2

I have an issue related to a manifest file that I added to when I signed my jar files.

I have a series of jarfiles provided by an application vendor. There are classes that we write on top of this for actual functionality (like buttons, screens, etc). The jar files are accessible on a server such as the following...

http://<myservername>/<folderame>/myjar.jar

And in the root of this folder are a series of folders that correspond to my classes (such as .com.company.app.mylist.list would correspond to /com/company/app/mylist/list.class)

The files are there and everything has worked fine for years. Queue last year when Java got really annoying in their use of unsigned code (three of the seven jar files I use have no signature). I have been able to successfully sign them with a code signing cert from my domain CA.

So, I as part of my signing process I wrote a script to import the changes into the manifest file using the jar umf command. This imports the following three lines into my manifest file...

Permissions: all-permissions
Trusted-Library: true
Codebase: http://<servername>/<foldername>/

When I added these three lines in, I was able to launch the app without any security issues or prompts. However, after the app launches and I log in, an additional class is required to see the screen I am looking for. That's when I see the following error message in the java console...I don't really see anything on the screen

java.lang.ClassNotFoundException: com.<company>.<app>.inhouse.ispecs.FIRUPIspecModel

I can verify the class FIRUPIspecModel exists in the folder that it mentions. And as I said, if I leave the original .jar files in place, everything works fine (just with a bunch of annoying security prompts that will prevent the files from being run in the next version of Java)

Now, as a strange point, if I remove the third line (the Codebase) I am able to login and call the screen that exists as the .class which is located below the root directory. I do however, get a security error on my version of Java (7r40) saying it contains signed/unsigned code. This prompt cannot be bypassed and Java says that it won't be allowed to run in future versions of Java.

So, my question. I can't figure out why when I have the codebase parameter defined in my manifest file it actually makes it so I can't call the code. The code is there, and it's underneath the directory I have defined in the codebase. So, it should be trusted.

Any insight?

Nick O
  • 39
  • 4
  • After yet another release of Java (7r45), some blog posts have presented a solution for this.[link]http://stackoverflow.com/questions/19393826/java-applet-manifest-allow-all-caller-allowable-codebase. I added what user2886551 described and it fixed my issue – Nick O Oct 16 '13 at 16:31

0 Answers0