7 Replies Latest reply: Jun 7, 2013 12:45 AM by 1009079 RSS

    Signed applet and security warning in 1.7.0_21

    1004055
      Good day.
      In earlier versions of java my applet worked fine without any warnings. After java 1.7.0_21 installation, applet shows this warning

      +[Window Title]+
      Security Warning

      +[Main Instruction]+
      Block potentially unsafe components from being run?

      +[Content]+
      Application: kz.akkamal.clientloader.Application

      Java has discovered application components that could indicate a security concern. Contact the application vendor to ensure that it has not been tampered with.

      +[Block] [Don't Block]+

      +[Footer]+
      The application contains both signed and unsigned code.
      More information

      All classes are signed and have no external dependencies (have no external jar-files). Java console text:

      Java Plug-in 10.21.2.11
      Using JRE version 1.7.0_21-b11 Java HotSpot(TM) Client VM
      User home directory = C:\Users\mabramyan
      ----------------------------------------------------
      c:   clear console window
      f:   finalize objects on finalization queue
      g:   garbage collect
      h:   display this help message
      l:   dump classloader list
      m:   print memory usage
      o:   trigger logging
      q:   hide console
      r:   reload policy configuration
      s:   dump system and deployment properties
      t:   dump thread list
      v:   dump thread stack
      x:   clear classloader cache
      +0-5: set trace level to <n>+
      ----------------------------------------------------
      cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@11d95
      security: property package.access value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.
      security: property package.access new value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
      security: property package.definition value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.
      security: property package.definition new value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
      security: property package.access value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
      security: property package.access new value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
      security: property package.definition value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
      security: property package.definition new value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
      security: property package.access value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
      security: property package.access new value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss,com.sun.browser,com.sun.glass,com.sun.javafx,com.sun.media.jfxmedia,com.sun.media.jfxmediaimpl,com.sun.openpisces,com.sun.prism,com.sun.scenario,com.sun.t2k,com.sun.webpane,com.sun.pisces,com.sun.webkit
      security: property package.definition value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
      security: property package.definition new value sun.,com.sun.xml.internal.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.bcel.internal.,com.sun.org.apache.regexp.internal.,com.sun.org.apache.xerces.internal.,com.sun.org.apache.xpath.internal.,com.sun.org.apache.xalan.internal.extensions.,com.sun.org.apache.xalan.internal.lib.,com.sun.org.apache.xalan.internal.res.,com.sun.org.apache.xalan.internal.templates.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.apache.xalan.internal.xslt.,com.sun.org.apache.xalan.internal.xsltc.cmdline.,com.sun.org.apache.xalan.internal.xsltc.compiler.,com.sun.org.apache.xalan.internal.xsltc.trax.,com.sun.org.apache.xalan.internal.xsltc.util.,com.sun.org.apache.xml.internal.res.,com.sun.org.apache.xml.internal.serializer.utils.,com.sun.org.apache.xml.internal.utils.,com.sun.org.glassfish.,com.sun.java.accessibility.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss,com.sun.browser,com.sun.glass,com.sun.javafx,com.sun.media.jfxmedia,com.sun.media.jfxmediaimpl,com.sun.openpisces,com.sun.prism,com.sun.scenario,com.sun.t2k,com.sun.webpane,com.sun.pisces,com.sun.webkit
      basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@1a3954
      basic: Plugin2ClassLoader.addURL parent called for http://my.bcc.kz/ClientLoader.jar?v=8
      security: Blacklist revocation check is enabled
      security: blacklist: created: NEED_LOAD, lastModified: 1366334943709
      security: blacklist: hasBeenModifiedSince 1366334943724 (we have 1366334943709)
      security: Trusted libraries list check is enabled
      +network: Cache entry found [url: http://my.bcc.kz/ClientLoader.jar?v=8, version: null] prevalidated=true/0+
      cache: Adding MemoryCache entry: http://my.bcc.kz/ClientLoader.jar?v=8
      cache: Resource http://my.bcc.kz/ClientLoader.jar?v=8 has expired.
      network: Connecting http://my.bcc.kz/ClientLoader.jar?v=8 with proxy=HTTP @ gw.akkamal.kz/192.168.25.1:3128
      network: Connection http://my.bcc.kz/ClientLoader.jar?v=8, gw.akkamal.kz/192.168.25.1:3128java.net.ConnectException: Connection timed out: connect failed: removed from proxy cache
      network: Connecting http://my.bcc.kz:80/ with proxy=DIRECT
      network: Connecting http://my.bcc.kz/ClientLoader.jar?v=8 with cookie "__utma=241602846.1897108514.1366340326.1366340326.1366340326.1; __utmb=241602846.1.10.1366340326; __utmc=241602846; __utmz=241602846.1366340326.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
      network: ResponseCode for http://my.bcc.kz/ClientLoader.jar?v=8 : 304
      network: Encoding for http://my.bcc.kz/ClientLoader.jar?v=8 : null
      network: Disconnect connection to http://my.bcc.kz/ClientLoader.jar?v=8
      cache: Reading Signers from 4408 http://my.bcc.kz/ClientLoader.jar?v=8 | C:\Users\mabramyan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2abb222a-29d3e655.idx
      cache: Done readSigners(http://my.bcc.kz/ClientLoader.jar?v=8)
      cache:  Read manifest for http://my.bcc.kz/ClientLoader.jar?v=8: read=905 full=905
      basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
      security: Accessing keys and certificate in Mozilla user profile: null
      security: Loading Deployment certificates from C:\Users\mabramyan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
      security: Loaded Deployment certificates from C:\Users\mabramyan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
      security: Loading certificates from Deployment session certificate store
      security: Loaded certificates from Deployment session certificate store
      security: Loading certificates from Deployment session certificate store
      security: Loaded certificates from Deployment session certificate store
      security: Validate the certificate chain using CertPath API
      security: No blacklisted.certs file
      security: Loading Root CA certificates from C:\Users\mabramyan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.cacerts
      security: Loaded Root CA certificates from C:\Users\mabramyan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.cacerts
      security: Loading Root CA certificates from C:\Program Files\Java\jre7\lib\security\cacerts
      security: Loaded Root CA certificates from C:\Program Files\Java\jre7\lib\security\cacerts
      security: Obtain certificate collection in Root CA certificate store
      security: Obtain certificate collection in Root CA certificate store
      security: Obtain certificate collection in Root CA certificate store
      security: Obtain certificate collection in Root CA certificate store
      security: The certificate hasnt been expired, no need to check timestamping info
      security: The CRL support is disabled
      security: The OCSP support is disabled
      security: This OCSP End Entity validation is disabled
      network: Created version ID: 1.7.0.21
      network: Created version ID: 1.7.0.21
      basic: Applet loaded.
      basic: Applet resized and added to parent container
      basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 130200 us, pluginInit dt 21758759 us, TotalTime: 21888959 us
      basic: Applet initialized
      basic: Starting applet
      basic: completed perf rollup
      basic: Applet made visible
      basic: Applet started
      basic: Told clients applet is started

      Why this warning appears with java 1.7.0_21? What can i do, to make my applet "safe" ?

      Excuse me for my english, thanks for help!

      Edited by: 1001052 on 18.04.2013 20:22

      Edited by: 1001052 on 18.04.2013 20:26
        • 1. Re: Signed applet and security warning in 1.7.0_21
          1004055
          Excuse me, i don't read release notes. I just add Trusted-Library: true to my manifest.mf, and all works fine!
          • 2. Re: Signed applet and security warning in 1.7.0_21
            MSC
            I tried your suggestion also , but no hope , additionally I have to add my self sign jar file work fine with 1.6 java version but not working with 1.7 .

            Could any body give us some idea ?
            • 3. Re: Signed applet and security warning in 1.7.0_21
              1005429
              Hi,

              self signed certificates are not considered as trusted anymore. You have to sign your jars with a certificate from a trusted CA.

              Greetings,
              Waldemar Dick
              • 4. Re: Signed applet and security warning in 1.7.0_21
                MSC
                I am not sure you are right or not , because when I try to do the self sign jar via netbeans tools , the application it work fine , but when I try to do it my command line , it will not work . therefore it is clear , both of them is self sign by me , why netbeans one work with out issue and command line sign show the issue .

                I think that should be something to do with way we are sign the jar in java 1.7 , may be we should use different syntax or add some parameter .

                additionally why oracle should do such thing ? how developer should test their application before they ship it to clients ? !!! trust certificate cost a lot and most of the client they want use their own . but use the developer certificate . Don't you agree with me ?
                • 5. Re: Signed applet and security warning in 1.7.0_21
                  1005347
                  I agree this is crap. Oracle is slowly destroying Java. Your going to have to be a large company to even write a signed applet to test.
                  • 6. Re: Signed applet and security warning in 1.7.0_21
                    MSC
                    But what is the benefit of destroy the java lang ? Oracle bought that increase their benefit , plus if you think about it , we may need to make better language , not some universal lang , I will not defense if something like this happen , may be some new thing has been innovate , something grate such as JAVA lang has been made around 15 years back .

                    Don't you agree ?
                    • 7. Re: Signed applet and security warning in 1.7.0_21
                      1009079
                      if you would have read the release note of jre 7 update 21 it clearly says that even if the jar file is signed with a trusted CA,there will also be the security popup
                      we need to allow that manually to run.This is ridiculos.


                      I also had the same problem however I could sign the jar file with one of our existing certificate even the signing was proper still the there was a blue sheild pop up.One problem more If i use the same signed jar file to some other machine it doesnt work as a signed jar file.

                      I dont understand if the jar file is signed and working with the machine where I signed...why the same jar file is not working with some other machine.