I have the same problem. I test it with a explicit codebase, but the warning "Missing Permissions manifest attribute" it continues appearing.

我也有同样的问题。我使用显式代码库对其进行了测试，但它继续出现警告“缺少权限清单属性”。

Also tried changing permissions to "sandbox", the message still appearing but the applet don't have privileges to execute some functions.

还尝试将权限更改为“沙箱”，消息仍然出现，但小程序没有执行某些功能的权限。

Edit:

编辑：

Finally I've found the solution: manifest.mf

最后我找到了解决方案：manifest.mf

Manifest-Version: 1.0
Codebase: *
Permissions: all-permissions
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Application-Name: AppName
Created-By: AppCreator

I hope this help you.

我希望这对你有帮助。

From New security requirements for RIAs in 7u51 (January 2014)in the "Java Platform Group, Product Management blog":

来自“Java 平台组，产品管理博客”中 7u51 中 RIA 的新安全要求（2014 年 1 月）：

As of 7u51, (January 14, 2014), your RIAs must be updated. [...]

RIAs must contain two things:

1. Code signatures from a trusted authority. [...]

自 7u51 起（2014 年 1 月 14 日），您的 RIA 必须更新。[...]

RIA 必须包含两件事：

1. 来自受信任机构的代码签名。[...]

So it would appear that using a self-signed certificate is the problem here.

因此，使用自签名证书似乎是这里的问题。

I think it's clear that a self-signed certificate is not much use as an introduction for an end-user.

我认为很明显，自签名证书对于最终用户的介绍并没有多大用处。

In your Java control panel, change the security level to Very High, that way it will block the applet from running because it is missing the required Permissions attribute. Run your application, an exception will be thrown which will tell you which jar is missing the attribute.

在您的 Java 控制面板中，将安全级别更改为非常高，这样它将阻止小程序运行，因为它缺少必需的权限属性。运行您的应用程序，将抛出一个异常，它会告诉您哪个 jar 缺少该属性。

I was under the impression that adding the Permissions attribute to the main jar of the applet would be sufficient but I just found out that even an ancillary jar can cause the issue. I will now add the Permissions attribute to all my jars.

我的印象是将 Permissions 属性添加到小程序的主 jar 就足够了，但我刚刚发现即使是辅助 jar 也会导致问题。我现在将 Permissions 属性添加到我所有的 jars 中。

Hope this helps someone.

希望这可以帮助某人。

I don't know that my original answer (deleted) was wrong. The Permissions attribute in the manifest should not be ignored in a local applet, so, it's a bug.

我不知道我原来的答案（已删除）是错误的。清单中的 Permissions 属性在本地小程序中不应被忽略，因此，这是一个错误。

There are similar known issues described in the 7u45 release notes. This must be related.

7u45 发行说明中描述了类似的已知问题。这一定是有关系的。

As to the original question: Codebase: * ?

至于原来的问题：代码库：*？

Codebase: localhost

Codebase: localhost

It works for http://localhostand it does not contradict file://localhost/C:/folder, which (on Windows) is the correct JNLP codebase syntax. The Codebase attribute in the manifest allows multiple entries. Adding localhostsurely will have no adverse effects.

它适用于http://localhost并且不矛盾file://localhost/C:/folder，它（在 Windows 上）是正确的 JNLP 代码库语法。清单中的 Codebase 属性允许多个条目。添加localhost肯定不会有不良影响。

Update:

更新：

Manifest-Version: 1.0
Implementation-Title: MyApplet
Implementation-Version: applet build
Built-By: bnicer
Application-Name: Slide Show
Created-By: 1.7.0_45-b18 (Oracle Corporation)
Caller-Allowable-Codebase: *
Implementation-Vendor: MyFirm
Ant-Version: Apache Ant 1.9.2
Trusted-Library: true
Application-Library-Allowable-Codebase: *
Built-On: 8 November, 2013 @ 13:40:10 GMT
Trusted-Only: true
Permissions: all-permissions
Main-Class: jtss
Codebase: www.mydomain.co.uk localhost 127.0.0.1 192.168.2.2

I believe that running an applet offline under 7u45 will make problems no matter what you put in a manifest, and that is very unfortunate.

我相信在 7u45 下离线运行小程序无论你在清单中放什么都会出问题，这是非常不幸的。

As far as I can tell the older method of adding a .java.policyfile to the local directory is just as pointless, and that too is unfortunate.

据我所知，将.java.policy文件添加到本地目录的旧方法同样毫无意义，这也很不幸。

More Info:

更多信息：

(Concerning the bug?)

（关于错误？）

If the applet is signed, you have the option to import the public certificate (.csr, .p12, .cer) in the Java Control Panel: Security > Manage Certificates > User > Signer CA.Importing the certificate in the past ensured: A) the applet publisher was known. B) the security popup before running the applet in the browser would be removed.

如果小程序已签名，您可以选择在 Java 控制面板中Security > Manage Certificates > User > Signer CA.导入公共证书（.csr、.p12、.cer）：确保导入过去的证书：A) 小程序发布者是已知的。B) 在浏览器中运行小程序之前的安全弹出窗口将被删除。

• Web Start applications, ditto.

• Web Start 应用程序，同上。

The difference is that now (7u45): A) the publisher is known. B) you receive a "... manifest does not contain the Permissions attribute" warning.

不同之处在于现在 (7u45)： A) 发布者是已知的。B) 您收到“...清单不包含权限属性”警告。

• Local applets only.

• 仅限本地小程序。

After the warning, it has been my experience, that the applet won't run.

在警告之后，根据我的经验，小程序不会运行。

java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
    at sun.plugin2.applet.Plugin2ClassLoader.defineClassHelper(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.access0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    ... 14 more
Caused by: java.lang.NullPointerException
    at sun.plugin2.applet.Plugin2ClassLoader.loadAllowedCodebases(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
    at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
    at java.security.SecureClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    ... 18 more

A work-around, but by no means a fix, is to delete the certificate from the Signer CAstore. On deleting the certificate (in desperation, as a last resort) the signed, local applet runs as follows: A) UNKNOWN Publisher, etc. B) you get a security dialog, and the missing Permissions attribute warning.

一种变通方法，但绝不是修复方法，是从Signer CA存储中删除证书。在删除证书（无奈之下，作为最后的手段）时，签名的本地小程序运行如下：A) UNKNOWN Publisher 等。B) 您会收到一个安全对话框，以及缺少权限属性警告。

• None of the above applies to applets online.

• 以上均不适用于在线小程序。

Feel free to comment.

随意发表评论。

In 1.7.0_u45 you will probably need to have both the Permissions and Caller-Allowable-Codebase attributes set:

在 1.7.0_u45 中，您可能需要同时设置 Permissions 和 Caller-Allowable-Codebase 属性：

Caller-Allowable-Codebase: * localhost 127.0.0.1
Permissions: all-permissions

see this diagramwhich explains the security popups

请参阅此图，其中解释了安全弹出窗口

I'm setting my manifest attributes like this:

我正在设置我的清单属性，如下所示：

Application-Name: MyAppName
Implementation-version: %VERSION% 
Permissions: all-permissions
Caller-Allowable-Codebase: * localhost 127.0.0.1
Application-Library-Allowable-Codebase: *

I was also facing this problem and i resolved this problem in my application by just adding the certificate as a "Secure Site" under java control center.

我也遇到了这个问题，我在我的应用程序中解决了这个问题，只需将证书添加为 java 控制中心下的“安全站点”。

The error message ("The application will be blocked ... Permission attribute") is so misleading and it acts more like a generic error message and has nothing to do with Permissions attribute really present in the jars or not. This to me is a bug and hopefully java will fix it in the next release.

错误消息（“应用程序将被阻止......权限属性”）非常具有误导性，它的行为更像是一条通用错误消息，与 jar 中是否真正存在的权限属性无关。这对我来说是一个错误，希望 java 会在下一个版本中修复它。

Exact steps to remove this error message:
1) javaws -viewer
2) Open Security tab
3) Clik on "Manage Certificates"
4) Select Certificate Type as "Secure Site"
5) Add the application certificate.

删除此错误消息的确切步骤：
1) javaws -viewer
2) 打开安全选项卡
3
) 单击“管理证书” 4) 将证书类型选择为“安全站点”
5) 添加应用程序证书。

If you happen to be using webstart with version-based protocol, there seems to be a bug with this which causes the Permissions attribute warning when it shouldn't. Once we removed the version attributes from our jnlp, and removed the version string from the jar filenames, the Permissions attribute warning went away.

如果您碰巧将 webstart 与基于版本的协议一起使用，那么似乎存在一个错误，它会导致权限属性在不该警告时发出警告。一旦我们从 jnlp 中删除了版本属性，并从 jar 文件名中删除了版本字符串，权限属性警告就消失了。

Edit:I found this forum thread which discusses the matter: https://forums.oracle.com/thread/2594060.

编辑：我找到了讨论此事的论坛主题：https: //forums.oracle.com/thread/2594060。

Add the base url to the list of secure sites (excepted from checks) in the Java control panel's security tab, that made my vpn launch again:

将基本 url 添加到 Java 控制面板的安全选项卡中的安全站点列表（检查除外），这使我的 vpn 再次启动：

Run the java uninstall applet to remove old versions of java. http://java.com/en/download/uninstallapplet.jsp

运行 java 卸载小程序以删除旧版本的 java。 http://java.com/en/download/uninstallapplet.jsp

I had the same error when trying to open Dell iDRAC virtual console. This doesn't help if you want to get rid of the warnings in a proper fashion. But if you want to just run the application then for me the solution was to open Java Control Paneland in Securitytab set Security Levelto Medium.

我在尝试打开 Dell iDRAC 虚拟控制台时遇到了同样的错误。如果您想以适当的方式摆脱警告，这无济于事。但是，如果您只想运行该应用程序，那么对我来说，解决方案是打开Java Control Panel并在Security选项卡中将Security Level设置为Medium。

After that I could run the application after accepting the warnings.

之后，我可以在接受警告后运行该应用程序。