When you create a Java Web Start application using Netbeans, after configuring your Java Web Start properties, a "clean & build" gives you all of the elements you need to launch your program: the .jar file, the .jnlp file, the /lib folder, etc.
However, with the recent release of Java 7u25 came a change where, when the MANIFEST.MF file does not contain the "Permissions" and "Codebase" attributes, the program will give a runtime warning similar to this:
Missing Permissions manifest attribute for: http://www.codebase.com/codebasepath/dist/Program.jar
Missing Codebase manifest attribute for: http://www.codebase.com/codebasepath/dist/Program.jar
The next release of Netbeans should automatically add the proper attributes to the generated .jar's manifest. Currently, after a clean & build, the developer needs to complete a (confusing, difficult) process of adding the manifest attributes manually and re-sign the .jar and the library .jars, all manually as well.
Speculation: I also suspect that this missing manifest problem is causing a NPE in the JNLPClassLoader.getPermissions() method. Not a Netbeans bug, but fixing the missing manifest attributes bug could solve another problem as well.
Eventually we opted for a solution without UI change, due to the fact that we are now several months after NB7.4 feature freeze.
fixed in jetmain separately for SE and FX:
In SE the Codebase value is set based on what codebase type is selected in WebStart panel. In FX the Codebase is set by default to *.
Permissions attribute is set according to whether signing is enabled or not, following the previous convention used when generating jnlp (both in SE and FX).
Both in SE and FX the default Codebase and Permission attributes can be overridden by setting project properties:
Integrated into 'main-silver', will be available in build *201308141142* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
User: Petr Somol <email@example.com>
Log: #234231 - Permissions and codebase in manifest (FX)
Thank you very much for the timely turnaround on this defect fix.
There is just one more thing: The new specifications require the library .jar MANIFEST.MF files to be written with the “permissions” and “codebase” attributes as well, not just the primary .jar. My apologies if I was unclear about that. So, everything that Netbeans puts into the /lib folder on a JWS clean & build needs to have this same feature.
Thanks again for your work, Petr. I am going to mark this as reopened.
Is there any way this could get attention before 7.4 launches? Just checked 7.4 RC1 and noticed it is still not fixed.
To reiterate the problem:
The main .jar is correct.
Every .jar in the /lib folder needs "Permissions" and "Codebase" manifest attributes added upon clean & build of a Java web start application.
We are still evaluating this problem.
The thing is that the IDE should not modify 3rd party libraries on the class paths. The problem is even bigger when the 3rd part library is signed in this case such a library needs to be resigned by another (main jar developer) certificate. Modification of these jars way violate the 3rd party library licence.
I personally believe that the Permissions and Codebase should be in main jar only.
Or the JNLP should contain signed part with these attributes.
This is, indeed, then an interesting predicament. Because the JVM will spit out warnings into the console upon execution for every /lib .jar that doesn't contain a Codebase and Permissions manifest attribute.
So, what you're saying is that Oracle changed things so that developers are required to break the license agreements attached to the 3rd-party libraries by adding attributes to the manifests of the library jars?
Well, is there any way we can tell Oracle that this is a mistake?? I suppose they are just warnings, I'm not sure if the lack of Permissions and Codebase attributes is actually causing any errors. But I suspect that it will in due time.
Since Netbeans is owned by Oracle, do you guys have any way to communicate with the Java development team about this issue?
This really is fascinating. I'd like to hear how it turns out.
There has been an update to this problem as of 7u45 which came out yesterday. Now the applications have a further requirement for the "Application-Name" manifest attribute. Upon execution, the program receives this error:
"Missing Application-Name: manifest attribute for: http://www.codebase.com/codebasepath/dist/Program.jar"
This error displays once for each library.
NOW, I know this isn't really a Netbeans problem at this point. BUT, if you guys are in any proximity to the primary Java development team at Oracle, could you please tell them the dilemma? That they are requiring Java Web Start developers to violate the license agreements attached to the third-party apps?
Thank you, Netbeans team!
Could i add to this that the IDE is already altering 3rd party library JARS when it signs them.
Created attachment 141290 [details]
Manifest error on 1.7.0_45-b18
Latest Java 1.7.0_45-b18 gives some serious warnings if Permissions, Codebase, Application-Name is not added in Manifest files. Please tell me how should I fix this.
I am getting list of warnings in my Java console as shown below:
Missing Application-Name: manifest attribute for: http://vcare.abc.local:8180/VCareDesktop/app/vCareApp.jar
Missing Permissions manifest attribute for: http://vcare.abc.local:8180/VCareDesktop/app/vCareApp.jar
Missing Codebase manifest attribute for: http://vcare.abc.local:8180/VCareDesktop/app/vCareApp.jar
These warnings are coming for all JARS which I have added in projects library.
Please check the attached file for the new warning on UI which comes with this latest version.
this solves half the problem, but it still the "Application-Name" issue, will it be fixed any time soon?
Please elaborate how to use manifest.custom.codebase and manifest.custom.permissions in Netbeans.
Will this work for library JAR's as well?
Your question is answered here: http://stackoverflow.com/questions/19659134/how-do-i-add-codebase-permissions-and-application-name-to-my-jnlp-app-manifest/19659135#19659135
Added Application-Name attribute
Regarding the attributes in libraries I will change the build to put the codebase, permissions and application_name to all the lib jars which are not yet signed.
Fixed jet-main 7bf5db8023ab
Fixed as described in comment #15.
The library jars of signed JavaWS application are extended by Codebase, Application-Name, Permissions attributes for all library jars which are not yet signed.
When a library jar already has Codebase, Application-Name or Permissions attribute the attribute is not overwritten.
The library modification is done right before signing.
This needs to be fixed for NetBeans Platform Applications too. Is there an update planed for ANT files in the harness directory?
Create a new issue on apisupport/project.
Upon a "Clean and Build," the library files are deleted and completely re-built, am I correct? So a "Clean and Build" operation will always re-add the attributes and resign the .jars, correct?
Created attachment 142270 [details]
java patch 1
>Upon a "Clean and Build," the library files are deleted and completely re-built, am I correct?
Yes, when you do Clean & Build the "diet" folder is completely deleted.
During the build the libraries are copied into the "dist/lib" folder and during signing permissions, codebase and application-name are inserted into libraries (if they are not yet signed).