Question
I have a Java application that is launched from a jnlp file off of a website. I'm trying to get it to run without flashing up a bunch of security warnings before it runs.
The program is broken up into about 10 different jar files, 30 or so jar libraries, and a couple native libraries also contained in jar files.
I've signed all of the jar files with an official code signing cert (from Verisign), included the jnlp file inside of the jar file that holds the main class, and added permissions and codebase attributes to the main 10 jars that I'm compiling.
When I launch the program I get the message stating:
This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the Publisher for more information.
I can click "Run" to get past this message, but then I get:
Block potentially unsafe components from being run? The application contains both signed and unsigned code.
I've added the permissions attribute to all of the jar files that I'm compiling. Do I have to update the jar manifest for the third-party libraries that I'm using as well? If so, is there an easy way to do this? I'm using Apache Ant to build the application.
Solution
Yes , you have to update all jars
You can add these properties directly into manifest of the jar files (all jars) from a file -
In your plugins directory :
https://stackoverflow.com/questions/20665971
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianjar ufm <jar_file> additionalAttribute.txt
This additionalAttribute.txt will contain your additional manifest attribute like -
Permissions: all-permissions Codebase: * Application-Name: My App Caller-Allowable-Codebase: * Trusted-Library: true Application-Library-Allowable-Codebase: *
OTHER TIPS
Do I have to update the jar manifest for the third-party libraries that I'm using as well?
Yes. All parts, all Jars of our applications have the same security requirements.
