The Java 7 update 21 release contains several changes to the way applets are handled.
Our users are experiencing a problem when navigating between 2 pages that each contain an applet from the same signed jar (signed from a trusted certificate authority).
Each applet is on a different URL.
Loading each URL in a fresh browser works fine and the applet runs.
Clicking a link from url1 to url2 gives the following error dialogs "Block potentially unsafe components from being run? (recommended)".
Clicking either "Yes" or "No" in the dialog opens url2 and the applet runs without problems.
Nothing in the Java Console to indicate what's happening.
If you click from url1 to a page without an applet and then to url2 there is no error.
Only 7u21 is affected, problem appears on all OS / Browser combinations tested so far.


This behaviour is in the plugin. There is no hit on the server before the error dialog appears. Will try clearing plugin caches.


Don't think it's the plugin applet cache (was turned off)
Also, removing the trusted cert (installed under a previous JRE) and reinstalling doesn't help


Error occurs at all plugin security levels (Medium, High, Very High)
Clicking Yes to block still allows the navigation to url2 at all security levels


FYI, these problems are occurring with a signed app (trusted CA) that requests full permission (the applets needs to cache a lot of data to the local filesystem).


POTENTIAL WORKAROUND: If you navigate to the 2nd applet using your browser's right click "Open link in new tab" then there is no dialog box so the Java plugin cannot detect this navigation and block it.


IMPORTANT - The security dialog can be triggered even when the target url does not contain an applet !!! In a way this makes sense as there was no web hit before the dialog appeared so how could the plugin know whether the target URL contains an applet (unless maintains a record of urls containing applets).
New line of thinking is that the dialog appears if there is Java<-->JavaScript interaction


Thanks to Joe McGlynn at Oracle and @DonaldOJDK for the pointers on how to fix this.
Starting with Java 7u21 calling between all-permission Java applets and JavaScript is classed as mixed code and requires the signed jar to have the following manifest entry:
Trusted-Library: true
Applet error dialog
Applet error dialog
Applet error details
Applet error details