As my JDK version upgraded to u45 now I get warnings about missing security information. So I used following security updates as part of webstart signing using webstart-maven-plugin
<plugin>
<groupId> org.codehaus.mojo</groupId>
<artifactId>webstart-maven-plugin</artifactId>
<version>1.0-beta-4</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jnlp-inline</goal>
<!-- use jnlp, jnlp-inline or jnlp-single as appropriate -->
</goals>
</execution>
</executions>
<configuration>
<!--outputDirectory></outputDirectory -->
<!-- not required?? -->
<!-- Set to true to exclude all transitive dependencies. Default is
false. -->
<excludeTransitive>false</excludeTransitive>
<!-- The path where the libraries are stored within the jnlp structure.
not required. by default the libraries are within the working directory -->
<libPath>lib</libPath>
<!-- resourcesDirectory>${project.basedir}/src/main/jnlp/resources</resourcesDirectory -->
<!-- default value -->
<!-- JNLP generation -->
<jnlp>
<!-- default values -->
<!-- inputTemplateResourcePath>${project.basedir}</inputTemplateResourcePath -->
<!--inputTemplate>src/main/jnlp/template.vm</inputTemplate -->
<!-- relative to inputTemplateResourcePath -->
<outputFile>xxxx.template</outputFile>
<!-- defaults to launch.jnlp -->
<!-- used to automatically identify the jar containing the main class. -->
<!-- this is perhaps going to change -->
<mainClass>XXXXXX</mainClass>
</jnlp>
<!-- SIGNING -->
<!-- defining this will automatically sign the jar and its dependencies,
if necessary -->
<sign>
..................
</sign>
<!-- BUILDING PROCESS -->
<pack200>
<enabled>false</enabled>
</pack200>
<gzip>true</gzip>
<!-- default force when pack200 false, true when pack200 selected
?? -->
<!-- causes a version attribute to be output in each jar resource
element, optional, default is false -->
<outputJarVersions>true</outputJarVersions>
<!--install>false</install -->
<!-- not yet supported -->
<verbose>true</verbose>
<updateManifestEntries>
<Application-Name>cccccc</Application-Name>
<Trusted-Library>true</Trusted-Library>
<Permissions>all-permissions</Permissions>
<Codebase>*</Codebase>
<Trusted-Only>true</Trusted-Only>
</updateManifestEntries>
</configuration>
Here
<updateManifestEntries>
<Application-Name>cccccc</Application-Name>
<Trusted-Library>true</Trusted-Library>
<Permissions>all-permissions</Permissions>
<Codebase>*</Codebase>
<Trusted-Only>true</Trusted-Only>
</updateManifestEntries>
breaks the application when it launches. Dependency injection not happening. I had to add updated manifest information even for Spring related jar.
I tried doing the same with
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
But not seems working.
Appreciate your immediate reply as I have been trying this since last week
The issue is with webstart-maven-plugin (1.0-beta-4) whose
<updateManifestEntries>
<!-- <Permissions>all-permissions</Permissions>
<Application-Name>catsvision</Application-Name>
<Trusted-Library>true</Trusted-Library>
<Codebase>*</Codebase>
<Trusted-Only>true</Trusted-Only> -->
</updateManifestEntries>
not working as expected.
When I tried to do the same with
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<archive>
<addMavenDescriptor>false</addMavenDescriptor>
<manifestFile>
src/main/resources/META-INF/MANIFEST.MF
</manifestFile>
<manifest>
<addDefaultImplementationEntries>false</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
where MANIFEST.MF has following entry
Permissions: all-permissions
Application-Name: CATS Vision
Codebase: *
Trusted-Library: true
Trusted-Only: true
worked for me. But it was for a particular JAR. How can I update manifest entries for a bundle of JARs (I mean my webstart bundle)? Is there any plugin for it other than maven-webstart-plugin
This seems an open bug with maven-webstart-plugin
http://jira.codehaus.org/browse/MWEBSTART-224
I resolved this issue:
- Update the permission attributes using maven-antrun-plugin
- Sign JARS using maven-jarsigner-plugin
- Use maven-webstart-plugin just to create JNLP bundle, not for signing or anything else
来源:https://stackoverflow.com/questions/20494534/new-updatemanifestentries-entries-of-webstart-maven-plugin-breaks-the-applicat