Java 7u51/7u55 Manifest Variables with Asterisk - McMap

About

Java 7u51/7u55 Manifest Variables with Asterisk

Asked 17/1, 2014 at 14:42 Answered 23/1, 2014 at 10:32

Solved java applet manifest

D

1

8

I'm deploying an applet with the next variables in the manifest:

Manifest-Version: 2.0

Ant-Version: Apache Ant 1.8.2

Trusted-Library: true

Permissions: all-permissions

Application-Name: My Applet

Codebase: *

Application-Library-Allowable-Codebase: *

Caller-Allowable-Codebase: *

I was wondering if by using the asterisk in the previous values, my applet (once deployed) can be blacklisted by Java or by Oracle in a future version or now with the 7u51 (or perhaps the certificate can be blacklisted). Is it ok to use asterisks here?

I know is not the safest measure because my applet can be placed in any domain and be used, but I have to deploy the applet to a very large set of different domains, so I just want to create a single applet for every domain I control (I did this and it works for Java 7u40 and earlier versions).

Thanks for the help.

=== UPDATE - Java 7u55 ===

With Java 7u55, if you include a stand-alone asterisk as value in the Caller-Allowable-Codebase variable, you will get a security prompt once the applet is loaded. More info: Java Blog 8u5/7u55

Demigod answered 17/1, 2014 at 14:42 Comment(2)

Your manifest helped me to solve my problem. Thanks! – Poniard 5/3, 2014 at 9:51

@TarasKozubskyy Great! glad it worked out Taras, Rgds. – Demigod 7/3, 2014 at 13:21

B

1

As you can read here: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#codebase The asteriks indeed is a valid (codebase-)property value. As far as I know, the codebase attributes are therefore also optional, and Java will not complain if these are not present. Only for the permissions and Application-name attributes in the main jar file. In Java 7u45 it would complain for all the library jar files aswell, but since 7u51 it only does it for the main jar.

Breathed answered 23/1, 2014 at 10:32 Comment(2)

Thanks NickL for your answer. I am aware of what you are mentioning, but I was wondering if you knew about banned or blacklisted jars as a consequence of the use of asterisks in the manifest. – Demigod 24/1, 2014 at 18:23

I do not understand why you would think an applet, or even the certificate it is signed with, would be blacklisted because of a valid (or even invalid, this would only cause a warning to the user) manifest property.. The reason you are using an asteriks is the reason why the asteriks is valid. You simply cannot force developers to create a different .jar for every domain the RIA is used from. – Breathed 26/1, 2014 at 22:15

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.