Hi Heejoon, Even though the official documentation says so I found a very contradicting observation.
Using the maven-jar-plugin I was able to add the Permissions attribute (set to all-permissions) to the XBaya-GUI jar manifest file. But when I tried to run the jnlp application it gave the same Permission attribute missing warning in the medium security level. Then I commented out all the other jar files in the xbaya.jnlp except the xbaya-gui.jar. Then it didn't give any warning but gave a NoClassDefFound exception, which is obvious. What I could conclude from this observation was that not only the main jar but other jars should also contain the Permissions attribute. I also came across this [1] stackoverflow thread where someone has came across the same situation. Thank you -Supun Nakandala [1] - http://stackoverflow.com/questions/19399944/warning-on-permissions-attribute-when-running-an-applet-with-jre-7u45#answer-19797234 On Fri, Feb 21, 2014 at 6:08 AM, Heejoon Chae <[email protected]>wrote: > Hi, Supun, > > First, thank you for working on this issue. > > From the JAVA SE Document below related with RIA, > > > http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html > > It says 'If the Security Level slider in the Java Control Panel is set to Very > High or High, the Permissions attribute is required in the main JAR file > for the RIA. If the attribute is not present, then the RIA is blocked.' > > So, it seems the Permission attribute is only required in the main JAR. > > Thank you, > Heejoon. > > > > > On Fri, Feb 21, 2014 at 1:45 AM, Supun Nakandala < > [email protected]> wrote: > >> Hi All, >> >> This is relating to Heejoon >> Chae<http://markmail.org/message/gmyiqlqh7y5rhkys>'s >> issue. >> >> After updating to java 1.7.0_51 version I was able to recreate Heejoon's >> issue. >> >> As he has mentioned due to the latest Java security patches beginning >> with JRE 1.7.0_25 all jar files have to be updated with the codebase and >> permissions attributes. >> >> In the "Very High" and "High" security levels XBaya give the error >> message saying "cannot run application" as I mentioned before and also >> saying "Permission attributes is missing in manifest in main jar...". >> >> In the medium security setting it gives a warning message. >> >> I think since we are using many third party jars simply adding permission >> attribute to Airavata jars will not solve this issue. >> >> But adding the web server as a trusted site enables the user to run Xbaya >> in "Very High" and "High" security levels even though it gives a warning >> message. >> >> What is others opinion about this issue? >> > > -- Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa
