User Acceptance of RIAs用户接受RIA

For security, users are prompted for permission to run an RIA before launching for the first time, even if the application is signed or doesn't require access outside of the security sandbox. 为了安全起见，用户在首次启动之前会被提示获得运行RIA的权限，即使应用程序已签名或不需要在安全沙箱之外进行访问。The prompt includes the following information, depending on the RIA being run:根据正在运行的RIA，提示包括以下信息：

• Name of the RIA, or notification that the application is unsigned.RIA的名称，或应用程序未签名的通知。
• Information about the publisher, if the app is signed with a certificate from a trusted authority. 如果应用程序使用来自受信任机构的证书签名，则提供有关发布者的信息。If the certificate is expired, a warning is included. 如果证书过期，则会发出警告。If the application is self-signed, the publisher is shown as UNKNOWN.如果应用程序是自签名的，则发布者显示为未知。
• Warnings if the certificate is expired, revoked, or the revocation status cannot be checked.如果证书已过期、已吊销或无法检查吊销状态，则会发出警告。
• Location from which the application is accessed.从中访问应用程序的位置。
• Level of access required by the application. 应用程序所需的访问级别。Limited access restricts the application to the security sandbox, unrestricted access provides the application with access to resources on the user's system.有限访问将应用程序限制在安全沙箱中，无限制访问将应用程序提供对用户系统上资源的访问。
• Warning about missing JAR file manifest attributes if recommended attributes are not present.如果建议的属性不存在，则警告缺少JAR文件清单属性。
• For unsigned or self-signed applications, a check box that the user must select to accept the application.对于未签名或自签名的应用程序，用户必须选中该复选框才能接受该应用程序。
• In some cases, the option to not show the prompt again.在某些情况下，可以选择不再显示提示。

For a description of the prompts, see What should I do when I see a security prompt from Java?有关提示的描述，请参阅当我看到来自Java的安全提示时应该做什么？

Users are also warned if they are running an out-of-date JRE and are given the opportunity to update to the latest version before running an application. 如果用户运行的是过时的JRE，用户也会收到警告，并有机会在运行应用程序之前更新到最新版本。Users can also choose to run with the JRE on their system, or to block the application from running.用户还可以选择在系统上运行JRE，或者阻止应用程序运行。

The security level setting in the Java Control Panel determines if users are given the opportunity to run RIAs. Java控制面板中的安全级别设置决定用户是否有机会运行RIA。The default setting of High prompts users for permission to run applications that are signed with a valid certificate and include the Permissions attribute in the manifest for the main JAR file. 默认设置为“高”会提示用户获得运行应用程序的权限，这些应用程序使用有效证书签名，并在主JAR文件的清单中包含“权限”属性。If the revocation status of an application cannot be checked, the application is also allowed to run with the user's permission.如果无法检查应用程序的吊销状态，则还允许该应用程序在用户许可的情况下运行。

Signing your RIA provides the user with a level of trust. 签署您的RIA为用户提供了一定程度的信任。Consider the following when preparing your application for deployment:在准备应用程序部署时考虑以下事项：

• The best user experience is provided by an application that is signed with a certificate issued by a recognized certificate authority.最好的用户体验是由一个由公认的证书颁发机构颁发的证书签署的应用程序提供的。

• Self-signed and unsigned applications are not allowed to be run unless an exception site list or deployment rule set has been created to explicitly allow the application to run.不允许运行自签名和未签名的应用程序，除非已创建异常站点列表或部署规则集以明确允许该应用程序运行。

• Signed applications can be either privileged applications or sandbox applications. 签名应用程序可以是特权应用程序，也可以是沙盒应用程序。Privileged applications are provided unrestricted access to resources on the user's system. 特权应用程序可以不受限制地访问用户系统上的资源。Sandbox applications are restricted to the Java security sandbox. 沙盒应用程序仅限于Java安全沙盒。Unsigned applications are restricted to the sandbox.未签名的应用程序仅限于沙箱。