即使小应用程序已签名,并且设置了Caller-Allowable-Codebase属性,我们仍在应用程序中遇到LiveConnect安全警告：

第二个问题是,在IE,FF和Chrome中,“应用程序”和“发布者”字段设置为“未知”.显示的第一个安全信息似乎是从证书中提取的信息.

我的清单文件：

Manifest-Version: 1.0
Implementation-Vendor: xxx xxx Buildings AB
Implementation-version: 1.5.0.49829
Application-Library-Allowable-Codebase: *
Application-Name: Building Operation WebStation
Permissions: all-permissions
Created-By: 1.7.0 (Sun Microsystems Inc.)
Caller-Allowable-Codebase: *
Specification-Version: 1.0
Codebase: *

我阅读了有关security changes with LiveConnect的Oracle博客文章.

我也尝试添加Application-Library-Allowable-Codebase：*属性,但没有成功.在security attributes guide中它似乎没有任何区别.

选中该复选框不会执行任何操作,下一次我们导航到该applet时,警告将再次弹出.

jarsigner.exe输出“已验证jar”.

检查我们签署的证书会显示整个链条-我们的公司> RapidSSL CA> GeoTrust全球CA.我已经将证书导入到多个Windows证书存储中,即使仅由受信任的根CA进行签名就足够了.

我们正在最新的JRE上进行测试,而使用JRE 8可获得相同的结果
    Java插件10.67.2.01
    使用JRE版本1.7.0_67-b01 Java HotSpot(TM)客户端VM

有人知道吗

>如何在仍然允许LiveConnect通话的同时摆脱弹出窗口？
>否则,如何在对话框中填充两个UNKNOWN字段？

解决方法:

之所以会出现第一个弹出窗口(LiveConnect警告),是因为您对Caller-Allowable-Codebase使用了通配符*：

Caller-Allowable-Codebase: *

您可能需要将*替换为javascript文件所在的域名或IP地址.

您可能还需要对codebase属性执行类似的操作.

有关此属性的更多信息,请参见Codebase Attribute .

呼叫者允许代码库属性

See Codebase Attribute for a description of the values that are allowed. If a stand-alone asterisk (*) is specified as the value for the Caller-Allowable-Codebase attribute, then calls from JavaScript code to your RIA show a security warning, and users have the choice to allow the call or block the call. An option to remember the choice is also provided, and if selected, the warning is no longer shown when the RIA is launched.

源Caller-Allowable-Codebase Attribute

Java Applet清单-允许所有Caller-Allowable-Codebase

Removing the Trusted-Library attribute seems to be mandatory to get Caller-Allowable-Codebase working, no more warnings. However, this breaks Java 7 Update 21 – 40 which treated JavaScript code that calls code within a signed applet running with all permissions as mixed code and warning dialogs are raised if the signed JAR files are not tagged with the Trusted-Library=true attribute.

来源Java applet manifest – Allow all Caller-Allowable-Codebase,答案为Nikolas Pooch