What does the Java Applet security warning “JAR file manifest does not contain the Permissions attribute”mean?
I have a Java Applet which needs access to the local filesystem of the client. I have created a simple certificate for my own (it is NOT certified by Verisign,Commodo, ...). I s
-
You don't need to buy a certificate, just fix the manifest file.
Add this line:
permissions: all-permissionsOr this line if you need only limited access:
permissions: sandbox讨论(0) -
In Netbeans I noted that manifest file is generated during build ..so briefly what I have done to fix this issue to include my manifest attributes inside that template which is responsible for generating manifest.
To do so follow these steps :
1- Open this file with any editor: (PATH)\nbproject\jfx-impl.xml
(PATH): is the path of your project.2- Search for : "// manifest". mine looks like:
// manifest var man = jar.createManifest(); var a1val = project.getProperty("application.vendor"); var a1 = new org.apache.tools.ant.taskdefs.Manifest.Attribute(); a1.setName("Implementation-Vendor"); a1.setValue(a1val); man.addConfiguredAttribute(a1); var a2val = project.getProperty("application.title"); var a2 = new org.apache.tools.ant.taskdefs.Manifest.Attribute(); a2.setName("Implementation-Title"); a2.setValue(a2val); man.addConfiguredAttribute(a2); var a3 = new org.apache.tools.ant.taskdefs.Manifest.Attribute(); a3.setName("Implementation-Version"); a3.setValue("1.0"); man.addConfiguredAttribute(a3); //******insert your Attributes code here******* jar.perform();3- Under "//*insert your Attributes here**", you can insert your own manifest attributes code, in my situation its enough to include codebase, and permissions.. you can use my code as well:
... //******insert your Attributes here******* var a50 = new org.apache.tools.ant.taskdefs.Manifest.Attribute(); a50.setName("permissions"); a50.setValue("all-permissions"); man.addConfiguredAttribute(a50); var a51 = new org.apache.tools.ant.taskdefs.Manifest.Attribute(); a51.setName("codebase"); a51.setValue("*"); man.addConfiguredAttribute(a51); ...4- Then build and you wont see that warning again.
Some notes:
I strongly recommend to check the manifest attributes documentation which relates to security @ http://docs.oracle.com/javase/tutorial/deployment/jar/secman.html
dont use the wildcard "*" value in codebase, and it will be better to use https instead of http for security sake :-) I am using it for developing only.
good luck,'.
讨论(0) -
I've met this warning while updating the signature on a pre-existing applet (a component that interfaces a user smartcard, and so to work correctly requires to be signed with a "strong" certificate).
Adding also the codebase attribute, e.g: "Codebase: xyz.com" actually makes the warning disappear (note that the original warning text was refering, as in this case, to issues related to the "Permission" attribute not the codebase one...).
It's probably a bug in the jre?
讨论(0) -
I ran into the same problem and changing my manifest did not fix it.
Finally I found out, that I referenced a library which came in its own jar with its own manifest. I was using a copy of that jar-file that did not have Permissions and Codebase.
So, if you reference any libraries except the JRE System library, check the manifest in the jar file (e.g. by opening it with 7zip). If it does not contain the attributes, you can:
- check, if the manufacturer has a new version. He might have noticed the problem by now.
- Unzip the jar file, edit the manifest and jar it again, or
- Merge the library with your own jar.
For the last two, check the license under which the library is published. Maybe you are not allowed to manipulate the product this way.
讨论(0)
加载中...
- 热议问题