Java 7 u45 gives yellow warning about a missing Permissions attribute that is not missing
Hi!
I have a Swing application distributed with Java WebStart. Since update 45 I can't get rid of the yellow warning about a missing permissions attrribute. I have reduced the JNLP to only reference a single signed jar that has the following manifest:
Manifest-Version: 1.0
Implementation-Vendor: Gunnar Grim
Ant-Version: Apache Ant 1.9.1
Implementation-Title: DOI Studio
Implementation-Version: 5.2.5.1310201149
Specification-Vendor: Gunnar Grim
Application-Name: DOI Studio
Permissions: all-permissions
Specification-Title: DOI Studio
Created-By: 1.7.0_45-b18 (Oracle Corporation)
Specification-Version: 5.2.5
Codebase: *
Name: ....
SHA-256-Digest: ...
Clearly, both Permissions and Codebase are there. Still I get the warning. Anyone knows if this is bug in Java WebStart?
TIA,
Gunnar
Are you signing your app with a 3rd party codesigning certificate ? Self-signing wont work anymore.
Similar Messages
-
Java 7u45 gives spurious warning about missing Permissions attribute
The security dialog in 7u45 gives a yellow warning about missing Permissions attribute. Does anyone know how to get rid of it?
Same as the yellow box in the screenshots (#2 and #3) documented here (although none of them discuss the Permissions attribute) :
What should I do when I see a security prompt from Java?
The MANIFEST.MF file for the app definitely contains this attribute. There's only one jar for the application, and it's signed.
Might this be another security dialog bug? Or am I missing something? The JNLP contains the same "all-permissions" security tag.
I also found the release notes for 7u45 mention a couple of cases where the dialog might still appear
(see last issue: Java™ SE Development Kit 7 Update 45 Release Notes)
I don't use the JNLPDownloadServlet but my own. I didn't model it on the JNLPDownloadServlet, but guess I could have partly the same issue since I use versioning.
My jar doesn't fail to download though, it's just that its displaying this warning.
MANIFEST.MF:
Manifest-Version: 1.0
Implementation-Title: My app
Implementation-Version: 3.0-SNAPSHOT
Built-By: me
Application-Name: Myapp
Created-By: Apache Maven 3.0.5
Ant-Version: Apache Ant 1.8.2
Trusted-Library: true
Implementation-Vendor-Id: org.me
Trusted-Only: true
Build-Jdk: 1.7.0_45
Permissions: all-permissions
Specification-Title: my-client
Specification-Version: 3.0-SNAPSHOT
Archiver-Version: Plexus Archiver
Codebase: *.me.orgI went the Java version detection applet and I don't get a warning about the applet being blocked in the future.
https://java.com/en/download/installed.jsp
https://java.com/en/download/installed.jsp
I dug the jar for the applet out of my Java cache and it contains Manifest.MF with the following contents:
Manifest-Version: 1.0
Codebase: www.java.com java.com
Created-By: 1.7.0_25 (Oracle Corporation)
Permissions: all-permissions
Application-Library-Allowable-Codebase: www.java.com java.com
Application-Name: Java Detection
Name: JNLP-INF/APPLICATION.JNLP
SHA1-Digest: jPquHTBq5R8txQLe5/T20x70Y7w=
Name: JavaDetection.class
SHA1-Digest: kQNVjPC5Yym1DszdpX1D2EH8Ll0=
The jar contains one Java class and a signed JNLP-INF/APPLICATION.JNLP file that looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp codebase="https://java.com/en/download/" href="JavaDetection_applet.jnlp" spec="1.0+">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
</information>
<resources>
<!-- Application Resources -->
<j2se version="1.6+"/>
<jar href="JavaDetection.jar" />
</resources>
<security>
<all-permissions />
</security>
<applet-desc
name="Java Detection Applet"
main-class="JavaDetection"
width="1"
height="1">
</applet-desc>
<update check="background"/>
</jnlp>
They are running applet via JNLP:
<applet code="JavaDetection.class" width="500" height="150"><param name="image" value="/im/download/verify_anim.gif"/><param name="centerimage" value="true"/><param name="boxborder" value="false"/><param name="jnlp_href" value="JavaDetection_applet.jnlp"/></applet>
The JNLP file downloaded from here: https://java.com/en/download/JavaDetection_applet.jnlp matches the signed JNLP file in the jar (except for name).
We are still working on getting our applications to not show the warning message but this appears to be an example of where the "you will be blocked in the future" message is not happening. We don't run our applications as applets so if anyone can find another working example that is a more traditional JNLP app, please post a link. -
I ordered a photobook, when I went to purchase it flashed up a warning about default text saying 'printed books will not include this text'.
Was really dissapointed when my photo book arrived with the default text printed. Will I have to return it? Or can I get some sort of discount? I don't live near a post office so I'd rather not have to return it.Contact Apple support - they can answer that type of questions - we are just users here like yourself
BTW - it is best not to order when you have errors - to resolve that error place a single space in the subject text box
and always
Before ordering your book preview it using this method - http://support.apple.com/kb/HT1040 - and save the resulting PDF for reference - the delivered book will match it.
LN -
Java SE7 U45 gives a Security Warning on FF v 24.0
My problem is that I cannot use the Always activate Java for a site method of fixing Java when I do online banking because the option never comes up - or at least I have not found a way to make it do so. I have captured what appears on my screen but evidently I can't attach it to this request. I am using FF 24.0 and Java is Se7 U45 on Windows XP/3.
This web site is requesting access and control of the Java application shown above (btw, there is nothing shown above). Allow access only if you trust the web site and know that the application is intedened to run on this site.
Allow access to the following application from this web site (not application is listed)?
Choices are: Yes, No, Helphello cdizdad60, you can attach a screenshot when you reply to your original question. but as far as you've described it, that dialog doesn't seem to come from firefox but is getting generated by java itself. in this case the firefox instructions on how to activate java don't apply & you'd probably have to contact oracle's support for further help...
-
I have been sitting looking at the blue line almost finished for over 2 hours. It says Writing files... underneath and Installing 11 items above the blue box. What should i do? Is there a problem or is it just taking a long time?? Im trying to set up my new iphone 4S but cant until this itunes is updated!
Please help.
Cheers
MegYou have 10.6 on that machine, I suggest you stick with it for performance, third party hardware and software reasons as long as possible.
Consider 10.8 (not 10.7) when it's released, because 10.7 and 10.8 will require a new investment in software and newer third party hardware as it requires newer drivers the old machines won't have. (forced upgrade because of software, really nice of them)
http://roaringapps.com/apps:table
Far as your Safari problem do these things until it's resolved:
1: Software Update fully under the Apple menu.
2: Check the status of your plug-ins and update (works for all browsers) also install Firefox and see if your problems continue. You should always have at least two browsers on the machine just in case one fails.
https://www.mozilla.org/en-US/plugincheck/
Flash install instructions/problem resolution here if you need it.
How to install Flash, fix problems
3: Install Safari again from Apple's web site
https://www.apple.com/safari/
4: Run through this list of fixes, stopping with #16 and report back before doing #17
Step by Step to fix your Mac -
Every time I open the browser an error message pops up, it says:
"The operation can bot be completed because of an internal failure. A secure network communication has not been cleaned up correctly."
The main difference I saw is that my home page, a customize igoogle one that needs login, is redirected to the main igoogle page because login is not successful and I had to manually do it. Even if I state to remember me, it doesn't work once I close the browser.This is a known bug that will be fixed in beta 7. You should only get that error message the first time after updating Firefox. If you are getting it all the time, are you switching between different versions of Firefox?
Do you still have an earlier version of Firefox installed, and if you do does it use the same profile as the beta version. If you do that can cause problems since Firefox 4 handles extensions in a different way than earlier versions of Firefox. If you do have 2 versions of Firefox installed, you need to use 2 different profiles. -
Give me description about JAVA Proxy Runtime and JAVA Proxy Server
Give me description about JAVA Proxy Runtime and JAVA Proxy Server with some examples.
Hi,
Java proxy runtime :
Using the Java proxy runtime you can receive messages or send messages to the Integration Server.
This will help you
http://help.sap.com/saphelp_nw04/helpdata/en/64/7e5e3c754e476ee10000000a11405a/frameset.htm
Java proxy server :
The connection to the Integration Server by using the Java proxy runtime.
This will help you
http://help.sap.com/saphelp_nw04/helpdata/en/87/5305adc23540b8ac7bce08dbe96bd5/frameset.htm
Regards
Agasthuri Doss -
Java 7 u45 Web Start application won't launch
I maintain an Eclipse RCP application launched with WebStart. Java 7 u45 made some security changes, and now my application crashes on startup.
I've added to the manifest:
Permissions: all-permissions
Codebase: *
Trusted-Library: true
This removed all of the warning messages from the Control Panel. But I still have a classloader issue when trying to load the first necessary class from my jar. This is new to update 45. To add to the complication, my application uses Eclipse RCP, so the classloading is through OSGi.This likely won't answer your question, but this update has messed up quite a bit with the way applet security is handled.
There are a laundry list of "known issues" in the release notes and they don't make sense.
For example, I use JavaScript to communicate to my applet and I have several trusted signed jars on it's class path. To permit JavaScript calls, a new parameter "Caller-Allowable-Codebase: http://*.mysite.etc" must be provided. To permit my applet to communicate with other jars I had previously used "Trusted-Library: true", but that setting now displays a false warning. Here's the KNOWN ISSUE from Oracle:
KNOWN ISSUE
Area: Deployment/Plugin
Synopsis: Caller-Allowable-Codebase may be ignored when used with Trusted-Library.
If a trusted, signed JAR file is using the Caller-Allowable-Codebase manifest attribute along with Trusted-Library then the Caller-Allowable-Codebase manifest entry will be ignored and, as a result, a JavaScript -> Java call will show the native LiveConnect warning. The workaround is to remove the Trusted-Library manifest entry.
Next, I generally test my applet by running a sample.html from my desktop. With Java 7 u45, this fails with an InvocationTargetException.
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException ...
Caused by: java.lang.NullPointerException
at sun.plugin2.applet.Plugin2ClassLoader.loadAllowedCodebases(Unknown Source)
Is this a KNOWN ISSUE too? Hard to tell.. here's the snippet from the release notes...
KNOWN ISSUE
Area: Deployment/Plugin
Synopsis: Applet could fail to load by throwing NPE if pack compression is used with deployment caching disabled.
If a JAR file is using pack compression with manifest entries Permissions and Caller-Allowable-Codebase while deployment caching is disabled, then:
The Permissions manifest entry will be ignored. (This can be seen from the fact that yellow warning is there on security dialog even though the Permissions attribute is there.) This only happens if Caller-Allowable-Codebase attribute is present along with the Permissionsattribute.
The Caller-Allowable-Codebase attribute will cause the applet to fail to load by throwing ajava.lang.NullPointerException.
I don't use deployment caching because it started causing problems with Java 7 u21. Adding the cache_jar parameter back in doesn't fix this. But the irony is this exception is only raised with the Trusted Godaddy Certificate and only when being launched from file:/// url. The Self-Signed version actually works (although some dialogs appear, but no NPE). This doesn't make any sense. Furthermore, when the trusted-signed version is launched from http:// it works fine. Should I turn off compression (and why would anyone do this?)
But what's worse than all of this listed above is when I finally choose the right combination of settings that permits the applet to load, it completely fails on older versions such as Java 7 u40 and Java 7 u21. My applet is compiled using JDK 5 for backwards compatibility with Mac PPC Java 1.5 and Mac Intel Java 1.6 (the sun one has compatibility issues on Mac only), but now does every client need to update to Java 7 u45? What about the scenarios where the upgrade isn't possible due to compatibility or availability? I wish I could answer this.
I'm struggling with this and so is my open source project. Any expert insight advice is appreciated. I'd happily compensate someone for assistance.
-Tres Finocchiaro -
WebStart Application is not working in Java 7 u45
My Eclipse RCP application ( launched with WebStart (.jnlp)) crashes on startup while launching with Java 7 u45.
I've added to the manifest:
Permissions: all-permissions
Codebase: *
Trusted-Library: true
This removed all of the warning messages from the Control Panel. But I still have a loading issue. I see following messages (Missing Application-Library-Allowable-Codebase) in java console while downloading many jarfs/plugins
security: JAVAWS AppPolicy Permission requested for: http://vspdlpd05.atldev.com/PDTeller-v73allyusdev2ix/app/plugins/j2ee_1.6.0.jar
ruleset: finding Deployment Rule Set for
title: Profile Direct Teller Wrappering Feature
location: http://vspdlpd05.atldev.com/PDTeller-v73allyusdev2ix/app/features/com.fnis.ally.teller.wrapper_2.0.0.jnlp
jar location: http://vspdlpd05.atldev.com/PDTeller-v73allyusdev2ix/app/plugins/j2ee_1.6.0.jar
jar version: null
isArtifact: true
ruleset: no rule applies, returning Default Rule
network: Created version ID: 1.7.0.51
network: Created version ID: 1.5+
network: Created version ID: 0+
security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://vspdlpd05.atldev.com/PDTeller-v73allyusdev2ix/app/plugins/j2ee_1.6.0.jar
where as the same changes (modified all the manifest files with above attributes) done in to a different repository seems to be working fine with java 7 u45.
Any help would be appreciated.
Thanks
SaiThanks Santhosh.
I am going through the First help link, I have already set the Property(Standard mode - while Launching Portal in new window) from Portal iview, and "Handover Portal stylesheet" to 'NO'
I hv already gone the remaining Forum threads and Notes as well, but i did not get exact any other help to fix this issue.
I am getting different Error now - Unable to get property 'addDelegate' of undefined or null reference
Pls. let me know if you can help me.
Thanks
Sathya -
Warning about low disk space on drive E
Hi,
I'm running Windows 7 on a HP Pavilion Elite HPE. My main drive i s C and there is also D (Factory image) and then the HP(E: ) one which is giving the warning about low disk space. When I look at what there is in drive E there is a folder called "my name"-PC with a lot of "Backup Set" folders/files in it, and then there is a folder called WindowsImageBackup and subfolder "my name"-PC.
I know I have to clean out these folders but I ma very insecure as to what I can delete.
I'd be very thankful if you could give me some advice in this matter!
This question was solved.
View Solution.File History in Windows 7 is an extensive image backup of your drive which will steadily increase over time and needs to be cleared and suggest that you turn the feature off. It is not very efficient.
If you wish to delete this Windows Image Backup file, you should disable the automatic backup feature of Windows.
Click on Start button > Control Panel > System and Maintenance> Backup and Restore.
In the left pane, click on "Turn Off Schedule".
From there you can delete the backup files on your E drive.
I also suggest as an alternative, use Macrium Reflect Free every so often as it is more efficient and reliable. It will make a complete image back up of your entire hard drive to an external hard drive. Don't forget to create a rescue disk.
Go to this site and do a Custom Install:
http://www.macrium.com/reflectfree.aspx
I personally use the Professional Edition which gives me more flexibility and features.
Please mark my post as SOLVED if it has resolved your problem. It helps others with similar situations. -
MOPZ - yellow warning does not allow to continue with generation of package
Hello,
Using Solution Manager (SM) to generate package and stack configuration
file for upgrade.
XXH is an HR, 640, with dual stack due to XSS. In SM, converted the
product version from ECC to ERP 2004 using SMSY_SWITCH_PRODUCT, there is no inconsistency.
Edited to add product instances - Portal Content and Enterprise Portal to link to XKP (JAVA system with Adobe Document Services, Application Server Java and Enterprise Portal. It is now showing in SMSY with the following product instances.
- SA ECC Server
- Portal content, pointing to another JAVA system XKP
- SAP NW - Entreprise Portal - pointing to XKP also
- SAP XSS - pointing to XKP also
In MOPZ, selected XXH, 'Upgrade with EHP' --> EHP4 on NW701. It shows the following warning
Attention! Software Component Version ESA ECC-SE 501 is installed!
Attention! Software Component Version BI CONT 3.53 is installed!
Then selected several technical usages
- ESA ECC-SE
- SAP ECC Server VPack successor
- Central Applications
- HCM
- Portal Content
- Portal Content Self Services
- HCM Self Services
- Self Services
However after the calculation it sill show the yellow warning below and
does not allow to continue, even if I try other technical usages.
Attention! Software Component Version BI CONT 3.53 is installed!
Anything missing here?
Regards,
TerryHello,
The document 'How to install EHP4' has the following
...' If you are combining the installation of SAP enhancement package 4 with an upgrade, you have to register the system according to the start release.'
Since it was ECC 5.0 and converted the product version (using SMSY_SWITCH_PRODUCT), it is 'SAP ERP 2004'.
The MOPZ log below, the first 4 lines are coming out as red
15:07:30 Attention! Software Component Version BI CONT 3.53 is installed!
15:07:30 Please check the instructions under the logging tab.
14:56:36 Please check the instructions under the logging tab.
14:56:36 Attention! Software Component Version BI CONT 3.53 is installed!
14:36:53 Attention! Software Component Version BI CONT 3.53 is installed!
14:36:53 Attention! Software Component Version ESA ECC-SE 501 is installed!
14:36:53 Product version of system not suitable for Netweaver
14:36:53 Technical Usage SCM .
14:36:53 Technical Usage ESA ECC-SE .
14:36:53 Attention! Software Component Version BI CONT 3.53 is installed!
14:36:53 Attention! Software Component Version ESA ECC-SE 501 is installed!
14:36:53 Please check the instructions under the logging tab.
14:36:10 Component BI CONT 3.53 without suitable Product Instance <--
The last line could be causing the error, but has not found any way to resolve it in SMSY. Any idea?
Regards,
Terry -
About the warning about changes message.
Hi all,
There is a messageChoice on the page,and the messageChoice must fire an action.But if the action is fired,then I click on the other tab or link, warning about changes message will not occur and directly farward to the other page.Is that possible that popup the warning about changes message after the messageChoice's event was fired ?
Thanks,
binghaoHi,
this question is hard to understand. I don't see a messageChoice component in ADF Faces, can you give more details to your usecase and the components involved
Frank -
Getconf returns compiler flags that the compiler warns about
I have Workshop 12u1 installed on my Solaris 10u8 machine (x86_64). I'm up to date with patches as of a couple weeks ago.
I'm well aware that the Workshop suite has deprecated flags like -xarch=generic64, -xarch=amd64a, etc.
However, when I run "getconf" on my Solaris 10 system, some of the conf settings still return those older flags that the compiler now warns about. That causes a lot of warning chatter when building certain applications (e.g. perl 5.10.1) that are smart enough to use "getconf" to try determine what flags to use in certain situations. Using getconf to find the right flags is even mentioned in the standards(5) page, but following its advice results in deprecation warnings from the compiler. Not good.
If you run the following code you'll see what I mean:
for f in `man getconf | egrep 'XBS'`; do echo "Checking $f"; getconf "$f"; doneIs this something that I (as a sysadmin for the system) should be able to configure, or is it something that would need to be patched to fix? The man pages for getconf, sysconf, and confstr aren't clear where the values are actually coming from.
So, how should this be fixed?
Thanks,
TimEnchanter wrote:
Since I'm running regular old Solaris 10, rather than OpenSolaris, I'm skeptical how much help the OpenSolaris developers are truly going to be. I can certainly give it a go, but even if they fix it in OpenSolaris, it might be a very long time before that fix filters into Solaris.Actually, it goes the other way. New features and modification go into the internal Solaris development workspace before they migrate to Open Solaris. The Solaris Express and final releases and Open Solaris releases come from the same source base. Whether a feature or update goes into a Solaris 10 patch depends partly on demand, especially demand from customers with service contracts.
I'm also a little puzzled about the "backwards compatibility" thinking of the compiler developers. In some areas (e.g. C++ and the standard library), what's shipped with the compiler is years and years behind what's current, apparently in the name of "backward compatibility". Yet where compiler flags are concerned, the developers seem to be much more cavalier about deprecating things and making changes that break backward compatibility.We try very hard not to break code or makefiles. Sun (and now Oracle) makes its money from enterprise users. Their code bases last for a long time, and changes are expensive. Changing a line in a makefile or source code file can mean having to re-certify the application.
The change from -xarch to -m specifying the memory model was more abrupt than we would have liked, and in hindsight, was probably not handled very well. We were running into combinatorial explosion of -xarch sub-options due to the increasing number of architectures that the compiler supports. Some option combinations quietly resulted in behavior that you didn't expect. (For example, the combination "*-fast -xarch=v9*"did not give the same result as "*-xarch=v9 -fast*".) Separating memory model from the other considerations made the options easier and more reliable to use.
Don't get me wrong -- I'm all for forward progress with the tool-chain -- I think that the C++ standard library and the defaults should all be brought up to what's current in the industry. Sun Studio 12 update 1 has direct support for Apache stdcxx (if installed in a standard location) in addition to libCstd and STLport. The Apache library will be in the next Open Solaris. When it will be available in a Solaris 10 update has not yet been decided.
I also think adding support for -m32/-m64 was a good move. It just seems to me that if the developers are going to deprecate a large number of flags that the compiler accepts, they should also make certain that the rest of the operating system can handle that change. To me, that means that they need to work with the developers of getconf/confstr() to make certain it knows how to check the compiler version before it emits a particular flag.Only a few options have been deprecated. It's just that they are probably the ones you used most. :-(
More than one compiler version can be installed on a system, and compilers can be installed anywhere. Programmers in medium to large shops typically run compilers installed on a remote server, although they might have other compilers installed locally. If getconf had to guess what compiler you were using, it would often guess wrong. If you have suggestions on how to match up getconf behavior with the compiler you want to use, please post them in an Open Solaris forum. -
All my video clips in an almost-complete movie now have a yellow warning symbol in the lower-left hand corner. How can I resolve this?
It's hard to say - as You can select to use another one in another location - which I know nothing about.
• to find out where iMovie tries to find material - As I remember it one put the pointer arrow ontop of one yellow exclemation mark and "Hands off" for some secondes - and it will tell.
I use to do a quick - [Shift+cmd+3] to do a screen dump - so that I can read this address in full and try to set all material back to this location. iMovie can not be set to find it elsewhere - only alt is to re-insert material and now not move it - but this is most often a more tedious way - than just move material back to where iMovie tries to find it.
• To set iPhoto to another Library
- Start iPhoto - BUT KEEP - alt-key down during full up-start (also called the option key)
- Now You can select another one
Yours Bengt W -
Why do I get a warning about downloading J2SE Runtime Environment?
I want to take some courses through SkillSoft, it requires downloading a Java Runtime environment. Before I even started to download I got a Firefox message about something being blocked and that the JRE could cause stability or security problems? I closed the window so I don't have the exact message. Should I download the JRE or not?
Welcome to the Support Communities. So that we can see exactly what you're referring to, please take a screen shot of the warning and post it using ASC's camera icon:
Maybe you are looking for
-
How to simulate DDE in Web Forms?
Surely there is some elegant way to do DDE in a Web Forms (6i)environment? Given that Forms 7i will only support internet deployment and not C/S, there must be some "migration path" to replace the functionality of DDE in the C/S environment. My need
-
Hi ALL, My requirement is something like this.. i have to put an button in the report program so that whenevr i press the button the screen must be captured and should be saved as a picture file in the location i specify. any one knows how can i achi
-
Dear All In sales order. Ship-to party- CST is not appearing. Sold to party [x] and ship-to party[y] is different. 1. Creating sales order for X and Y. 2. Maintaining price for Y. Basic price, excise duty, discount and freight is appearing but CST i
-
Q10 Device Monitor - Small suggestions about drop-down menu.
It would be nice if the drop-down menu would remember my previous choice (last 48 hours) and also offer an additional choice of "last 7 days". ics.com - Where Qt experts work.
-
Question Everytime I open a safe website I get this message ""ai-13.php" is a script application downloaded from the Internet. Are you sure you want to open it?" How do I get this to stop?