Updating Client-Side Jar Manifests for Java 1.7u51 and Later

With the release of Oracle Java 1.7 update 51, Oracle has increased security by requiring certain attributes in the manifest file of each jar file. See Java 1.7 Update 51 Release Notes for more information.

Each client side jar must be signed.
Each MANIFEST file must have a Permissions attribute.
1. Furthermore, in order to allow JavaScript to interact with the applet, the Caller-Allowable-Codebase attribute is also required. It might be necessary for JavaScript to interact with the applet when a user is closing the browser without terminating the application and JavaScript is used to call the applet to take some terminating action.
  1. Example, Caller-Allowable-Codebase: *, this means that any codebase is allowed to call the applet. If you want it to be more restricted, you can specified the web url (i.e. https://someserver)
Other attributes are not required but as of Java 1.7 update 51, warning messages will be displayed in the Java console.
1. Application-Library-Allowable-Codebase
  1. example, Application-Library-Allowable-Codebase: *
2. Codebase
  1. example, Codebase: *
In addition, you must add the following to nexaweb-client.xml:

nexaweb-client.xml

	<applet-parameters>
        <param name="Permissions" value="all-permissions"/>
	</applet-parameters>

Here is a sample ANT task to update the jar MANIFEST as required:

update manifest

<project name="UpdateManifest" default="update-manifest" basedir=".">
	<property name="permissions" value="all-permissions"/>
	<property name="caller.allowable.codebase" value="*"/>
	<property name="application.name" value="SOMEAPP"/>
	<property name="codebase" value="*"/>
	<property name="application.library.allowable.codebase" value="*"/>
 
	<macrodef name="add-attribute-to-jars">
		<attribute name="jar-fullpath"/>
		<sequential>
			<jar update="true" file="@{jar-fullpath}">
				<manifest>
					<attribute name="Copyright-Notice" value="SOME COPYRIGHT TEXT" />
					<attribute name="Application-Name" value="${application.name}"/>
					<attribute name="Codebase" value="${codebase}"/>					
					<attribute name="Permissions" value="${permissions}"/>
					<attribute name="Caller-Allowable-Codebase" value="${caller.allowable.codebase}"/>
					<attribute name="Application-Library-Allowable-Codebase" value="${application.library.allowable.codebase}"/>
				</manifest>
			</jar>
		</sequential>
	</macrodef>
	<target name="update-manifest">
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/client/lib/AdvanceCore-client.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/client/lib/antlr-runtime-3.2.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/client/lib/RfClientCore.jar"/>
			<!-- add other jars in the WEB-INF/client/lib or any other client side jars, here --->
			
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/client/desktopclient/nexaweb-desktop-client.jar"/>
			
			<!-- nexaweb clients, DO NOT REMOVE -->
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/detect.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/detect-UITesting.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/NexawebClient.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/NexawebClient-Common-Resources.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/NexawebClient-Common-Resources.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/NexawebClient-OnDemand.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/NexawebClient-UITesting.jar"/>
			<add-attribute-to-jars jar-fullpath="${build.webcontent.dir}/WEB-INF/Nexaweb/client/lib/nexaweb-nfc.jar"/>
	</target>
</project>