Java 1.7 Update 45 - Unable to run unsigned jar

Question 1

Is there any way I can proceed here?

Sure. Digitally sign the code with a certificate that links back to a trusted key chain.

Are only signed jar files allowed?

It is progressing towards that, yes.

Is there anyway I can tweak some settings to get unsigned applets to load?

On your own machine? Probably for a little while longer, as Oracle continues to tighten the security along the lines you have discovered.

For the users? No, nothing that is practical beyond 'educate your users as to the advantages of the digitally signed code', and to 'click OK when prompted'.

Question 2

The best thing you can do if these are your applets is to sign them with a decent signing key. (Or if the applets are solely for your own use, a self-signed certificate will do once you have imported it into your JVM's keystore as trusted.)

If these are applets supplied by someone else, either convince the supplier to sign them (with a good key), or stop using their applets. Period.

The reason that Oracle are moving in this direction is that applets can do a variety of nasty things to your machine by exploiting security holes of various kinds. Disabling unsigned applets helps protect the user from being a victim of malicious applets ... since the "bad guys" are unlikely to sign their code with a certificate that says who they are.

Question 3

From appearances, Oracle really screwed up. Not only did they break hundreds of thousands of man-hours worth of benign legacy applets... Having to digitally sign applets between local builds undermines new applet production. They seriously need to give some thought to this.

Question 4

I guess you can always download and use an old version of Java (one that actually works...): http://www.oldapps.com/java.php

I will never undestand why have the security slider in the Java settings if it does nothing...

After install, restart your browser. It works like a charm for me.