Preventing RIAs from Being Repurposed

These documentation pages are no longer current. They remain available for archival purposes. Please visit for the most up-to-date documentation.

Java Rich Internet Applications Guide > Security > Preventing RIAs from Being Repurposed

The following topics are covered:

Identifying Valid Permissions Level and Codebase

The following attributes for the JAR file manifest were introduced in the JDK 7u25 release to defend RIAs against unauthorized code repurposing:

Note: These attributes apply to signed applets and Java Web Start applications. The attributes are ignored for stand-alone Java applications.


If you have a RIA that runs in the security sandbox and is expected to be accessed from, add the following attributes to the manifest:

Permissions: sandbox

If the RIA is also available from, include both domains for the Codebase attribute:


Additional Information

See JAR File Manifest Attributes for Security for information on other manifest attributes that are available.

For information on adding attributes to the JAR file manifest, see Modifying a Manifest File in the Java Tutorial.

Copyright © 1993, 2020, Oracle and/or its affiliates. All rights reserved.