13

Since the last Java update, I need to tag my applet jars manifest with the Trusted-Library attribute to avoid warning popup when javascript is communicating with the applet. (see http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/mixed_code.html)

Manifest-Version: 1.0
Trusted-Library: true
Created-By: 1.6.0-internal (Sun Microsystems Inc.)

I never done such things before, is there a plugin which allow to do that in a seamless way or should I write one, or use the ant plugin?

The jars are already assembled and available through dependencies, copied in the target folder to be signed during the packaging. I'm using Maven 3

plus-
  • 45,453
  • 15
  • 60
  • 73

5 Answers5

26

You can do that with the Maven JAR Plugin during the creation of the JAR file. Add the following to your pom.xml:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-jar-plugin</artifactId>
    <configuration>
        <archive>
            <addMavenDescriptor>false</addMavenDescriptor>
            <manifestEntries>
                <Trusted-Library>true</Trusted-Library>
            </manifestEntries>
        </archive>
    </configuration>
</plugin>
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-jarsigner-plugin</artifactId>
    <version>1.2</version>
    <executions>
        <execution>
            <id>sign</id>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <keystore>/path/to/testkeystore</keystore>
        <alias>myalias</alias>
        <storepass>test123</storepass>
    </configuration>
</plugin>

The main attributes as specified in the JAR File Specification are available as dedicated elements, e.g.:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-jar-plugin</artifactId>
    <configuration>
        <archive>
            <addMavenDescriptor>false</addMavenDescriptor>
            <manifest>
                <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
                <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
            </manifest>
            <manifestEntries>
                <Trusted-Library>true</Trusted-Library>
            </manifestEntries>
        </archive>
    </configuration>
</plugin>

See the Maven Archiver Reference for further information.

To modify the manifest inside an existing jar file create a text file, e.g. mymanifest.mf which contains the required properties:

Trusted-Library: true

You can add the attributes of this file to an existing jar by executing the following command:

jar -cfm file-to-be-modified.jar mymanifest.mf

This will modify the manifest.mf inside the given jar.

Matthias Herlitzius
  • 3,365
  • 2
  • 20
  • 20
  • Can I use the archiver with the maven-jarsigner-plugin? – plus- May 20 '13 at 10:08
  • The jarsigner will only sign the jar's but not create them. So there is no need to use archiver configuration for the jarsigner. – khmarbaise May 20 '13 at 10:31
  • Just tried it and it works as expected. I added the maven-jarsigner-plugin to the example. – Matthias Herlitzius May 20 '13 at 11:14
  • 2
    That works fine for the current project jar, but I wanted to do something similar for some dependencies that I had as I said in the question. I'm copying them and serving them to use for the jnlp, I can't shade them as some are lazy loaded, and I need to find a way to update their manifest in a nice way. – plus- May 20 '13 at 15:59
5

In the end I just used the antrun plugin like the following, antcontrib is used to loop over the list of jars:

build-trusted.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- This is a wrapper for all the other build files. -->
<project basedir="." name="project_name">

  <target name="addTrustedLibraryProperty">
    <jar file="${jarFile}" update="true">
      <manifest>
        <attribute name="Trusted-Library" value="true" />
      </manifest>
    </jar>
  </target>

  <target name="addTrustedLibraries">
    <ac:foreach target="addTrustedLibraryProperty" param="jarFile" xmlns:ac="antlib:net.sf.antcontrib">
      <path>
        <fileset dir="target/lib" includes="**/*.jar" />
      </path>
    </ac:foreach>
  </target>

</project>

In the pom

<plugin>
        <artifactId>maven-antrun-plugin</artifactId>
        <executions>
          <execution>
            <id>add-trusted-library-attribute</id>
            <phase>package</phase>
            <configuration>
              <target>
                <ant antfile="${basedir}/build-trusted.xml">
                  <target name="addTrustedLibraries" />
                </ant>
              </target>
            </configuration>
            <goals>
              <goal>run</goal>
            </goals>
          </execution>
        </executions>
        <dependencies>
          <dependency>
            <groupId>ant-contrib</groupId>
            <artifactId>ant-contrib</artifactId>
            <version>1.0b3</version>
            <exclusions>
              <exclusion>
                <groupId>ant</groupId>
                <artifactId>ant</artifactId>
              </exclusion>
            </exclusions>
          </dependency>
          <dependency>
            <groupId>org.apache.ant</groupId>
            <artifactId>ant-nodeps</artifactId>
            <version>1.8.1</version>
          </dependency>
        </dependencies>
      </plugin>
plus-
  • 45,453
  • 15
  • 60
  • 73
  • Ant is not a quite good choice when you are using Maven, but I know that sometimes it can helps... but IMHO would be better to use the webstart-m-p. – Tony Chemit Dec 15 '15 at 22:19
4

As of today I needed to add some manifest attributes for signed Java applet. I found it very straightforward with maven-jar-plugin. Just put required attributes to src/main/resources/META-INF/MANIFEST.MF:

    Permissions: all-permissions

Then just configure maven-jar-plugin plugin:

        <plugin>
            <artifactId>maven-jar-plugin</artifactId>
            <version>2.4</version>
            <configuration>
                <archive>
                    <manifestFile>src/main/resources/META-INF/MANIFEST.MF</manifestFile>
                </archive>
            </configuration>
        </plugin>

And the result was:

    Manifest-Version: 1.0
    Build-Jdk: 1.7.0_51
    Built-By: bart
    Permissions: all-permissions
    Created-By: Apache Maven 3.0.5
    Archiver-Version: Plexus Archiver

    Name: name/prokop/bart/fps/util/BartDate.class
    SHA-256-Digest: XatHlhiWAK3ArocdOcVPCS3ftOcokJNlUeRhKPTHUKs=
Bart Prokop
  • 422
  • 4
  • 7
1

I consider usage of webstart-maven-plugin the right choice here. I mean there are bugs, there are things that you might need to patch yourself, but if you're OK with that, the one plugin can do quite much for you without some ant workarounds.

For the particular problem there is a bug report with a working patch included. See: http://jira.codehaus.org/browse/MWEBSTART-213

UPDATE:

fix is included in the release: 1.0-beta-4.

going for configuration:

<updatedManifestEntries>
  <Permissions>all-permissions</Permissions>
  <Codebase>*</Codebase>
  ....
</updatedManifestEntries>

should do the job

Peter Butkovic
  • 11,143
  • 10
  • 57
  • 81
  • I tried to use this. application packed and signed properly, however this breaks the application when it launches. Dependency injection not happening as expected . My manifest entry is as follows : catsvision true all-permissions * true – ASChakkalakal Dec 10 '13 at 12:16
  • @ASChakkalakal that is weird, could you report a bug for your case? In the: http://jira.codehaus.org/browse/MWEBSTART – Peter Butkovic Dec 10 '13 at 15:15
1

You can use the jar utility to update manifest for existing .jar files like this:

echo 'Trusted-Library: true' > manifest.mf
jar uvfm your-jar-file.jar ./manifest.mf

For more information, please see the doc and the tutorial at here.

Jijie Chen
  • 429
  • 5
  • 17