Project

General

Profile

Defect #745

Java 7 update 45 complains again about missing manifest entry after

Added by Harjo Kompagnie over 6 years ago. Updated over 6 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Start date:
10/23/2013
Due date:
% Done:

0%

Estimated time:
Browser (if web client):

Description

Hi,

with Java 7 update40 everything was fine, with the latest signtester and our signed certificate.

this the command we use: java -Dcodebase=*.directict.nl,*.directmanager.nl -Xms128M -Xmx512M -jar signtester.jar directictbv.jks xxxxxxx directictbv overwrite log

Now Java 7 update 45 complains again, that in a future release this software will be blocked because of a missing security entry in the manifest file of all jars.

I have attached two screenshots, of what the yellow warning is telling us and this is the url it's pointing to:
http://docs.oracle.com/javase/tutorial/deployment/jar/secman.html

Can the signtester be adjusted so we can set this property too?

this is what we see in the console:

Java Web Start 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\\Users\\harjo
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
CacheEntry[http://kabel.directict.nl:80/servoy-client/DirectManager.jnlp]: updateAvailable=true,lastModified=Wed Oct 23 21:35:44 CEST 2013,length=-1
Resource http://crl.globalsign.net/root.crl has future expires: Wed Nov 06 20:25:38 CET 2013 update check skipped.
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/j2db.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/js.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/commons-logging.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/commons-codec.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/rmitnl.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/networktnl.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/httpclient.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/httpcore.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/log4j.jar
INFO - r - using direct connection
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/jcifs.jar
INFO - r - jcifs library found; NTLM support enabled
INFO - r - using direct connection
INFO - r - jcifs library found; NTLM support enabled
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/agent.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/amortization.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/busy-v2.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/converters.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/dateUtils.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/default_validators.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/dialog.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/excel.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/excelxport.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/exchange.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/file.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/fileWatcher.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/google.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/headlessclient.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/lib/jabsorb.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/http.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/images.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/it2be-calendar.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/it2be-core/core-common.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/it2be-cryptor.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/it2be-tools.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/it2be-word.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/log.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/mail.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/mailpro.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/maintenance.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/pdf_output.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/rawSQL.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/scanner_pro.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/scheduler.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/screenshot.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/serialize.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/servoy_jasperreports.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/spellcheck.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/tabxport.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/udp.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/usermanager.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/velocityreport.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/window.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/xmlreader.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/servoy_jasperreports/jasperreports-4.0.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/images/jai_imageio.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/scanner_pro/gif-plugin-0.1.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/it2be-word/aspose-words-jdk16.jar
Registering Commercial IT2BE Component runtime licenses for Direct ICT
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/support.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/servoy6support.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/mac_widgets.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/mail.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-core-1.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-calendar-2.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-contacts-3.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-media-1.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-docs-3.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-client-1.0.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/ical4j.jar
Missing Application-Name: manifest attribute for: http://kabel.directict.nl:80/plugins/drmaison-lib/google/gdata-spreadsheet-3.0.jar


Files

History

#1

Updated by Patrick Talbot over 6 years ago

What a mess! Thank you again Oracle! :(

So you're saying that Web Start is now displaying an additional warning because of a missing Application-Name attribute?

Does your manifest contains the Permissions: all-permissions attribute? (You can open any of these jars and check in META.INF/MANIFEST.MF if you see this attribute) because the message tells that the missing attribute is "Permissions", although the warnings in the console are pointing to Application-Name.

#2

Updated by Harjo Kompagnie over 6 years ago

HI Patrick, yes it does contain the all - permissions attribute.
(and yes, I found it strange too, that it says Permissions first, and the console says: Application-Name)

Java 7 update 40 was fine!

this is from the j2db.jar manifest

Manifest-Version: 1.0
Permissions: all-permissions
Codebase: 100svr06 *.directict.nl *.directmanager.nl
Ant-Version: Apache Ant 1.7.1
Created-By: 20.0-b12 (Sun Microsystems Inc.)

Name: com/servoy/j2db/SwingModeManager.class
SHA1-Digest: uALJ2gCLr20WTZEbY62nCJAhK9A=

Name: com/servoy/j2db/persistence/I18NUtil.class
SHA1-Digest: OnBYdSTtvmhmypbGM+w0BXmHpDM=

...........

#3

Updated by Harjo Kompagnie over 6 years ago

people on the internet are also talking about: Trusted-library, but I think that is only needed, for mixed-code.....

https://forums.oracle.com/thread/2593583?start=15&tstart=1
(second page, second topic: "I found that I had to re-sign all of the Eclipse jars and add Trusted-libarary: true and Permissions: all-permissions to each one to get the RCP app to launch without warnings."

#4

Updated by Harjo Kompagnie over 6 years ago

ah, here I found the official Oracle document:

http://java.com/en/download/help/trusted_signed_variations.xml

#5

Updated by Johan Compagner over 6 years ago

i think we only need:

Application-Name:

also in the manifest

and my guess is that we just can add the jar name of the current jar

so for commons-logging.jar it would be:

Application-Name: commons-logging

Maybe the name must be the same for all jars (that would be very weird to have by the way, what does a 3th party lib know about the actual application name)

#6

Updated by Patrick Talbot over 6 years ago

Yeah, I don't think it should be the application name as such, that would defeat the purpose of having jars in the first place!
I'll add the attribute asap.

#7

Updated by Patrick Talbot over 6 years ago

I've added the Application-Name attribute, setting it to the jar name in v1.3 available in the Files section.
Please give it a try and let me know if this fixes the issue.

#8

Updated by Patrick Talbot over 6 years ago

  • Status changed from New to In Progress
#9

Updated by Ken Keen over 6 years ago

I was seeing the same Application-Name items in the console like Harjo was, so today I ran signtester 1.3 and those console warnings are now gone. But, I'm still getting the same dialog as Harjo's first screenshot related to the Permissions attribute. Opening a jar manifest shows:

Permissions: all-permissions
Application-Name: dialog.jar
...

It all appears okay, but Java is still complaining about something in the permissions attribute with a jar somewhere.

#10

Updated by Patrick Talbot over 6 years ago

I have no idea what it's looking for and complaining about then...

#11

Updated by Harjo Kompagnie over 6 years ago

yes, just signed our production-server with version 1.3 and seeying the same popup window (with the yello window again)
(the warnings in the console about missing application-name are gone, so that's fixed!)

I will tip Johan, about our progress sofar...

#12

Updated by Harjo Kompagnie over 6 years ago

some discussions going on:

https://forums.oracle.com/message/11235687
Maybe a bug in Java?

http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html (at the bottom, about known issues)

Due to this bug, if you are using the jnlp.versionEnabled property for JAR versioning in your browser applet, your applet might not start. Also users might see a yellow warning about a missing Permissions attribute in the following two scenarios:

    The jnlp.versionEnabled property is set to false inside the JNLP file and the version is defined against the main JAR file.
    You use JNLPDownloadServlet for version download support.

#13

Updated by Patrick Talbot over 6 years ago

Hum, looks like something to be done at the Servoy level then...

#14

Updated by Johan Compagner over 6 years ago

but thats then just an oracle bug?
What can we do about that, thats not just waiting for a new release?

#15

Updated by Patrick Talbot over 6 years ago

I thought there was something to be done at the generation of the jnlp stage...
But yes, it looks like an Oracle bug, so hopefully an update will fix that.

#16

Updated by Harjo Kompagnie over 6 years ago

I was afraid of Johan reaction :-) After more googling I doubt if this is the same case:

Synopsis: JNLP applet fails to load if using JNLP versioning.

Due to this bug, if you are using the jnlp.versionEnabled property for JAR versioning in your browser applet, your applet might not start. Also users might see a yellow warning about a missing Permissions attribute in the following two scenarios:

They are taling about JNLP applet fails to load and ONLY when you using JNLP versioning
Is that the same that Servoy SmartClient is using?

I find it too easy, to just sit & wait & hope for a new release, when there is no investigation (from Servoy) if this bug is really the case here..

#17

Updated by Johan Compagner over 6 years ago

we dont use this:

http://docs.oracle.com/javase/tutorial/deployment/deploymentInDepth/avoidingUnnecessaryUpdateChecks.html

so:

<property name="jnlp.versionEnabled" value="true"/>

that in the jnlp file (as far as i know)

we do use versioning by use of the version tag for every jar, no idea if that has something to do with it

#18

Updated by Robert Huber over 6 years ago

Can anyone please tell me the state about this problem? We are stuck with this at customers site. Is there a solution to it, can't figure it out from the answers. Thanks in advance.

#19

Updated by Patrick Talbot over 6 years ago

As far as I know it's a bug in the Java version that needs to be addressed in a Java update.

#20

Updated by Robert Huber over 6 years ago

Hi Patrick

Our users can't wait for the next Java release. Any idea how to make it work. The problem is the Browser Suite? I Uninstalled it, but the application has still this messages in the Java console:

Java Web Start 10.45.2.18
JRE-Version verwenden 1.7.0_45-b18 Java HotSpot(TM) 64-Bit Server VM
Benutzer-Home-Verzeichnis = /Users/mz
----------------------------------------------------
c: Konsolenfenster löschen
f: Objekte in Finalisierungs-Queue finalisieren
g: Garbage Collect
h: Diese Hilfemeldung anzeigen
m: Speicherauslastung drucken
o: Logging auslösen
p: Proxykonfiguration neu laden
q: Konsole ausblenden
r: Policy-Konfiguration neu laden
s: System- und Deployment-Eigenschaften ausgeben
t: Threadliste ausgeben
v: Thread-Stack ausgeben
0-5: Trace-Ebene auf <n> setzen
----------------------------------------------------
JNLPClassLoader: Finding library libswt-cocoa-3834.dylib
JNLPClassLoader: Finding library libswt-cocoa.dylib
JNLPClassLoader: Finding library libswt-pi-cocoa-3834.dylib
JNLPClassLoader: Finding library libswt-pi-cocoa.dylib
***WARNING: Display must be created on main thread due to Cocoa restrictions.

Any idea?

Patrick Talbot wrote:

As far as I know it's a bug in the Java version that needs to be addressed in a Java update.

#21

Updated by Harjo Kompagnie over 6 years ago

Robert,

your constantly mixing thinks up. This issue, is about the last warning you'll get when starting the client, and you have to accept that java dialog
Your issue is that Servoy clients are blocked! That has nothing todo with the signtester or this topic!

I think you did'nt removed the browsersuite completly, because else you don'nt see this:
JNLPClassLoader: Finding library libswt-cocoa-3834.dylib
JNLPClassLoader: Finding library libswt-cocoa.dylib
JNLPClassLoader: Finding library libswt-pi-cocoa-3834.dylib
JNLPClassLoader: Finding library libswt-pi-cocoa.dylib

also, remove the vmargs in the servoy-admin page!
But let's not discuss this here, but under the browser-suite section!

#22

Updated by Robert Huber over 6 years ago

Harjo,

You are right, sorry, it does not belong here.

#23

Updated by Andrei Costescu over 6 years ago

The "Application-Name" console warnings will go away in Servoy 5.2.17 / 6.0.10 / 7.4 for default jars, or right away if you use the latest version of the SignTester to sign all jars in your current Servoy installation.

That yellow warning complaining about missing "Permissions" in jar manifest is a bug from Oracle (jars do have that attribute set). It occurs when the main jar of a JNLP file specifies a "version" attribute, independent of system properties and the like (which are mentioned in the release notes). Although the warning warns about the app. not being supported in future versions - it's wrong. Removing that version attribute from the main jar makes the warning magically go away. But we need that if updated versions of Servoy Client are to work correctly.

(these 2 links already appeared in the comments above)
The yellow warning bug as told by other Java JNLP users as well: https://forums.oracle.com/thread/2594060?start=0&tstart=0
Some very similar official acknowledgement by Oracle: http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
I also filed a bug report with Oracle that is not public yet.

#24

Updated by Andrei Costescu over 6 years ago

The bug report I mentioned should become available here in the future: bugs.sun.com/bugdatabase/view_bug.do?bug_id=9008164

#25

Updated by Lambert Willemsen over 6 years ago

Hi, bug not fixed in Java 7 Update 51. Warning still exists...

#26

Updated by Harjo Kompagnie over 6 years ago

yup same here, everything works fine, when signed with the latest signtester & own official signing certificate, but the yellow balloon still appears (once, when you accept once)
I don't see in the Release Notes if this is a known issue.

So why is this yellow balloon still appearing?

Also available in: Atom PDF