Comment 1 Peter Åstrand 2013-11-20 14:46:40 CET

I've added the Permissions attribute to a manifest file, but it does not work: A warning is still displayed. 

Found http://stackoverflow.com/questions/19564481/what-does-the-java-applet-security-warning-jar-file-manifest-does-not-contain-t. Apparently I'm not the only one with problems.

Comment 2 Peter Åstrand 2013-11-20 15:47:08 CET

(In reply to comment #1)
> I've added the Permissions attribute to a manifest file, but it does not work:
> A warning is still displayed. 
> 
> Found
> http://stackoverflow.com/questions/19564481/what-does-the-java-applet-security-warning-jar-file-manifest-does-not-contain-t.
> Apparently I'm not the only one with problems.

On http://www.javaquery.com/2013/10/this-application-will-be-blocked-in.html there are comments from other people with problems as well; seems to be related to HTTPS.

Comment 3 Peter Åstrand 2013-11-20 16:25:38 CET

It's "interesting" that Java warns about missing attributes in the manifest in the JAR file even *before* it has retrieved the JAR...!

This is obviously a bug in Java.

Comment 4 Peter Åstrand 2013-11-21 09:40:04 CET

(In reply to comment #3)
> It's "interesting" that Java warns about missing attributes in the manifest in
> the JAR file even *before* it has retrieved the JAR...!
> 
> This is obviously a bug in Java.

I've confirmed that it is possible to get rid of the warning dialog, using a proper manifest file, when valid TLS certs are used. However, if the cert is not valid (for example, by browsing to the IP instead of the DNS name), Java will incorrectly claim that the "permissions" attribute is missing from the Manifest, even though it has not even tried to load the Jar.

Comment 5 Peter Åstrand 2013-11-21 09:46:19 CET

Manifest added in 28158. We will need to continue monitor the Stackoverflow and javaquery sites, as well as test new versions, to see if we can find a solution which does not require valid certs.

Comment 6 Peter Åstrand 2014-02-26 11:38:33 CET

(In reply to comment #3)
> It's "interesting" that Java warns about missing attributes in the manifest in
> the JAR file even *before* it has retrieved the JAR...!
> 
> This is obviously a bug in Java.

Java SE 7 Update 51 has been released now. I cannot find anything about this in the release notes, but the problem seems to be gone, at least on Windows 7. Closing.

Comment 7 Henrik Andersson 2014-04-14 16:14:56 CEST

(In reply to comment #6)
> (In reply to comment #3)
> > It's "interesting" that Java warns about missing attributes in the manifest in
> > the JAR file even *before* it has retrieved the JAR...!
> > 
> > This is obviously a bug in Java.
> 
> Java SE 7 Update 51 has been released now. I cannot find anything about this in
> the release notes, but the problem seems to be gone, at least on Windows 7.
> Closing.

Verified functionality using jre 1.7.0 update 51 on centos, works as expected.