Warning on Permissions attribute when running an applet with JRE 7u45

Question

I've just upgraded JRE to 7u45, and my applet receives a warning message on start-up, saying " This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute." Then I added the following two attributes to the manifest of my applet Jar file (self-signed):

Permissions: all-permissions
Codebase: *

However the warning message didn't disappear. I doubt that I'm missing some other things, but can't find them out after hours of research. Anybody else knows the solution?

Update

Trusted applet that is signed with a valid certificate can't run either. The yellow warning message doesn't show up but another error dialog is displayed saying the applet is blocked by the security settings, while changing the security level or something else in Java Control Panel doesn't help.

Answer 1

I have the same problem. I test it with a explicit codebase, but the warning "Missing Permissions manifest attribute" it continues appearing.

Also tried changing permissions to "sandbox", the message still appearing but the applet don't have privileges to execute some functions.

Edit:

Finally I've found the solution: manifest.mf

Manifest-Version: 1.0
Codebase: *
Permissions: all-permissions
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Application-Name: AppName
Created-By: AppCreator

I hope this help you.

Answer 2

I was also facing this problem and i resolved this problem in my application by just adding the certificate as a "Secure Site" under java control center.

The error message ("The application will be blocked ... Permission attribute") is so misleading and it acts more like a generic error message and has nothing to do with Permissions attribute really present in the jars or not. This to me is a bug and hopefully java will fix it in the next release.

Exact steps to remove this error message:
1) javaws -viewer
2) Open Security tab
3) Clik on "Manage Certificates"
4) Select Certificate Type as "Secure Site"
5) Add the application certificate.

Answer 3

After spending some time breaking my head on editing manifest (see how to config manifest with maven) and all those java configurations, I've found how it works:

To grant allPermissions with java 1.7+ you need to edit java.policy file.

Use the policytool to do that. At prompt command line:

policytool

see Oracle tutorial: http://docs.oracle.com/javase/tutorial/security/tour1/wstep2.html

Open the right policy file where your browser vm is executing. For me its in:

C:\Program Files (x86)\Java\jre7\lib\security\java.policy

Should load some CodeBase list. Click on it for edit or:

Add Entry

Leave CodBase blank for every location where code is running but you can put localhost or your stite if you want and signedBy blank for non signed jars/applets. Click Add Permission, then choose AllPermissions
I have CodeBase <ALL> and it java.security.AllPermission

Then save! java.policy and should get sucess message.

Done you can run non signed applet and acess disk files.