Preventing RIAs from Being Repurposed

Java Rich Internet Applications Guide > Security > Preventing RIAs from Being Repurposed

The following topics are covered:

Identifying Valid Permissions Level and Codebase

The following attributes for the JAR file manifest were introduced in the JDK 7u25 release to defend RIAs against unauthorized code repurposing:


Note: These attributes apply to signed applets and Java Web Start applications. The attributes are ignored for stand-alone Java applications.

Examples

If you have a RIA that runs in the security sandbox and is expected to be accessed from https://example.com, add the following attributes to the manifest:

Permissions: sandbox
Codebase: https://example.com

If the RIA is also available from example.backup.com:8080, include both domains for the Codebase attribute:

Codebase: https://example.com example.backup.com:8080

Additional Information

See JAR File Manifest Attributes for Security for information on other manifest attributes that are available.

For information on adding attributes to the JAR file manifest, see Modifying a Manifest File in the Java Tutorial.


Copyright © 1993, 2016, Oracle and/or its affiliates. All rights reserved.