JAR file manifest does not contain the Permissions attribute

Since updating to Java 7 Update 45, my customers get a new yellow box in a Java security warning when launching the Smart Client. It says:

This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the Publisher for more information. More Information

Clicking ‘More Information’ gives the usual warning about the JNLP file not having an associated digital signature, but it also gives this warning in another yellow box:

Note to the Publisher: Security features to prevent unauthorized redistribution of your Java application will cause this application to be blocked in the future. See current Java documentation about JAR Manifest entries for the changes that need to be made. Note to users: For any questions, please contact the Publisher who provided you with this application.

My server is running Servoy 6.1.5, but this also occurs on my test server running Servoy 7.1.0. I am close to having my next version of solutions finished and had planned to upgrade the server to 7.3, but I haven’t tested anything with 7.3 yet. Will that fix this problem?

Steve in L.A.

Upgrading the Servoy server to 7.3 does not fix this problem. My next guess is to remove my third-party beans and plugins to see if that changes anything.

Java console displays the following on solution startup:

Missing Application-Name: manifest attribute for: http://localhost:8181/lib/j2db.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/js.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/commons-logging.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/rmitnl.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lafs/kunststoff.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/agent.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/amortization.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/converters.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/default_validators.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/dialog.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/excelxport.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/file.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/frameworksBusy.jar
Missing Permissions manifest attribute for: http://localhost:8181/plugins/frameworksBusy.jar
Missing Codebase manifest attribute for: http://localhost:8181/plugins/frameworksBusy.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/headlessclient.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/http.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/images.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/it2be-cryptor.jar
Missing Permissions manifest attribute for: http://localhost:8181/plugins/it2be-cryptor.jar
Missing Codebase manifest attribute for: http://localhost:8181/plugins/it2be-cryptor.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/it2be-tools.jar
Missing Permissions manifest attribute for: http://localhost:8181/plugins/it2be-tools.jar
Missing Codebase manifest attribute for: http://localhost:8181/plugins/it2be-tools.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/mail.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/maintenance.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/pdf_output.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/rawSQL.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/scheduler.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/serialize.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/servoy_jasperreports.jar
Missing Permissions manifest attribute for: http://localhost:8181/plugins/servoy_jasperreports.jar
Missing Codebase manifest attribute for: http://localhost:8181/plugins/servoy_jasperreports.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/spellcheck.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/tabxport.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/udp.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/window.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/xmlreader.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/jabsorb.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/fs-parser.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/fs-commons.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/images/jai_imageio.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/slf4j-api.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/slf4j-jdk14.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/lib/xstream.jar
Missing Application-Name: manifest attribute for: http://localhost:8181/plugins/scheduler/quartz.jar

Steve in L.A.

This is a known issue with the latest update to Java 7. See https://support.servoy.com/browse/SVY-5309.

So it looks like resigning my jars with v1.3 of the signtester tool should fix this. Trying that now.

Steve in L.A.

Every time I use the Signtester Tool, it bumps on the file wicket-extensions.jar with these messages:

C:\Servoy 7.x.x\application_server.\lib\wicket-extentions.jar didnt verify
C:\Servoy 7.x.x\application_server.\lib\wicket-extentions.jar repacked
C:\Servoy 7.x.x\application_server.\lib\wicket-extentions.jar repacked
Exception in thread “main” java.lang.RuntimeException: exit not allowed, status
= 1
at com.servoy.jarsigner.SignerTest$1.checkExit(SignerTest.java:100)
at java.lang.Runtime.exit(Unknown Source)
at java.lang.System.exit(Unknown Source)
at sun.security.tools.JarSigner.run(Unknown Source)
at com.servoy.jarsigner.SignerTest.dir(SignerTest.java:260)
at com.servoy.jarsigner.SignerTest.main(SignerTest.java:130)

Do I just need to pull this jar out and replace it after signing?

Steve in L.A.

I had forgotten to close Developer and also was not using the ‘overwrite’ parameter. I made a self-signed keystore file and used the following command with Signtester.jar v1.3, using the domain of my server as the value for Dcodebase (in this case, localhost):

java -Dcodebase=www.servoy-stuff.net -jar signtester.jar yourkeystorefile yourpassword youralias overwrite

I no longer get the Java security warning for Servoy files at all and all the 'Missing codebase…" lines no longer appear in the console. I still get a warning for the one bean I need to sign with a code-signing certificate, but I feel confident that I will be able to figure that out.

Thanks again,
Steve in L.A.

I think we are in this trap as well and get these message at startup of our application and all clients (some dozens) are stuck, i. e. can’t work. As the customer has the BYOD strategy, we have no control about what Java version users have (but quite a lot have upgraded to Java 1.7.0_45).

Missing Application-Name: manifest attribute for: http://hades:8080/lib/j2db.jar
Missing Application-Name: manifest attribute for: http://hades:8080/lib/js.jar
Missing Application-Name: manifest attribute for: http://hades:8080/plugins/browser_suite/DJNativeSwing-SWT.jar
Missing Application-Name: manifest attribute for: http://hades:8080/plugins/browser_suite/DJNativeSwing.jar
Missing Application-Name: manifest attribute for: http://hades:8080/browser_suite/swt/macosx/org.eclipse.swt.cocoa.macosx.x86_64_3.8.1.v3834e.jar
JNLPClassLoader: Finding library libswt-cocoa-3834.dylib
JNLPClassLoader: Finding library libswt-cocoa.dylib
JNLPClassLoader: Finding library libswt-pi-cocoa-3834.dylib
JNLPClassLoader: Finding library libswt-pi-cocoa.dylib

We used the latest signtester version 1.3 (date 10/24/2013 10:22 pm) to sign our plugins.

Any help is greatly appreciated, Robert

Looking at this, you have to look deeper into the browser-suite!
is the browser-suite Java 7 compatible? mac? windows?

Missing Application-Name: is just a warning, not a blocker!
and if you have signed everything with the latest signtester, this warning should disappear

All this says here is that some jars have a missing attribute.
The jars seems to load and the native library as well.
Without any exception stack trace it’s hard to tell whether the browser suite has anything to do with it…

Hi Patrick

I removed the browser suite and that was it. It works now as expected. So the problems seems to be related to the browser suite.

ptalbot:
All this says here is that some jars have a missing attribute.
The jars seems to load and the native library as well.
Without any exception stack trace it’s hard to tell whether the browser suite has anything to do with it…

Browser Suite ? What Browser Suite ?

Please provide some more details …

greg

I removed the browser suite and that was it. It works now as expected. So the problems seems to be related to the browser suite.

gdurniak:
Browser Suite ? What Browser Suite ?

Hi Greg,
if it doesn’t ring a bell you probably didn’t install it.

Anyway, you can find it here: https://www.servoyforge.net/projects/browsersuite

That’s what I thought

So then, since we did not install it, how do we fix this new Java Warning thing ?

greg

if it doesn’t ring a bell you probably didn’t install it.

gdurniak:
So then, since we did not install it, how do we fix this new Java Warning thing ?

Take a look at this post: viewtopic.php?f=6&t=20042

Even if you have signed your jars with a code-signing certificate and used the latest version of signtester.jar and included the argument -Dcodebase= and replaced your server’s servoy.vmClientArgs with a space, you will still get the yellow balloon talking about the Jar manifest missing permissions attributes because this is a Java 7 Update 45 bug. See this discussion for more info: https://www.servoyforge.net/issues/745#note-23

Steve in L.A.