2 Replies Latest reply: Feb 27, 2014 7:58 AM by bttpla65 RSS

    Why is U51 blocking individual class files not in jars but U45 accepted them?


      Let me answer the "why do you need individual class files?" question first. We have a rather large applet based application with a current client-side minimum jar download size of 1.8 MB. If we put ALL of our class files into jars, that size will probably double. Most users only use a small portion of the class files for their particular tasks. Which of the class files they use depends upon the tasks they perform. Having ALL users download ALL the classes, albeit compressed in jars, is extremely time consuming and a major problem after application updates due to the large number of users and the network load it would cause.


      Jar file manifest:

      Permissions: all-permissions

      Codebase: *

      Application-Name: MyApplication

      Application-Library-Allowable-Codebase: *

      Caller-Allowable-Codebase: *

      Trusted-Library: true


      We have 11 directories with one containing the applet and main client application code. The other 10 directories contain class files relating to the various sub-applications in the system. The system has a third-party runtime jar file, too.


      We have a private network and servers for our business so the exposure is small. This is a screen-scraping, reformattring application that does no real data processing so doesn't need the same security as a true data processing application. Since we are not open to the Internet and of limited security risk, we chose to keep a more simplified structure.


      This all worked under 1.7.0_45. I read the security guide and it was my understanding that these attributes in the manifest would also work for U51. Apparently not. Looking at the guides, now, it appears they have been changed sometime last year regarding mixed-code to mean jars with certificates and jars without certificates. The support for individual class files appears to have been removed. If this is true, then there should have been a beta of the U51 code because the rules seem to have been changed since the last release or there is a new bug.