Joined: Nov 29, 2007
Since Java 6 update 19, if an application uses signed and unsigned code, signed jars that are allowed to be used from unsigned code, should have a Trusted-Library attribute set to true in their manifest. Else, the JVM will pop a warning that recommends the user to not execute the app.
Trusted library classes are loaded through a separate classloader. The rest of the app can "see" that trusted code, but trusted code cannot "see" code not marked as "trusted library".
If we add the Trusted-Library to our jars and sign them, there are no warnings, but as JCAPI is not a "trusted library", our code cannot "see" any of JCAPI classes (a ClassNotFoundException is thrown).
There is a workaround, but it involves messing with classloaders. It would be much more easy that JCAPI manifest includes Trusted-Library attribute set to true. I think it is coherent with JCAPI purpouse, and lot of users will benefit from it.
Do you have plans to include a Trusted-Library attribute in the manifest, in both 1.x and 2.x versions?
Thanks in advance.