Layer 7 Policy Manager fails to load when using the browser-based manager: "Missing required Permissions manifest attribute in main jar"
search cancel

Layer 7 Policy Manager fails to load when using the browser-based manager: "Missing required Permissions manifest attribute in main jar"

book

Article ID: 42821

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

The browsed-based Policy Manager may fail to load if you are using Java 7 update 51 or later. Additionally, the following error messages may be displayed in a pop-up dialog box:

  • Java applications are blocked by your security settings.
  • Missing Application-Name manifest attribute
  • Missing required Permissions manifest attribute in main jar

 

Environment

Release:
Component: APIGTW

Cause

Oracle implemented changes to the security architecture of Java in update 51 to Java 7 which resulted in certain incompatibilities between our browser-based Policy Manager and this particular version of Java. Oracle provides the following information on why these changes were incorporated into Oracle Java:

Starting with Java 7 Update 51, Java has enhanced security model to make user system less vulnerable to the external exploits. The new version of Java does not allow users to run the applications that are not signed (Unsigned), Self signed (not signed by trusted authority) and the applications that are missing permission attributes.

Risks involved in running each kind of applications:

  • Unsigned applications:
    An application without a certificate (i.e. unsigned apps), or missing application Name and Publisher information are?blocked by default. Running this kind of application is potentially unsafe and present higher level of risk.
  • Self signed application (Certificate not from trusted authority):
    An application with self-signed certificate is blocked by default. Applications of this type present the highest level of risk because publisher is not identified and the application may be granted access to personal data on your computer.
  • Jar file missing Permission Attribute:
    Permissions Attribute verifies that the application requests the permission level that developer specified. If this attribute is not present, it might be possible for an attacker to exploit a user by re-deploying an application that is signed with original certificate and running the application at a different privilege level

Resolution

Remediation of this issue will require changes to our product. As of version 8.1 of the Layer 7 Gateway, a workaround will be required in order to restore access to the browser-based Policy Manager. Please visit the vendor site at the following URL in order to implement a change to the security settings of Java: https://www.java.com/en/download/help/java_blocked.xml

Powered by Wolken Software