Java 7 update 51 - Prompts user confirmation message about Publisher name every time

StackOverflow https://stackoverflow.com/questions/21185322

  •  29-09-2022
  •  | 
  •  

Question

Java 7 update 51 : My application is java web start kind, in which we have addressed all the security measure in jar, JNLP files and signed the jar files with trusted authority , but Latest update is prompting user confirmation message about Publisher name every time. Message doesn't have any check box to ignore as provided with update 45 and further, so please clarify is this a normal behavior of this update or else any step required to overcome the same.

enter image description here

****SOLUTION:****

Application-Library-Allowable-Codebase: *

this attribute resolved the check box issue in my case

Was it helpful?

Solution 2

I've found that Rob's manifest entries did not do it for us... We still ended up without "Do not show this again..." check box showing under 1.7.0_51 for our app (when href= was not specified, properly signed, etc.).

But other of what Rob posted holds & that coupled with Andrew's suggestion of a full/proper manifest lead us to what worked for us. From my post to Java Web Start security dialogs with Java 7 update 51:

Assure you've JAR manifest(s) such that no Missing Blah-Blah-Blah manifest attribute msgs show in console log. The minimal additional manifest attributes for 7u51 we've found must be present (*s as test values):

Permissions: all-permissions
Codebase: *
Application-Library-Allowable-Codebase: *

OTHER TIPS

I have an applet with this dialog (after updating java to 7.51)... the checkbox is shown and works for me (dialog no more showing).

Don't know if this is related to localhost? Maybe check your security switch in java configuration (mine is at high).

Edit:

I think this affects the security/dialog-behavior: I sign my applet with an official CA-certificate and update the manifests of all loaded jars (using the maven-webstart-plugin):

<updateManifestEntries>
    <Permissions>all-permissions</Permissions>
    <Codebase>*</Codebase>
    <Caller-Allowable-Codebase>*</Caller-Allowable-Codebase>
    <Trusted-Library>true</Trusted-Library>
    <Application-Name>MyApplet</Application-Name>
</updateManifestEntries>

Finally in my JNLP I add

<security>
    <all-permissions />
</security>

I am experiencing a similar problem with my Web Start applications, but the post Java Web Start security dialogs with Java 7 update 51 prompted me to try to add this href attribute and it solved the problem. That is

Entry "before" : 

<jnlp spec="1.6+" codebase="http://11.111.111.111:80/example.com">

Entry "after" does work: 

<jnlp spec="1.6+" codebase="http://11.111.111.111:80/example.com" href="yyyy.jnlp">

where yyyy.jnlp is a self reference to the application jnlp file

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top