Steps to reproduce:
1. Install the latest 8 nightly (#645) on win7-x86
2. import this cert to deployment Signer CA store so our apps will be regarded as valid CA-Signed: http://sqe-hgi.us.oracle.com/hg/index.cgi/8/deployment_int_ws/raw-file/5fe827854bc1/new_framework/lib/keyStore/valid_selfsigned_100year_keystore.cert
3. access http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/stephen/deployment_stuff/do.NOT.remove.me/bugs/lc_sqe_links/liveconnect/html/test_JS2SJ_Sandbox.html
4. Note the main jar MixedCodeAppletTLCAC.jar is missing manifest "Permissions"
5. If you see security warning dialog asking for if you want to "Run", then the issue is reproduced.
The app should be directly blocked because of JDK-8025098.
1. the security warning dialog contains yellow warning saying that the jar missing manifest "Permissions" and will be blocked in a "future" JRE
2. after you click "Run", the apps will abort with error in trace:
Missing Application-Name manifest attribute for: http://localhost:8080/liveconnect/classes/MixedCodeAppletTLCAC.jar
So actually #1 and #2 contradict each other.