User A is running JRE 1.6.0_33 while
User B is running JRE 1.6.0_30) please update the appsweb.cfg file to use the JRE 6 family CLSID. When using this setting Oracle Forms-based
content will launch using the latest JRE Plug-in version found on the desktop providing it is from the JRE 1.6.x family stream or higher. Only if no
JRE 1.6.x or higher Plug-in version is found on the desktop will the user will be prompted to download the JRE version from the Oracle E-
Business Suite web server. Upgrading to a later JRE 1.6.x release must therefore be done from the desktop client.
2.1. Take a backup copy of the runtime appsweb.cfg file under $OA_HTML/bin/appsweb_<sid>_<host>.cfg before updating it
2.2. Find section "4a) Sun JDK Plugin Parameters" and replace the sun_plugin_classid parameter with the following value:
sun_plugin_classid=clsid:CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA
2.3. Save the file. (After this change is made users will pick up the new clsid when they next launch a new forms session.)
Note: This change will get overwritten if AutoConfig is run. To make the change more permanent please update the following
parameter in the AutoConfig file.
<sun_clsid oa_var="s_sun_clsid">CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA</sun_clsid>
For more information on updating through AutoConfig see Document 387859.1 titled, 'Using AutoConfig to Manage System
Configurations in Oracle E-Business Suite Release 12'.
3. Different Users run different JRE Releases from multiple JRE Streams
If you have individual users running different versions of JRE streams (for example User A still runs JRE 1.5.0_22 while User B is running JRE
1.6.0_33) or you simply want to allow users to run the latest JRE version on their desktop client, please update the appsweb.cfg file to use the
dynamic CLSID. When using this setting Oracle Forms-based content will launch using the highest JRE Plug-in version from the highest JRE
family stream found on the desktop. Only if no JRE Plug-in version is found on the desktop will the user will be prompted to download the JRE
version from the Oracle E-Business Suite web server. Upgrading to a later JRE 1.6.x release must therefore be done from the desktop client.
3.1. Take a backup copy of the runtime appsweb.cfg file under $OA_HTML/bin/appsweb_<sid>_<host>.cfg before updating it
3.2. Find section "4a) Sun JDK Plugin Parameters" and replace the sun_plugin_classid value as follows:
sun_plugin_classid=clsid:8AD9C840-044E-11D1-B3E9-00805F499D93
3.3. Save the file. (After this change is made users will pick up the new clsid when they next launch a new forms session)
Note: This change will get overwritten if AutoConfig is run. To make the change more permanent please update the following
parameter in the AutoConfig file.
<sun_clsid oa_var="s_sun_clsid">8AD9C840-044E-11D1-B3E9-00805F499D93</sun_clsid>
For more information on updating through AutoConfig see Document 387859.1 titled, 'Using AutoConfig to Manage System
Configurations in Oracle E-Business Suite Release 12'.
Forms Will Not Launch Using JRE 1.6.0_10 and Higher through PHP
Forms will not launch when using 'Personal Home Page' through Oracle E-Business Suite with JRE 1.6.0_10 and higher. 'Personal Home Page' is not
supported with Oracle E-Business Suite 11.5.10. To fix the issue please change the profile option 'Self Service Personal Home Page mode' to
'Framework Only'. For more information see Document 782315.1.
Forms Focus Issues
Please ensure you have applied the latest forms focus MLR patches as stipulated in Step 3. Apply Prerequisite Patches (Conditional) above. If you still see
forms focus problems please follow Document 760250.1 for further information on diagnosing and solving these issues.
Browser Window Opens Behind the Forms Window
Opening an html page from the forms navigator may cause the html window to open behind the navigator window when using Internet Explorer or
Firefox browsers.
Windows XP Users running Internet Explorer
This is fixed for Windows XP users running the default IE tab browser settings or using non tab browser settings in JRE 1.6.0_23 (6u23) and higher.
Windows 7 Users Running Internet Explorer
This is fixed for Windows Vista and Windows 7 users running the default IE tab browser settings or using non tab browser settings in JRE 1.6.0_27
(6u27).
Workarounds for Internet Explorer
If you are unable to upgrade the Java Plug-in at this time please try one of the following workarounds.
1. Alter the tabbed browser settings in IE7 or Higher
To workaround this issue when using IE7 or higher, select the following options in the browser;
'Tools' - 'Internet Options' -> 'General' -> 'Tabs' -> 'Settings' -> 'Enable Tabbed Browsing' -> 'Always switch to new
tabs when they are created'.
Also select either 'Let Internet Explorer decide how pop-ups should open' OR 'Always open pop-ups in a new tab' from;
'Tools' -> 'Internet Options' -> 'General' -> 'Tabs' -> 'Settings' -> 'Enable Tabbed Browsing' -> 'When a pop-up is
encountered:'
2. Alter the Registry Settings using TweakUI (XP Users)
The Microsoft power tool TweakUI is only available for Windows XP. Altering the registry settings as follows may resolve the issue for all
Internet Explorer versions (IE6, IE7 & IE8).
1. Download TweakUI Power Toy from the Microsoft link or other source
2. Install Tweak UI on the desktop
3. Select 'Start' -> 'Run' on the desktop and enter tweakui
4. In the Tweak UI window select 'General' -> 'Focus' and uncheck 'Prevent applications from stealing focus'
3. Turn off Next-Generation Java
Turning off next-generation java will workaround the issue for all Internet Explorer versions (IE6 and higher) when using the default browser
settings. This can be turned off as follows:
Control Panel -> Java -> Advanced -> Java Plug-in -> Enable the next-generation Java Plug-in (requires
browser restart)
Firefox Users
This issue is fixed for users running Firefox in JRE 1.6.0_30 (6u30) and higher by setting the following browser options:
Tools -> Options -> Content -> Enable JavaScript (checked)
Tools -> Options -> Content -> Enable JavaScript -> Advanced (button) -> Raise or lower windows (checked)
Tools -> Options -> Tabs -> Open new windows in a new tab instead (unchecked)
Type Ahead in Forms
If focus is moved out of the window, while a form is loading (for example if a message window pops up and takes the focus), any characters that were
typed before the form opened will not register in the form. Please see Bug 5607053 - Type Ahead does not work in J2SE when Interrupted by Cursor
out of Frame.
Forms Closure Issues
Internet Explorer "Close Window" Link - Modal Window
The webpage you are viewing is trying to close the tab, Do you want to close this tab?.
Using the "Close Window" link within an HTML page opened from the "Forms Navigator Menu" through Internet Explorer can cause the following modal
window to pop.
This requires the user to acknowledge they wish to close the form by clicking the 'Yes' button therefore creating an extra keystroke.
To fix this issue please upgrade to JRE 1.6.0_27 (6u27) or higher.
Forms Listener Socket Mode Issues
HTTPS Connect Mode
Using https for the forms communication layer requires the forms listener servlet architecture. For further information on using forms servlet, please
see Document 201340.1 titled, 'Using Forms Listener Servlet with Oracle Applications 11i'. In contrast, ConnectMode=HTTPS is not supported with the
JRE Native Plug-in with the Forms Listener (non-servlet listener) and will cause the following error:
java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
at oracle.forms.net.HTTPSStream.init(Unknown Source)
at oracle.forms.net.HTTPConnection.connect(Unknown Source)
at oracle.forms.engine.Runform.initConnection(Unknown Source)
at oracle.forms.engine.Runform.startRunform(Unknown Source)
at oracle.forms.engine.Main.createRunform(Unknown Source)
at oracle.forms.engine.Main.start(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Mismanaged Cookie Session Issue
Note: The fix for the Mismanaged Session Cookie Issue is included in the standard release of JRE 1.6.0_23 (6u23) and higher which is available through
the usual channels.
Update through the Java Update Mechanism
Users running either of the following two patched JRE releases cannot rely on the Java update mechanism to upgrade to the latest JRE release:
JRE 1.6.0_21 build 8 (6u21-b08) from Patch 10021403
The Java update mechanism is disabled within these releases and cannot be re-enabled through the 'Java Control Panel'. Users must therefore download
and install the latest JRE Plug-in from another source. After installing the latest JRE release the Java update mechanism will once again be enabled
allowing full functionality.
The Java update mechanism is fully functioning in the usual way for users running the JRE 6u22 patched release listed below:
Running any of the following functionalities using JRE 1.6.0_18 (6u18) through JRE 1.6.0_22 (6u22) in Internet Explorer 6 or 7 may result in a new login
page being rendered rather than the correct window or functionality thereby making the functionalities unusable:
'File -> Export' functionality
Opening attachments in forms
Opening an HTML form to a new window from forms.
Opening an Applet in a new window from forms
Trying to logon again after forms session timeout fails
To fix this issue it is recommended that users upgrade to JRE 1.6.0_23 (6u23) or higher. If you cannot upgrade at this time it is recommended to
remain on JRE 1.6.0_17 (6u17) or use one of the patched releases of the JRE 6u22, JRE 6u21 or JRE 6u20 streams of the Plug-in. These versions are
only available through the following patches:
JRE 1.6.0_22 build 3 (6u22-b03) through Patch 10189354
Note: If you are affected by this issue, do not download JRE 1.6.0_22, JRE 1.6.0_21 or JRE 1.6.0_20 through the usual channels or through the Java
Auto Update Mechanism as these releases do not contain this fix. The standard Java SE versions available are :
JRE 1.6.0_22 build 4 (6u22-b04)
JRE 1.6.0_21 build 6 (6u21-b06)
JRE 1.6.0_20 build 2 (6u20-b02)
Patch Installation Instructions for the Desktop
The patch can be downloaded and installed directly to a desktop as follows:
1. Download the required patch to your desktop
2. Extract the j2se160xx.exe (where xx = the version of JRE you are installing)
3. Run the executable to install the Plug-in
Distributing the Patched Releases of the JRE Plug-in to Users
If you wish to distribute a patched release of the JRE Plug-in as a download through Oracle E-Business Suite follow the standard JRE Plug-in upgrade
instructions in this document. If users are upgrading to a higher JRE release the Plugin will be downloaded and installed in the usual way as described
in this document.
If users have already installed the same Plug-in version number that does not include the fix from the usual download sources or through the 'Java Auto
Update' mechanism (32-bit JRE only), they will not be offered the Plug-in release for download from Oracle E-Business Suite until the current version is
uninstalled from the desktop. Using JRE 1.6.0_22 (JRE 6u22) as an example:
JRE 1.6.0_22 (JRE 6u22) Users
If you already have JRE 1.6.0_22 build 4 (JRE 6u22-b04) from the usual download site or through the Java Auto Update mechanism installed on your
desktop, uninstall it as follows:
Uninstall the existing JRE 6u21 Plug-in
1. Uninstall the Plug-in from your desktop (see Uninstalling a JRE Plug-in Version from your Desktop Client)
2. Install the new release on the desktop or download it through Oracle-E-Business Suite
Alternatively, if you download the JRE 6u22-b03 release from Patch 10189354 you can simply overwrite the existing version with the newer release as
follows:
Overwriting your Existing JRE6u22 Release
1. Run the patched j2se16022.exe on the desktop
2. A Java Setup window will open stating;
"This software has already been installed on your computer. Would you like to reinstall it?"
3. Click the "Yes" button
4. Continue with the installation
Workaround
To workaround the issue please disable next-generation java through the 'Java Control Panel' as follows:
Control Panel -> Java -> Advanced -> Java Plug-in -> Enable the next-generation Java Plug-in (requires browser
restart)
Note: Turning off next generation java can cause forms launch issues in certain very specific circumstances, see Forms Launch Issues for
further information. Running JRE 6u20-b02 may also prevent the file opening when running the 'File->Export' functionality. Please apply Patch
9915543 (JRE 6u20-b05) and turn next generation java on again to fix the problem.
NLS/MLS Issues
Chinese (Taiwan) Characters
Characters in any workflow diagram are incorrectly displayed when using 'Chinese (Taiwan)' locale settings on the desktop client, running JRE 1.6.0_17
(6u17) or JRE 1.6.0_18 (6u18). For further details please see Bug 9383553 - Fonts Incorrectly Displayed in Workflow Diagram Using JRE 6u18. This
issue is fixed in JRE 1.6.0_19 (6u19)
Accented Characters
If you need to use two or more keystrokes to input an accented character, please apply Patch 5526175. (This patch requires Developer 6i patch 18
(Forms 6.0.8.27)).
Multiple Language Display Support
By installing the Albany WT J fonts, the JRE Plug-in can render Chinese, Japanese or Korean characters on any Windows systems. However, it is
extremely important to have your Windows regional settings configured to use your primary language for the JRE Plug-in to render language dependent
characters in appropriate fonts.
Install Albany WT J Font
To obtain and install the Albany WT J font follow Document 240862.1.
Setting Primary Language on the Desktop Client.
Windows XP Users
To set your primary language on a Windows XP desktop client, go to Control Panel - Regional and Language Options. Make sure that your
primary language is chosen in the LOV within the 'Standards and Formats' section under the 'Regional Options' tab. Also make sure your primary
language is chosen in the LOV under the 'Language for non-Unicode programs' section under the 'Advanced' tab.
Windows Vista Users
To set your primary language on a Windows Vista desktop client, go to Control Panel > Regional and Language Options window. Select your
primary language from the 'current format' LOV under the 'Formats' tab. Also make sure your primary language is chosen as the 'Current
Language for non-Unicode programs' under the 'Administrative' tab.
Windows 7 Users
To set your primary language on a Windows 7 desktop client, go to Control Panel -> Region and Language -> Formats (tab). Select your
primary language the the 'Format:' drop down LOV. Also make sure your primary language is chosen as the 'Current Language for non-Unicode
programs' under the 'Administrative' tab.
Japanese Language Users
Japanese language customers should upgrade to Developer 6i Forms Patch 18 (6.0.8.27.x) or higher. Earlier versions of the Developer 6i Patch will
cause the longer prompts in forms to be cut short, which will impact the forms layout.
If you have your machine locale set to Japanese, you may find that the Underline for the 'Menu Access' key on the 'Button Label' is incorrectly placed by
one character to the right. This may also be seen in other places where English characters are used, for example in the Logon Dialog, LOV Search box
and Menus.
To work around this issue:
1. Make a backup of $OA_JAVA/oracle/forms/registry/Registry.dat
2. Change the existing line that reads:
'default.fontMap.defaultFontname=Dialog'
to:-
'default.fontMap.defaultFontname=dialog'
Japanese JIS X 0213:2004 Character Set
The Japanese 'JIS X 0213:2004 Character Set' is included in Windows Vista and is also available through a Microsoft package for Windows XP. This
character set has only partial character support with Oracle E-Business Suite. There is no support for the supplementary character set, while combining
characters is partially supported with the appropriate fonts. Currently, there is also no Oracle font support, however a solution to this issue is being
investigated and will be announced in due course.
Arabic Characters
When Arabic characters Alef and Lam are joined in the middle of a word, they appear incorrectly at runtime. This issue is fixed in JRE 1.5.0_17 and JRE
1.6.0_12 (6u12).
Security Warning Running JRE 6u19 and Later
"Java has discovered application components that could indicate a security concern"
JRE 6u19 and higher includes a new security setting parameter called, 'Mixed Code (sandboxed vs. trusted) security verification' which checks
for the use of mixed code (signed and unsigned) when running an application.
By default the following warning dialog window will display when running certain forms and functionalities in Oracle E-Business Suite.
This may occur when running certain forms or functionalities due to the associated (*.gif) files, for example:
Forms Attachments - (afmax950.gif)
Receivables Transactions form (ARXTWMAI) - (previewscreen_enabled.gif)
Telesales eBusiness Center form (ASTRCALL) - (meet.gif)
Maintenance Workbench form (EAMPLNWB) - (runforecast_enabled.gif)
Qualifier Setup form (QPXPRQFS) - (aftbar.gif)
Order Organizer form (OEXOEORD) - (contextflexfield_enabled.gif)
Work Orders Form (EAMWOMDF) - (bomphand.gif, bomcnct.gif)
Graphical Kanban Workbench (FLMKBNWB) - (flmphand.gif, flmcnct.gif)
Account Hierarchy Manager & Financial Dimensions Hierarchy Manager
To continue to the form or functionality click the 'No' button. After selecting this option the form or functionality will behave normally and the message will not
appear again for the remainder of that browser session.
For further information see the Mixing Signed and Unsigned Code webpage.
Patch fix
To fix these issues, apply Patch 17401744 (which includes fndjar.dep version 115.307) or later.
Account Hierarchy Manager & Financial Dimensions Hierarchy Manager
To fix this issue for Account Hierarchy Manager (AHM) & Financial Dimensions Hierarchy Manager (FDHM) you can download a signed jbodatum111.jar
file through Patch 17391300.
Alternatively you can sign jbodatum111.jar using jarsigner. For full details on using jarsigner please see 'The Java Tutorials', Signing Jar Files.
Note: If you have applied the enhanced jar signing AD Patch 17191279 see Appendix C: Jar File Manifest Updates and Jar File Signing in Document
1591073.1 titled, 'Enhanced Jar Signing for Oracle E-Business Suite' for information on signing a single jar file.
If you have not yet applied the enhanced jar signing AD Patch 17191279 you may use the following steps to sign jbodatium111.jar.
To sign the jar file you will require the following four values: <keystore location>, <keystore password>, <key password>, <digital
signature alias>
These can be obtained by running the following commands:
1. $ cat $APPL_TOP/admin/adsign.txt
This should return three values: <digital signature alias> <certificate number> <signature entry name>
e.g. ap123s01_abc45678 1 XXXX
2. $ adprmkey keyinfo.txt
3. $ cat keyinfo.txt
This should return three values: <keystore location> <key password> <key store password>
e.g. $ /d01/oracle/115102/apps/ap123s01appl/admin/adkeystore.dat keypass kspass
The basic form of the command for signing a JAR file is
jarsigner <jar-file> <alias>
Where:
jar-file = pathname of the JAR file that's to be signed.
alias = the alias identifying the private key that's to be used to sign the JAR file, and the key's associated certificate.
To sign jbodatum111.jar run the following command and enter the appropriate passwords when asked:
$ jarsigner -keystore <keystore location> -storepass $JAVA_TOP/jbodatum111.jar <digital signature alias>
For example:
$ jarsigner -keystore /d01/oracle/115102/apps/ap123s01appl/admin/adkeystore.dat -storepass
$JAVA_TOP/jbodatum111.jar ap123s01_abc45678
$ Enter Passphrase for keystore: kspass
$ Enter key password for ap605s01_rws3510786: keypass
Overwrite and remove the $APPL_TOP/admin/keyinfo.txt file
$ cd $APPL_TOP/admin
$ dd bs=2048 count=1 if=/dev/urandom of=keyinfo.txt
$ rm keyinfo.txt
Alternatively please use one of the workarounds outlined below.
Workarounds
If you are unable to apply the fix at this time or a fix is not yet available, one of the following workarounds can be used to prevent the activation of the
warning window and allow the affected functionalities to work normally:
Java Control Panel
Select the following option in the 'Java Control Panel' from the desktop client;
Start -> Control Panel -> Java (icon) -> Advanced -> Security -> Mixed Code (sandboxed vs. trusted) security
verification
Check the option 'Enable - hide warning and run with protections'
Click the 'OK' button
deployment.properties File
Add the following entry to the deployment.properties file on the desktop client;
deployment.security.mixcode=HIDE_RUN
For information on updating the deployment.properties file, please reference the Deployment Configuration File and Properties document.
SSL Issues
SSL Enabled Webcache Environments
If you are connecting to an SSL enabled Webcache instance using JRE 1.6.0_xx please ensure the following parameter is checked in the 'Java Control
Panel' on the desktop client';
Control Panel -> Java -> Advanced (tab)-> Use SSL 2.0 compatible ClientHello format
JRE 6 is not truly SSL 2.0 compatible TLS 1.0 clients that support SSL Version 2.0 servers must send SSL Version 2.0 client hello messages. TLS
servers should accept client hello format if they wish to support SSL 2.0 clients on the same connection port.
Without this parameter checked, forms will not launch and the following error will appear in the java console;
load: class oracle/apps/fnd/formsClient/FormsLauncher.class not found.
java.lang.ClassNotFoundException:
oracle.apps.fnd.formsClient.FormsLauncher.class
(etc)...
Caused by: javax.net.ssl.SSLException: Received fatal alert:
unexpected_message at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
(etc)...
Other Issues
Font Display
Font metrics were incorrect in JDK 1.1.8.x (JInitiator 1.1.8.x) and changed in JDK 1.3.1.x (JInitiator 1.3.1.x) and higher. Logical fonts are bigger when
running the JRE native Plug-in compared to JInitiator 1.1.8.x, this is intentional behavior. For further information see Bug 9466829 - Font Size Changed
after Upgrading to Sun JRE.
Printing Forms
Forms will default to a 'Portrait' orientation when printing from Oracle E-Business Suite ignoring the print orientation settings from the desktop. To print
in 'Landscape' will require the setting to be altered at runtime each time you print a form. For forms to print using the desktop default setting please
apply Patch 8485936.
Note: This patch is also included in the forms focus Patch 14009893 and later.
TCF Connections
System administrators should apply Patch 4469342 to their Oracle E-Business Suite environments to allow connection through TCF when using JRE
Native Plug-in.
Product Specific Issues
Oracle Applications Framework Navigator Page
ABM Users
Account Hierarchy Manager Users
Discoverer Users
Financial Dimension Hierarchy Manager Users
Rendering Issues
Scripting Issues
Sourcing - Auction Monitor
Windows Vista and Windows 7 Users
Oracle Applications Framework Navigator Page
If you are using Oracle Applications 11.5.10 CU1 or earlier, you must apply Patch 4517707. This patch will fix serious performance issues on subsequent
'Oracle Forms' launches from the Framework Navigator.
Oracle Applications 11.5.10 CU2 and higher users do not need to apply this fix.
ABM Users
ABM users must apply ABM G.5 Patch 4912215 or later.
Account Hierarchy Manager Users
Account Hierarchy Manager users must use the Thin Client Framework (tcf) connection method when using JRE, by applying Patch 4994984.
Discoverer Users
Discoverer with JRE 1.7.0_xx
Discoverer users running JRE 1.7.10 or higher must upgrade to OracleBI Discoverer (11g) 11.1.1.6 or higher.
Discoverer (11g) 11.1.1.6 users must apply Patch 13877486. (Also see Document 233047.1 titled, 'How To Find Oracle BI Discoverer 10g and
11g Certification Information').
Discoverer with JRE 1.6.0_xx
Discoverer users running JRE 1.6.0_03 or higher must upgrade to OracleBI Discoverer 10.1.2.2 CP6 or higher.
JVM Shared, not allowed to set security manager
Discoverer may display the following error when trying to launch from another application or a managed link URL:
SecurityException:
JVM Shared, not allowed to set security manager
To fix this issue please apply the following patch as applicable to your Discoverer release:
Oracle BI Discoverer (11g) 11.1.1.7 Users - Patch 17303613
Oracle BI Discoverer (11g) 11.1.1.6 Users - Patch 17319353
RMI Protocol over JRMP transport: Session has timed out (JRE 1.6.0_23 or lower)
Trying to launch Discoverer Plus from Oracle E-Business Suite may cause the following error:
RMI Protocol over http transport: Session has timed out. Either the session has timed out,
or there is a problem maintaining http session ids between browser and web server. Please log in again.
If the problem persists, please contact your Oracle Application Server administrator.
To fix this issue please upgrade to JRE 1.6.0_24 or higher.
For further information please see Document 1302302.1.
Financial Dimension Hierarchy Manager Users
Financial Intelligence users with 'E-Business Intelligence Family Pack 11i.BIS_PF.D.1 (DBI 7.0.1, Patch 4054609) or earlier, must also apply the 'FDHM on Thin
Client Framework (TCF) - ROLLUP 1' Patch 4534669 or later.
Financial Intelligence users with 'E-Business Intelligence Family Pack 11i.BIS_PF.E (DBI 7.1, Patch 4143498) or later, must apply 'FDHM on Thin Client
Framework (TCF) with Sort Order - ROLLUP 1' Patch 4534531 or later.
Rendering Issues
Users may see issues such as Frame and Scroll bar shake and the incorrect rendering of drop down LOV's (Scripting Bug 6203589 - Scripting Drop Down
(LOV) Objects not Rendering Properly with Sun J2SE Plug-in). These problems will cause an error in the Java Console window starting, (See bugs for full error
message);
Exception in thread "AWT-EventQueue-2" java.lang.NullPointerException
at oracle.bali.ewt.olaf.OracleScrollPaneUI.update(Unknown Source)
at javax.swing.JComponent.paintComponent(Unknown Source)
at javax.swing.JComponent.paint(Unknown Source)
etc...
To fix this issue, please apply JEWT Patch 5261689 - Rehost JEWT V4.1.12 for Apps 11i.
Scripting Issues
Due to certain jar files not being cached, scripting users may notice poor performance when running a script. To fix this issue please apply Patch 8400346 by
following its readme.
Sourcing - Auction Monitor
After applying Sourcing 11.5.10 RUP3 (patch 6505173), Auction Monitor will not launch through JRE and will only launch using JInitiator 1.3.1.21. This issue is
fixed in Oracle Procurement Family 11.5.10 Rollup Patch 12, (Patch 8791241).
Windows Vista and Windows 7 Users
JRE Cache Directory
When running Windows Vista, Windows 7 or Windows 8 the JRE cache directory can no longer be changed through the Java Control Panel. The Change
button is disabled under 'Java Control Panel' -> 'General' (tab) -> 'Settings' -> 'Location'. The default cache is set to a low-integrity
directory under the users home:
%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\cache
Users wishing to change the cache location must do so through the deployment.properties file:
%USERPROFILE%\AppData\Sun\Java\Deployment\deployment.properties
For information on updating the deployment.properties file, please reference the Deployment Configuration File and Properties document.
Note: If the cache directory is changed to a non low-integrity directory, 'Protected Mode' must be turned off within Internet Explorer at runtime to
allow the initial download of new or updated jar files into that cache directory. With 'Protected Mode' turned on, users may get a class not found
error in the java console which stops the application from launching. Once all the files are loaded into the cache, the application will launch
correctly with 'Protected Mode' turned on. 'Protected Mode' is set through the the appropriate browser security zone in 'Tools' - 'Internet Options' -
'Security' (tab) - 'Trusted Sites' - 'Enable Protected Mode'. (Trusted Sites is the recommended security zone for use with Oracle E-Business Suite).
Appendices
Appendix A: Information for JRE 64-bit Users
Appendix B: Static vs Non-Static Versioning and Set Up Options
Appendix C: Desktop Client Information
Appendix D: Reference Information
Appendix A: Information for JRE 64-bit Users
Running 32-bit and 64-bit JRE from the same Desktop
The information in this section is applicable to users running both 32-bit and 64-bit IE8 or IE9 browsers from the same desktop client.
The 32-bit and 64-bit stacks (Internet Explorer Browser and JRE plug-in) will run independently from their individual homes on the same Windows 7 (64-bit)
desktop client. Running through separate browsers in this way can therefore allow access to Oracle E-Business Suite using two different JRE plug-in versions
from the same or different JRE Plug-in streams. In certain circumstances this also allows access to the same Oracle E-Business Suite environment
simultaneously from the same desktop using different JRE plug-in versions. See Adding Additional JRE Plug-in Versions in EBS.
For example:
Oracle E-Business Suite (EBS) is set to run JRE 1.6.0_30 or lower by default on the web server and a user has both JRE 1.6.0_32 (64-bit) and JRE
1.6.0_30 (32-bit) installed on their Windows 7 (64-bit) Desktop client.
If Internet Explorer (32-bit) is used to run EBS forms will open using JRE 1.6.0_32 (32-bit)
If Internet Explorer (64-bit) is used to run EBS forms will open using JRE 1.6.0_30 (64-bit)
Java Control Panel
The 64-bit version of JRE does not include the Java Auto Update mechanism that is available in the 32-bit version of the Plug-in. Therefore the 64-bit 'Java
Control Panel' does not include an 'Update' tab.
If both the 32-bit and 64-bit JRE versions are installed on the desktop the 64-bit 'Java Control Panel' will default as the viewable version under ' Control Panel':
Control Panel -> Java (icon)
You can view the 32-bit version of the 'Java Control Panel' by running 'javacpl.exe' from the JRE installation directory, for example:
C:\Program Files (x86)\Java\jre6\bin\javacpl.exe
Appendix B: Static vs Non-Static Versioning and Set Up Options
This section provides information regarding the historical use of 'Static Versioning' and the current 'Non-Static Versioning' models and set up options for
Oracle E-Business Suite users.
Overview
Static Versioning (Historical information)
Non-Static Versioning
Set Up Options
Java Auto Update Mechanism (32-bit JRE)
Multiple Client Java Plug-in Versions
Adding Additional Plug-in Versions in EBS
Overview
Static Versioning (Historical information)
Static versioning denotes the behavior by which a specific version of the Java Plug-in must be used to access an application regardless of whether
later JRE Plug-in versions were also installed on the desktop client. This was the default behaviour when accessing Oracle E-Business Suite through
Oracle JInitiator. This behavior could also be maintained using classic JRE Plug-in releases (JRE 1.6.0_07 and lower) through registry changes on the
desktop which ceased with the introduction of next-generation Java (JRE 1.6.0_10 and higher). With static versioning Oracle E-Business Suite would use
a specific Plug-in version meaning users could only access the instance if using that particular Plug-in version.
Advantages
The web server retains control of the Plug-in version used by all users to access Oracle E-Business Suite.
Disadvantages
Taking advantage of the latest (and therefore most secure) Plug-in release requires the web server to be updated with the new Plug-in
information before it can be rolled out to the users.
Retaining this model requires updates to every desktop client (Unless using the next-generation Java Plug-in technology which then
causes extra modal windows to open).
It's an outdated concept that goes against the recommendation to use non-static versioning and push Java Plug-in version control to the
desktop client.
Non-Static Versioning
Non-Static versioning denotes the behavior by which the latest (and therefore the most secure) Java Plug-in version installed on the desktop client is
used to access an application. With this model the Plug-in version set on the web server is the minimum version that can be used to run a forms-based
(professional user interface) responsibility from the desktop client. If multiple versions equal to or greater than the version specified are installed on the
desktop client the preference will be to connect using latest available version.
Note: Non-static versioning shifts the emphasis of which Plug-in version is used onto the desktop client rather than the version specified on the
web server.
Using the Next Generation Java Plug-in Technology
With JRE 1.6.0_10 or higher installed on the desktop client, next generation Java Plug-in technology will be enabled by default. The
emphasis of Plug-in version selection and maintenance is shifted towards the desktop client.
JRE 1.6.0_10 and higher uses patch-in-place 'Family JRE' mode by default when installing higher releases of the Plug-in (By default
installation is in "C:\Program Files\Java\jre6"). This means that the new install will patch into the same directory used by the old release,
overwriting it. To maintain multiple versions with these releases requires install using 'static' mode' (User must change the directory path
when installing e.g. "C:\program Files\Java\jre1.6.0_32").
Advantages
The web server does not require updating for each new Plug-in release.
It is a simple solution for users to run the latest and most secure Plug-in release.
This adheres to the recommendation of using non-static versioning and pushing Java Plug-in version control to the desktop client.
Disadvantages
It is harder to prevent the use of particular Plug-in versions.
Set Up options
Java Auto Update Mechanism (32-bit JRE)
By default the 'Java Auto Update mechanism' is enabled in the 'Java Control Panel' when a 32-bit JRE Plug-in is installed on the desktop client. With this
enabled users may be automatically upgraded to a later JRE version on their desktop client.
Note: Turning this feature off will not prevent the possibility of an admin user downloading a higher Plug-in version from another source, for
example another application or web page Installing another Plug-in version in this way can re-enable the default automatic update behavior.
Note: The Java Auto Update mechanism is not included in the 64-bit version of the JRE Plug-in.
Disabling Java Auto Update
JRE Releases with Auto Update Off
Customers that wish to control when their users are upgrade to the latest JRE release may use special versions of the JRE Plug-in that have the Java
Auto Update mechanism turned off. JRE Plug-in releases with Auto Update turned off can only be downloaded through My Oracle Support. To get the
patch number for the JRE version required please see Document 1439822.1, titled 'All Java SE Downloads on MOS' and look for patches named 'Oracle
JRE X Update XX with Auto Update Off' e.g. 'Oracle JRE 7 Update 25 with Auto Update Off'.
Auto Update is turned off by default on all builds of JRE 1.6.0_60 (6u60) and higher.
Standard JRE Releases
To prevent the automatic update of higher JRE Plug-in versions this feature may also be disabled when using a standard JRE release with one of the
options below:
Option 1: From the 'Java Control Panel'
From the 'Start Menu', select 'Control Panel'
Double click the 'Java' icon
Select the 'Update' tab
Uncheck the 'Check for Updates Automatically' box
Click the 'Never Check' button on the 'Java Update -Warning' pop up window
Click 'OK' to close the 'Java Control Panel'
Option 2: Through the Registry
Set all the following keys to 0:
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\EnableJavaUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\NotifyDownload
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\NotifyInstall
If required you may also delete the following key to stop the 'jusched.exe' program launching on start up which will remove the 'update'
tab from the the java control panel. (This is put back if you later install JRE):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
Before editing the Microsoft Windows registry, users are strongly advised to review Windows registry information for advanced users (Microsoft
Knowledge Base Article 256986).
Multiple Client Java Plug-in Versions
This section provides an overview of the coexistence of multiple JRE Plug-in versions installed on a single desktop client for use through Internet
Explorer.
Firefox Browser: If using a Firefox browser it is not possible to run multiple JRE versions simultaneously from the same desktop client.
These browsers use a single cookie session which restricts usage to a single Java version per desktop client at a time. To access
environments using different JRE versions from the same desktop client, the previous browser session must be completely closed down and
a new one started before running another JRE version. You may still access the same Oracle E-Business Suite environment simultaneously
using different JRE versions, but only by using separate desktop clients. Each desktop client would use a specific JRE version.
Coexistence of JRE 7 and JRE 6 on the Desktop Client
In the correct circumstances JRE 7 and JRE 6 can seamlessly coexist on the same desktop client and allow connection to the same or multiple Oracle E-
Business Suite environments using one plug-in or the other. This can be useful for testing purposes and connection to multiple Oracle E-Business Suite
environments that may be calling different Plug-in streams. It may also possible to connect to the same environment using different Plug-in streams see
Adding Additional JRE Plug-in Versions in EBS.
Security Baseline
The 'Java Security Baseline' function is applicable when both JRE 6 and JRE 7 versions are installed on the desktop client and the web server is calling a
JRE 6 version.
Note: Running both JRE 7 and JRE 6 from the same desktop requires the latest available JRE 7 CPU release with the equivalent JRE 6 baseline or
JRE 6 baseline (-1)
When a JRE version is specified on the web server the Java Plug-in software looks for the latest release of that family that is currently installed. The
Java Plug-in software prefers a release that is equal to or later than the security baseline or security baseline minus one for that JRE family.
The security baseline for JRE 7 and JRE 6 is as follows:
JRE 7 Version JRE 6 Security Baseline
1.7.0_51 1.6.0_71
1.7.0_45 1.6.0_65
1.7.0_40 1.6.0_51
1.7.0_25 1.6.0_51
1.7.0_21 1.6.0_45
1.7.0_17 1.6.0_43
1.7.0_15 1.6.0_41
1.7.0_13 1.6.0_39
1.7.0_11 1.6.0_37
1.7.0_10 1.6.0_37
The security baselines for each JRE version are stated in the Update Release Notes.
Note: Java Security (CPU) releases are denoted by the point release being an odd number e.g. 1.7.0_51, 1.6.0_71
Examples:
Running JRE 7 and JRE 6 Baseline from the Same Desktop Client
If JRE 1.7.0_51 and JRE 1.6.0_71 (baseline) are installed on the desktop client and JRE 1.6.0_71 is called from the web server forms will open
seamlessly using JRE 1.6.0_711 on top of JRE 1.7.0_51. This will display in the Java Console as:
Running JRE 7 and JRE 6 Baseline 'Minus One' from the Same Desktop Client
If JRE 1.7.0_51 and JRE 1.6.0_65 (baseline -1) are installed on the desktop client and JRE 1.6.0_65 is called from the web server forms will open
seamlessly using JRE 1.6.0_65 on top of JRE 1.7.0_51. This will display in the Java Console as:
Running Two JRE 7 versions from the Same Desktop Client
Running two Plug-in releases from the same family will also work in a similar way. If JRE 1.7.0_51 and JRE 1.7.0_45 (baseline -1) are installed on the
desktop client and JRE 1.7.0_45 is called from the web server forms will open seamlessly using JRE 1.7.0_45 on top of JRE 1.7.0_51
Running JRE 7 and JRE 6 Baseline 'Minus Two' or Earlier from the Same Desktop Client
If JRE 1.7.0_25 and JRE 1.6.0_43 (baseline -2) are installed on the desktop client and you are using a 'High' (default) or 'Very High' Java security setting
you will be presented with a modal warning window, "Warning - Unavailable Version of Java Requested."
Selecting 'Run with the latest version' will cause forms to launch using JRE 1.7.0_25.
Selecting 'Cancel' will prevent forms from launching.
You can prevent this window appearing by upgrading your web server to JRE 7 or the JRE 6 Security Baseline version or higher.
Running two Plug-in releases from the same family will also work in a similar way. If JRE 1.7.0_25 and JRE 1.7.0_17 (baseline -2) are installed on the
desktop client and you are using a 'High' (default) or 'Very High' Java security setting the "Warning - Unavailable Version of Java Requested" window
will open. In this example you can prevent this window from appearing by upgrading your web server to the security baseline version 'Minus One' or
higher.
An Application would like access to an out-of-date version of Java
If you have JRE 1.7.0_21 or higher installed on your desktop with Java security set at 'Medium' (Not Recommended) or have JRE 1.7.0_17 or earlier
installed on your desktop running with their default Java security settings the following security warning may display:
Selecting 'Run with the latest version on your system...' will cause forms to launch using JRE 1.7.0_25.
Selecting 'Allow this application to run with the requested version...' will launch using JRE 1.6.0_43 on top of JRE 1.7.0_25.
The choice made by the user in response to this security message is stored in the Java cache. Choosing which version to use is therefore remembered
when accessing the environment in future and the warning will not pop again. If you wish to change your choice and run using the other the version to
access the environment you can make this message pop again as below:
JRE 1.7.0_40 and Earlier
If running JRE 1.7.0_40 or earlier you can restore the security certificates by clearing the 'Installed Applications and Applets' in the Java Cache:
Java Control Panel -> General (tab) -> Settings (button) -> Delete Files (button) -> (Select) Installed Applications
and Applets -> OK (button)
JRE 1.7.0_45 and Later
If running JRE 1.7.0_45 or later you can restore the security certificates by selecting the 'Restore Security Prompts' button:
Java Control Panel -> Security (tab) -> Restore Security Prompts (button) -> Restore All (button)
Note: Running two JRE Plug-in versions from the same desktop client can be managed seamlessly by using IE8 or IE9 32-bit and 64-bit browser as
outlined in Appendix A: Information for JRE 64-bit Users.
Adding Additional JRE Plug-in Versions in EBS
It is recommended that only one JRE version is used to access a single Oracle E-Business Suite instance
There may be occasions where it is desirable to test and compare changes in functionality or security across different Plug-in versions in a test system.
Users may access the same Oracle E-Business Suite instance from the same desktop client using different JRE client Plug-in versions in the following
ways.
The txkSetPlugin script outlined in Step 4. Apply the Interoperability Patch section above, is only run for the version of JRE that you wish to have as your
default Plug-in.To add additional JRE versions to be run against the same environment follow the steps below.
Adding a JRE Version
Using JRE 1.6.0_39 as an example.
1. Copy the j2se16039.exe file to your $OA_HTML directory to allow user download of the Plug-in at runtime. (The sun_plugin_url parameter
below denotes the Plug-in file name and download directory).
2. Take a backup copy of your original $FND_TOP/admin/template/appsweb.cfg file.
3. Add the following information under [myExtensions] at the bottom of your $FND_TOP/admin/template/appsweb.cfg file.
(substitute the environment values as appropriate to your own environment. The connectMode and serverPort settings can be copied
from your 'appsweb' file as required.)
Socket Example:
[J16039]
connectMode=socket
serverPort=9000
sun_plugin_classid=clsid:CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA
sun_plugin_version=1.6.0_39
sun_plugin_url=http://ap123.us.oracle.com:8000/OA_HTML/j2se16039.exe
sun_plugin_mimetype=application/x-java-applet
sun_plugin_legacy_lifecycle=false
plugin=jdk
;
4. Enter the forms URL against the ICX: Forms Launcher profile at user level for the appropriate E-Business Suite user. (If required, you may
set up a new user through the System Administrator Responsibility for this). In this example, logging in as this user will cause JRE 1.6.0_39 to
be used as the Plug-in instead of the default version providing JRE 1.6.0_39 is the highest available version of JRE available on that particular
desktop client.
The name you used in the update above under step 3, ie [J16039] must be referenced as the 'config' parameter like the example below:
http://ap123.us.oracle.com:8000/dev60cgi/f60cgi?config=J16039
5. Run autoconfig to filter the changes through to the runtime version of appsweb.cfg.
Appendix C: Desktop Client Information
Accessing Oracle E-Business Suite from a Desktop Client
Administrator privileges are required for installing all JRE Plug-in versions on the desktop client.
IE Browser Settings for User Download of the Java Plug-in (oaj2se.exe)
Oracle recommends that customers running Oracle E-Business Suite through a Microsoft Internet Explorer (IE) browser should use a 'Medium' security
setting through the 'Trusted Sites' zone in the browser at runtime. Further information on browser settings are available from Document 285218.1
titled, 'Recommended Browsers for Oracle E-Business Suite 11i'.
If the appropriate Plug-in or higher is not already installed on the desktop client, you should be prompted to download it when trying to connect to a
'forms link' through an Oracle E-Business Suite forms-based (professional user interface) responsibility.
Note: The oaj2se.exe can usually be downloaded manually by adding '/OA_HTML/oaj2se.exe' to the base url of the environment. For
example; if the base url of the environment was 'https://ap123atg.us.oracle.com:4443', you could run
'https://ap123atg.us.oracle.com:4443/OA_HTML/oaj2se.exe'.
With a medium security setting, after clicking on a 'forms link', a message similar to the following should appear at the top of the browser window;
JRE 6 Users
'The website wants to install the following add-on: 'Java(TM) Runtime Environment 6.0 Update 38' from 'Sun
Microsystems, Inc.'. If you trust this website and the add-on and want to install it, click here...'
JRE 7 Users
'The website wants to install the following add-on: 'Java SE Runtime Environment 7.0 Update 10' from 'Oracle America,
Inc.'. If you trust this website and the add-on and want to install it, click here...'
If you see this message, follow the steps below to install the Plug-in:
1. Click on the message above and select 'Install ActiveX Control...'
2. Once the browser has stopped processing, click on the 'forms link' again, and the oaj2se.exe file should start to download
3. Once the download has completed, a security warning pop-up window will ask, 'Do you want to install this software?'
4. Click on the 'Install' button and follow the on screen instructions
Alternatively, you can avoid this message by temporarily altering the security settings for the initial install, using one of the two methods below. Once
the Plug-in has been installed on the desktop client, the browser security settings should be reset to 'medium'.
Method A: Change Security Setting to Medium-low
1. Select 'Tools' -> 'Internet Options -> 'Security' (Tab)' from the browser menu.
2. Select 'Trusted Sites' -> 'Custom Level' (button)
3. From the 'Reset custom settings' drop down select 'Medium-low'
4. Click the 'Reset...' button and accept the changes.
5. Press the 'OK' buttons on the 'Security Settings' and 'Internet Options' windows.
6. Close the browser and start a new browser session for the settings to take effect.
7. After launching Oracle E-Business Suite and downloading the oaj2se.exe file onto your desktop client, please reset the security setting
back to 'Medium'.
Method B: Change Individual Parameter Settings
1. Select 'Tools' -> 'Internet Options -> 'Security' (Tab)' from the browser menu.
2. Select 'Trusted Sites' -> 'Custom Level' (button)
3. Under 'Settings' -> 'ActiveX controls and Plug-ins'
4. Change 'Automatic prompting for ActiveX controls' to 'Enable'
5. Change 'Download unsigned ActiveX controls' to 'Prompt'
6. Click the 'OK' button and accept the changes and click the 'OK' buttons to close the window
7. Close the browser and start a new browser session for the settings to take effect.
8. After launching Oracle E-Business Suite and downloading the oaj2se.exe file onto your desktop client, please reset
'Automatic prompting for ActiveX controls' to 'Disable' and
'Download unsigned ActiveX controls' to 'Disable.
Connecting to an Oracle E-Business Suite Instance for the First Time
"The application's digital certificate cannot be verified. Do you want to run the application?"
If accessing Oracle E-Business Suite using a Forms-based (Professional user interface) responsibility where the Java certificate for the environment you
are accessing has not previously been installed into the Java certificate store, the following warning window will display:
JRE 7 Users
JRE 7u40 and Higher Users
To further enhance Java security the option to install the certificate into the Java certificate store and remember the decision for future logins has been
removed in JRE 1.7.0_40 (7u40) and higher when using self-signed certificates. This warning message will therefore appear each time you start a new
session if using self-signed certificates.
Click the 'Run' button to open the form.
To prevent this security window popping it is strongly recommended that you sign all your jars with a trusted certificate authority (CA). For further
information see Document 1501073.1. Alternatively you may also suppress this message by using the methods below:
1. End Users running JRE 1.7.0_51 (7u51) can utilize the 'Exception Site List' feature which allows you to whitelist applications that can be run
outside the usual security requirements from your desktop. For further information on this feature see the Java SE Exception Site List document.
2. System Administrators can create a Deployment Rule Set which allows you to whitelist applications that can be run outside the usual security
requirements. The DeploymentRuleSet.jar file must also be signed by a trusted certificate authority (CA).
Signing can be done using either an official CA (such as Verisign, Thawte etc.) that may already trusted by default in web browsers and Java
installations, or an in-house CA.
For further information on Jar signing requirements and utilizing the Deployment Rule Set feature in EBS, see Document 1591073.1 titled, 'Enhanced
JAR File Signing for Oracle E-Business Suite'
JRE 7u21 and Lower Users
If accessing Oracle E-Business Suite using a Forms-based (Professional user interface) responsibility where the Java certificate for the environment you
are accessing has not previously been installed into the Java certificate store, the following, or similar, security warning window will display:
Check the 'I accept the risk and want to run this application' box to verify you trust the certificate.
Click the 'Hide Options' button and check 'Do not show this again for apps from the publisher and location above'.
Once the certificate has been successfully installed, this message will not appear again when accessing this environment from your desktop
client.
JRE 6 Users
JRE 6u60 and Lower Users
Check 'Always trust content from this publisher' to verify you trust the certificate.
Once the certificate has been successfully installed, this message will not appear again when accessing this environment from your desktop
client.
JRE 6u65 and Higher Users
To further enhance Java security the option to install the certificate into the Java certificate store and remember the decision for future logins when
using self-signed certificates has been removed in JRE 1.6.0_65 (6u65) and higher. This warning message will therefore appear each time you start a
new session if using self-signed certificates. To prevent this message appearing sign your jar files using a trusted CA by following Document
1591073.1.
Note: If you are using a self-signed certificate for jar signing the Publisher will display as UNKNOWN in the Java 'Warning - Security' window as shown
above. This is an intended change in behavior to avoid misrepresentation and spoofing attacks. Trusted signing authorities will continue to display the
publisher name as in previous JRE Plug-in releases.
Return to Step 5.3 (if required).
Return to Section 5. Known Issues
Uninstalling a JRE Plug-in Version from your Desktop Client
Windows XP
To uninstall a JRE Plug-in version from your desktop client:
1. From the Windows 'Control Panel', click on 'Add or Remove Programs'.
2. Select the appropriate version of 'Java 2 Runtime Environment' and click 'Remove'.
3. Select the appropriate options in the dialogs which follow.
Windows Vista and Windows 7
To uninstall a JRE Plug-in version from your desktop client:
1. From the Windows 'Control Panel' click on 'Programs and Features'.
2. Select the appropriate version of 'J2SE Runtime Environment' and click the 'Uninstall' button.
3. Select the appropriate options in the dialogs which follow. (An administrator's password is required for this).
Reverting to a Previous JRE Plug-in Version
If you wish to revert back to previously installed version of JRE to be used in your Application, please re-install the required version by re-running the
txkSetPlugin script with the appropriate parameters. Details on running this script are explained above, in Step 4.2.2 for Unix Users and Step 4.3.2 for
Windows Users. This will automatically overwrite the JRE parameters in the configuration files.
Appendix D: Reference Information
Multiple Instances/Sharing Digital Certificate
If you have multiple instances, you can share the same digital certificate across all of them by following the steps below:
1. Back up the files listed below on the target instance.
2. Copy the files from your master environment into the same directories on your target instance.
3. Regenerate the jar files on the target instance using the 'force' option through adadmin.
$APPL_TOP/admin/adsign.txt
$APPL_TOP/admin/adkeystore.dat
$APPL_TOP/admin/appltop.cer
JRE Tracing options
JRE native Plug-in has the following levels of tracing available;
0 - off
1 - basic
2 - network and basic
3 - security, network and basic
4 - extension, security, network and basic
5 - LiveConnect, extension, security, network and basic
The trace level can be enabled by entering the appropriate number key for the tracing level required in the java console window once it has launched. This
can however be problematic as the speed of the jar download may mean that the initial information is not captured. You may enable the required trace level
before start up by updating the 'Java Runtime Parameters' in the 'Java Control Panel':
1. Open the Java Plug-in Control Panel on your desktop through: Start -> Settings -> Control Panel -> Java
2. Ensure Advanced (tab) -> Java Console -> Show Console is checked
3. Ensure Advanced (tab) -> Debugging -> Enable tracing is checked
4. Enter the required tracing level under Advanced (tab) -> Java Runtime Parameters (Using tracing level 5 as an example):
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|cache|security|ext|liveconnect|temp
The Java Console output can also be written to a log file by enabling logging in the 'Java Control Panel':
1. Open the Java Plug-in Control Panel on your desktop through: Start -> Settings -> Control Panel -> Java
2. Ensure Advanced (tab) -> Debugging -> Enable logging is checked
The log file will be written to the <User Application Data Folder>\Sun\Java\Deployment\log folder which by default is located in the following
directories:
Windows XP
%USERPROFILE%\Application Data\Sun\Java\Deployment\log
Windows Vista, 7 and 8
%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\log
Please see the Tracing and Logging page for further information.
JRE Parameter Settings
JRE Version sun_classid sun_ver_name sun_mimetype*
jversion
Parameter
1.7.0_51 clsid:CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA Version=1.7.0_51 application/x-java-applet 17051
1.7.0_10
clsid:CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA Version=1.7.0_10 application/x-java-applet 17010
1.6.0_07 clsid:CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA Version=1.6.0_07 application/x-java-applet;jpi-version=1.6.0_07 16007
* sun mimetype: If Patch 7567782 - 'JPI-Version Parameter not Supported in JRE 6u10 for EBS 11I' has been applied to 11i.ATG_PF.H Rollup 6 (RUP
6), or you are running 11i.ATG_PF.H Rollup 7 (RUP 7) or higher, the 'jpi-version' portion of the 'application/x-java-applet' MIME type is no
longer used. The 'jpi-version' parameter is not supported when running 'Next Generation' Java (JRE 1.6.0_10 or higher). If running an earlier
version of the JRE Plug-in with this patch applied the 'sun_mimetype' parameter is also simply, 'application/x-java-applet'.
Related Notes
Enhanced Jar Signing for Oracle E-Business Suite (Document 1591073.1)
Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (Document 393931.1)
Recommended Browsers for Oracle E-Business Suite 11i (Document 285218.1)
Recommended Browsers for Oracle E-Business Suite Release 12 (Document 389422.1)
Recommended Set Up for Client/Server Products with Oracle E-Business Suite 11i & R12 (Document 277535.1)
Using Microsoft Office 2007 and 2010 with Oracle E-Business Suite 11i and R12 (Document 1077728.1)
Upgrading JInitiator with Oracle Applications 11i (Document 124606.1)
Upgrading Developer 6i with Oracle E-Business Suite 11i (Document 125767.1)
Change Log
Date Description
Feb 11, 2014 Added Certificate Revocation Lists Error using LDAP URL to Known Issues.
Jan 14, 2014
Added JRE 1.7.0_51 (7u51) 32-bit and 64-bit as certified Plug-ins.
Added the latest fixes for Security Warning Running JRE 6u19 and Later issue.
Nov 14, 2013 Added Mozilla Firefox ESR 24.x as a certified browser.
Oct 22, 2013 Added JRE 1.7.0_45 (7u45) and Higher issue running out-dated JDK release in Section 5. Known Issues
Oct 15, 2013
Sep 21, 2013 Added Windows 8 Certification.
Sep 10, 2013
Aug 12, 2013 Added JRE 6 fix for Forms will not Launch on Windows XP after upgrade to JRE 1.6.0_32 and Higher.
Aug 9, 2013 Added Internet Explorer 10 as a certified browser.
Jun 18, 2013
Apr 16, 2013
Mar 4, 2013
Feb 19, 2013
Feb 1, 2013
Jan 14, 2013 Added JRE 1.7.0_11 (7u11) 64-bit and 32-bit as certified Plug-ins.
Jun 25, 2007 Initial Release.
Document 290807.1 by Oracle Applications Development
Copyright 2007, 2014 Oracle

Deploying JRE (Native Plug-In) For Windows Clients in Oracle E-Business Suite 11i

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Deploying JRE (Native Plug-In) For Windows Clients in Oracle E-Business Suite 11i

Uploaded by

Copyright:

Available Formats

Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite 11i (Doc ID 290807.

You might also like