When I launch application from jnlp I receive message
"Missing Codebase manifest attribute for:xxx.jar"
what does it means?
Missing Codebase manifest attribute for:xxx.jar
A comprehensive answer to this question can be found on this Q/A: #19659634 –
Darmit
Just encountered this, too, when running an internal application after updating my JRE to 1.7u25. The warnings appear because of a new security feature introduced in 1.7u25 to prevent unauthorized code reuse. In my case, I was also presented with a dialog asking me to confirm that I wanted the application to have access to my PC.
If you have access to the jar file, add two attributes to it: Permissions and Codebase. You need to decide if the application requires access to everything on the PC, in which case you would use the value all-permissions for the Permissions attribute. Otherwise, use sandbox and the JRE will restrict the code's access level on the PC. Codebase probably needs to be the same as the codebase for the jnlp file, unless that jar file is being downloaded from a different URL, in which case it needs to be that URL.
Reference: Oracle's Java 7 documentation
this resulted in an error for me:
java.io.IOException: Invalid signature file digest for Manifest main attributes. I added a line Permissions: all permissions and another Codebase: (http:// ...) like you instructed.. –
Darmit @ryvantage, add those attributes before signing the jar file. –
Hypoxia
The jar file is created and signed automatically by Netbeans. Both creation and signing are done in one motion. :( –
Darmit
I guess I could always try adding the parameters then re-signing the .jar manually. –
Darmit
If you have access to the original certificate, you can re-sign the jar after adding the attributes to the manifest file. If you don't have access to the original certificate, but are going to re-sign with your own certificate, you can use text manipulation on the manifest file to remove the signing information before re-signing the jar file. –
Hypoxia
@ryvantag You can edit your build.xml in you netbeans project's root folder. See this question for more info –
Intercommunion
Actually, I submitted a bug report to Netbeans telling them that the IDE should include this functionality so they added it :) –
Darmit
But how to add attributes to the jar file? Which program to use? –
Defend
Mr. M, you can create another file with the attributes you want to add and then add them using
jar -cfm <jar file> <other file with attributes> –
Hypoxia Following Peter's answer, this is how you solve the problem in an automated way, in case you're using Netbeans and JavaFX.
Netbeans 7.3.1 still doesn't have this "bug" fixed (it doesn't add the codebase and permissions to the Manifest for you). If you want to use Netbeans to build the project and not manually add the missing attributes (and re-sign the .jar), you can edit your build.xml and add the following ANT targets and macros:
<target name="-post-jfx-jar">
<update-libs-manifest />
<update-jar-manifest jarfile="${jfx.deployment.dir}${file.separator}${jfx.deployment.jar}" />
</target>
<macrodef name="update-libs-manifest">
<sequential>
<property name="pp_rebase_dir" value="${basedir}${file.separator}${dist.dir}${file.separator}lib"/>
<property name="pp_rebase_fs" value="*.jar"/>
<condition property="manifest.codebase" value="${manifest.custom.codebase}" else="*">
<and>
<isset property="manifest.custom.codebase" />
<not>
<equals arg1="${manifest.custom.codebase}" arg2="" trim="true" />
</not>
</and>
</condition>
<condition property="manifest.permissions" value="all-permissions" else="sandbox">
<isset property="permissions-elevated" />
</condition>
<echo message="Updating libraries manifest => Codebase: ${manifest.codebase} / Permissions: ${manifest.permissions}" />
<script language="javascript">
<![CDATA[
var dir = project.getProperty("pp_rebase_dir");
var fDir = new java.io.File(dir);
if( fDir.exists() ) {
var callTask = project.createTask("antcall");
callTask.setTarget("-update-jar-macro-call");
var param = callTask.createParam();
param.setName("jar.file.to.rebase");
var includes = project.getProperty("pp_rebase_fs");
var fs = project.createDataType("fileset");
fs.setDir( fDir );
fs.setIncludes(includes);
var ds = fs.getDirectoryScanner(project);
var srcFiles = ds.getIncludedFiles();
for (i=0; i<srcFiles.length; i++) {
param.setValue(dir + "${file.separator}" + srcFiles[i]);
callTask.perform();
}
}
]]>
</script>
</sequential>
</macrodef>
<target name="-update-jar-macro-call">
<update-jar-manifest jarfile="${jar.file.to.rebase}"/>
</target>
<macrodef name="update-jar-manifest">
<attribute name="jarfile"/>
<sequential>
<echo message="jarfile = @{jarfile}" />
<jar file="@{jarfile}" update="true">
<manifest>
<attribute name="Codebase" value="${manifest.codebase}"/>
<attribute name="Permissions" value="${manifest.permissions}"/>
</manifest>
</jar>
</sequential>
</macrodef>
After that, you just have to add manifest.custom.codebase=<your_codebase> to your project.properties. For example: manifest.custom.codebase=localhost
Attention: This code is for a JavaFX application using Netbeans default ANT build process. You'll need to update it accordingly if that's not your case - that will require a change on the first target (<target name="-post-jfx-jar">), the property names and the condition that checks the permissions-elevated property.
hi, with a swing application how can i do this? –
Tumular
Refer to detailed explanation about error you mentioned. http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/no_redeploy.html
Here's what I've found:
CAUSE
Starting with Java 7 Update 51, Java has enhanced security model to make user system less vulnerable to the external exploits. The new version of Java does not allow users to run the applications that are not signed (Unsigned), Self signed (not signed by trusted authority) and the applications that are missing permission attributes.
I got the problem in TopCoder Arena launch. It can be easily removed using the below link:
© 2022 - 2024 — McMap. All rights reserved.