What does the Java Applet security warning “JAR file manifest does not contain the Permissions attribute”mean?

Question

I have a Java Applet which needs access to the local filesystem of the client. I have created a simple certificate for my own (it is NOT certified by Verisign,Commodo, ...). I s

Answer 1

In Netbeans I noted that manifest file is generated during build ..so briefly what I have done to fix this issue to include my manifest attributes inside that template which is responsible for generating manifest.

To do so follow these steps :

1- Open this file with any editor: (PATH)\nbproject\jfx-impl.xml
(PATH): is the path of your project.

2- Search for : "// manifest". mine looks like:

                // manifest
                var man = jar.createManifest();
                var a1val = project.getProperty("application.vendor");
                var a1 = new org.apache.tools.ant.taskdefs.Manifest.Attribute();
                a1.setName("Implementation-Vendor");
                a1.setValue(a1val);
                man.addConfiguredAttribute(a1);
                var a2val = project.getProperty("application.title");
                var a2 = new org.apache.tools.ant.taskdefs.Manifest.Attribute();
                a2.setName("Implementation-Title");
                a2.setValue(a2val);
                man.addConfiguredAttribute(a2);
                var a3 = new org.apache.tools.ant.taskdefs.Manifest.Attribute();
                a3.setName("Implementation-Version");
                a3.setValue("1.0");
                man.addConfiguredAttribute(a3);


                //******insert your Attributes code here*******

                jar.perform();

3- Under "//*insert your Attributes here**", you can insert your own manifest attributes code, in my situation its enough to include codebase, and permissions.. you can use my code as well:

                ...                 
                //******insert your Attributes here*******
                var a50 = new org.apache.tools.ant.taskdefs.Manifest.Attribute();
                a50.setName("permissions");
                a50.setValue("all-permissions");
                man.addConfiguredAttribute(a50);

                var a51 = new org.apache.tools.ant.taskdefs.Manifest.Attribute();
                a51.setName("codebase");
                a51.setValue("*");
                man.addConfiguredAttribute(a51);
                ...

4- Then build and you wont see that warning again.

Some notes:

• I strongly recommend to check the manifest attributes documentation which relates to security @ http://docs.oracle.com/javase/tutorial/deployment/jar/secman.html

• dont use the wildcard "*" value in codebase, and it will be better to use https instead of http for security sake :-) I am using it for developing only.

good luck,'.