Attempting import packages during software resource creation fails due to a change in Java security

book

Article ID: 158875

calendar_today

Updated On:

Products

Software Management Solution

Issue/Introduction

Starting with Java 7 update 51 an increase in security has been made to make user systems less vulnerable to external exploits. This change prevents applications from running that are Unsigned, Self Signed and applications that are missing permissions attributes. Attempting to create software resources, specifically during the import phase of the process, cannot be finished successfully. It should be noted that this same behavior has been seen with Java 7 update 45.

The versions of the console affected are 7.1 SP2 MP 1.1 all the way up to rollup v8 as well as 7.5 HF 2.

MP = Maintenance Pack

HF = Hot Fix

Java applications are blocked by your security settings

Missing Application-Name Manifest attribute

Missing required Permissions manifest attribute in main jar

Cause

As was stated above this is a result of increased security in the new Java applet.  The new applet will not allow nested main jar files, resulting in the failure.

Note: This issue may be present with all versions of Java 7 beyond Update 45 due to the security changes that have been made.

Resolution

This issue has been resolved in a pointfix.  

For version 7.1 the fix has been included in 7.1 MP1 rollup v9, see http://www.symantec.com/docs/HOWTO81832 to obtain this rollup.

For version 7.5 the fix has been included in 7.5 HF3, which can be installed via Symantec Installation Manager.

If the problem persists or an update to these versions is not possible, the following solution may resolve the issue.

 

There are multiple solutions depending on the situation. In a 7.1 environment running update 45 there are two solutions:

1. Update to Java 7 update 51 and follow the subsequent steps:

a. Open the Java Control Panel

b. Click on the "Security" tab

c. Click the "Edit Sites List" button

d. Add the URL that Java is attempting to access. You can confirm which URL by loading the Java console and performing an import.

If doing this from a workstation the Fully Qualified Domain Name (FQDN) should be used. If being performed from the SMP then http://localhost/altiris/softwaremanagement/dialogs should be used. This can be confirmed by following sub-step b above. If the server is setup to use SSL then https must be used. Also note that this workaround must be performed for each profile that is on the computer is more than one user is going to be using their credentials.

Another preemptive step that should be taken is to remove any cached URLs referencing "packagedefinition.jar". To do this:

1. Load the Java console

2. Under the "General" tab beneath "Temporary Internet Files" click "View"

3. Delete any version of the URL referencing "packagedefinition.jar" that is older than the install date of Java 7 u51.