I have a Java Applet which needs access to the local filesystem of the client. I have created a simple certificate for my own (it is NOT certified by Verisign,Commodo, ...). I signed the jar with the following template:
del \Users\koalabruder\.keystore
"C:\Program Files\Java\jdk1.7.0_45\bin\keytool" -genkey -alias %1 -keypass kp -dname "cn=inin" -storepass ab987c
"C:\Program Files\Java\jdk1.7.0_45\bin\jarsigner.exe" -storepass abc -keypass kp %2 %1
"C:\Program Files\Java\jdk1.7.0_45\bin\keytool" -export -storepass abc -alias %1 -file %3
The simple security warning that I have "no signed certificate" has been in existence for years and is not my problem.
My problem is, that the security warning changed because one of the last Java updates:
This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the Publisher for more Information.
What does it mean? How can I fix it? Do I have to buy a certificate? Do I have to fix the Manifest (MANIFEST.MF)? What is the Permission attribute?
Update: Here is my Manifest from the jar file
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.4
Application-Name: inin
Permissions: all-permissions
Created-By: 1.7.0_45-b18 (Oracle Corporation)
Name: net/inin/transfer/ul/UlPanel.class
SHA-256-Digest: asdfasddddddddddddddddddddddddddddddddd=
I ran into the same problem and changing my manifest did not fix it.
Finally I found out, that I referenced a library which came in its own jar with its own manifest. I was using a copy of that jar-file that did not have Permissions and Codebase.
So, if you reference any libraries except the JRE System library, check the manifest in the jar file (e.g. by opening it with 7zip). If it does not contain the attributes, you can:
For the last two, check the license under which the library is published. Maybe you are not allowed to manipulate the product this way.