Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What does the Java Applet security warning "JAR file manifest does not contain the Permissions attribute"mean?

Tags:

I have a Java Applet which needs access to the local filesystem of the client. I have created a simple certificate for my own (it is NOT certified by Verisign,Commodo, ...). I signed the jar with the following template:

del \Users\koalabruder\.keystore "C:\Program Files\Java\jdk1.7.0_45\bin\keytool" -genkey -alias %1 -keypass kp -dname "cn=inin" -storepass ab987c "C:\Program Files\Java\jdk1.7.0_45\bin\jarsigner.exe" -storepass abc -keypass kp %2 %1 "C:\Program Files\Java\jdk1.7.0_45\bin\keytool" -export -storepass abc -alias %1 -file %3

The simple security warning that I have "no signed certificate" has been in existence for years and is not my problem.

My problem is, that the security warning changed because one of the last Java updates:

This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the Publisher for more Information.

What does it mean? How can I fix it? Do I have to buy a certificate? Do I have to fix the Manifest (MANIFEST.MF)? What is the Permission attribute?

Update: Here is my Manifest from the jar file

Manifest-Version: 1.0 Ant-Version: Apache Ant 1.8.4 Application-Name: inin  Permissions: all-permissions  Created-By: 1.7.0_45-b18 (Oracle Corporation)  Name: net/inin/transfer/ul/UlPanel.class SHA-256-Digest: asdfasddddddddddddddddddddddddddddddddd=
like image 751
koalabruder Avatar asked Oct 24 '13 11:10

koalabruder

People also ask

What is manifest file in jar?

The manifest is a special file that can contain information about the files packaged in a JAR file. By tailoring this "meta" information that the manifest contains, you enable the JAR file to serve a variety of purposes.

2 Answers

You don't need to buy a certificate, just fix the manifest file.

Add this line:

permissions: all-permissions

Or this line if you need only limited access:

permissions: sandbox
like image 180
jzd Avatar answered Sep 23 '22 21:09

jzd

I ran into the same problem and changing my manifest did not fix it.

Finally I found out, that I referenced a library which came in its own jar with its own manifest. I was using a copy of that jar-file that did not have Permissions and Codebase.

So, if you reference any libraries except the JRE System library, check the manifest in the jar file (e.g. by opening it with 7zip). If it does not contain the attributes, you can:

  • check, if the manufacturer has a new version. He might have noticed the problem by now.
  • Unzip the jar file, edit the manifest and jar it again, or
  • Merge the library with your own jar.

For the last two, check the license under which the library is published. Maybe you are not allowed to manipulate the product this way.

like image 20
tommiport5 Avatar answered Sep 26 '22 21:09

tommiport5
Sign in to Comment

Related questions

Proper use of sub sub fragments with (Child)FragmentManager
Kendo UI Grid post rendered or post databound event?
Using scopes as roles in Spring Security OAuth2 (provider)
Add multiple buttons to navigation bar in storyboard
Is pwnat still an applicable solution
Spring Data Rest Without HATEOAS
Android Lollipop - changed behavior of SQLite
How to call some async code in an ASP.NET application_start
Nothing to Show in Android Project View
How can I use passportjs and reactjs together?
Uploading a large file (up to 100gb) through ASP.NET application
Dynamic or Conditional display of Jenkins job's parameters (rather than their value population)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!