After upgrading JRE to Java 7u45, running the Java applet under the default High setting, you may face the below warning message:

This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute.

If the version is 7u51, more directly, that unsigned code is set to “Don’t Run” so the applet is blocked:

7u45_example_blocked_dialog

Starting in Java 7u51 Java increase its secure baseline, this means unsigned Java applets or Java applets that depend on Javascript LiveConnect calls will be blocked when using the High Security setting in the Java Control Panel.

For the end user, shortly, you can change security setting to be lower under control panel that applet will continue work.

For developers, the annoying limitation will go ONLY WHEN:

  • 1. the all applet Jars must be signed from a trusted authority.
  • 2. they contain a special all-permissions attribute in their manifest.

However, the 1 should be no longer a case for most of us, but for 2, we need update MANIFEST.MF to add “Permissions: all-permissions”:

Sample META-INF/MANIFEST.MF file:

Manifest-Version: 1.0
Created-By: 1.7.0_51
Permissions: all-permissions
Codebase: www.java.com java.com

In case you have lots of Jars, that using ant batch update them could be a good solution:

  <target name="addAllPermissions">
        <echo message="Update Manifest file to include the 'all-permissions' in jar file: ${jarfile}"/>
        <unzip src="${jarfile}" dest="${jarfile}.unzip"/>
        <manifest file="${jarfile}.unzip/META-INF/MANIFEST.MF" mode="update" >
             <attribute name="Permissions" value="all-permissions" />
        </manifest>
       <jar destfile="${jarfile}" basedir="${jarfile}.unzip" manifest="${jarfile}.unzip/META-INF/MANIFEST.MF" update="true" />
       <delete dir="${jarfile}.unzip" />
</target>

You can call the ant target by using belows

<antcall target="addAllPermissions">
         <param name="jarfile" value="**.jar" />
</antcall>