Java Web Start - java.ociweb.comjava.ociweb.com/javasig/knowledgebase/2002Jan/JavaWebStart.pdf ·...

Java Web Start

Brad ShulerSoftware Engineer

Object Computing, Inc.St. Louis, MO

OCI Java Lunch, 30 Nov 2001

Overview

nn Java Web Start (JWS)Java Web Start (JWS)n What is it?n Demon How it worksn Deployment on Servern Securityn Application Manager

Java Web Start - What is it?

nn Java 2 Application LauncherJava 2 Application Launchern Easy to Use (Browser Technology)n Free Client Program Installer From Sun

nn Reference Implementation of JNLPReference Implementation of JNLPn Java Network Launch Protocol (JNLP)

Java Web Start - Benefits

nn 1 Click Activation1 Click Activationn Browsern Desktop Iconn Start Menun Application Manager

nn Client-Side Caching SupportClient-Side Caching Supportnn Multiple Java Runtime EnvironmentsMultiple Java Runtime Environmentsnn Java 2 Security ModelJava 2 Security Modelnn Applications Update AutomaticallyApplications Update Automatically


nn Compared to AppletsCompared to Appletsn Works with any Browsern Does not require running Browsern Complex GUI Development Possiblen One Time Download (uses caching)n Connection Speed Independent (In fact, no

connection needed)n Realistic Security Sandbox


nn Compared to XML/HTMLCompared to XML/HTMLn Slower First Use Responsen Client Install Requiredn Sophisticated (“Fat”) GUI Possiblen Network Independent

Launch With 1 Click

Java Web Start - How it Works

nn Server Side SetupServer Side Setup:n New MIME Type Entry

application/x-java-jnlp-file JNLP

n Deployment Manifest (.jnlp file)n Describes how the application will be launchedn Describes how the application will appear in the Java

Web Start Application Managern Extensible Markup Language (XML) Format

JNLP File

<?xml version='1.0' encoding='UTF-8'?><jnlp codebase="http://www.bradshuler.com/jws" href="example.jnlp"> <information> <title>FileChooserDemo</title> <vendor>Object Computing, Inc.</vendor> <homepage href="index.html"/> <description>JFC FileChooserDemo App</description> <icon href="oci_logo.gif"/> <offline-allowed/> </information> <resources> <j2se version="1.3"/> <jar href="FileChooserDemo.jar"/> <property name="key" value="value1"/> </resources> <security> <all-permissions/> </security> <application-desc main-class="FileChooserDemo"/></jnlp>


JNLP File - Codebase AttributeCodebase attribute provides baseURL for all href’s that follow


JNLP File - Self ReferenceName of JNLP file itself.(Incorporates application

into Web StartApplication Manager)


JNLP File - Information ElementAdditional informationabout the application.(Visible in ApplicationManager, splash screen,

and desktop icons)

Allow application tolaunch without network

connection


JNLP File - Resources Element

Java 2 RuntimeEnvironment for this

application

<j2se version="1.3.1"/>

<j2se version=“1.4+ 1.3+ 1.2.2”/>

<j2se version=“1.3.1” href=“http://java.sun.com/products/autodl/j2se”/>

<j2se version=“1.3+” initial-heap-size=“32m” max-heap-size=“160m”/>

n To see a list of what JRE’s are installed on a client,launch the Java Web Start Application Manager.

JNLP File - More on j2se Element


JNLP File - Resources Element

Place all class files, imagefiles, and native codelibraries in JAR files.

<jar href=”application.jar” main=“true”/>

<jar href=”application.jar” download=“eager”/><jar href=”jars/audio/win32/sounds.jar” download=“lazy”/>

<jar href=”infrastructure.jar” version=“1.22”/>

<nativelib href=”jars/solaris/infrastructure.so.jar”/>

n (Advanced) Use the DownloadService in the JNLP API to checkthe cache at runtime for JAR versions.

n If no main attribute is specified, the JAR holding the main class mustbe listed first.

JNLP File - More on jar Element


JNLP File - System Properties

Specify any number of systemproperty name-value pairs.


JNLP File - Security Element

Requires all JAR filesto be digitally signed.

Request full access toclient system.

Requires user’spermission.


JNLP File - Main Class Element

<application-desc main-class=“edu.purdue.ie.MightyCAD”> <argument>-jconsole disable</argument> <argument>Courier New</argument></application-desc>

n The application-desc element is optional. If not present, the firstJAR file listed in the resources element must contain a manifest filepointing to the main class.

n A similar element for Applets, applet-desc allows Java Web Start tolaunch applets using the built in AppletViewer.

JNLP File - More on main Class

Java Web Start - Security

nn Specify the Specify the all-permissionsall-permissions security securityelement to:element to:n Access the Local File Systemn Access Printer(s)n Read/Write to Shared System-wide Clipboardn Access the Local Networkn Read System Propertiesn Install a custom SecurityManagern Retrieve JARS from anywheren Use Native Libraries

nn Support for fine-grained permissions isSupport for fine-grained permissions ismentioned in JNLP specification, but not yetmentioned in JNLP specification, but not yetimplemented (Java Bug Database #4398087).implemented (Java Bug Database #4398087).

Java Web Start - Security (cont.)

nn Requirements for full access:Requirements for full access:n All JAR files must be digitally signed

n Assures user no one has tampered with the JARn Uses public key encryption (public/private keys)

nn JAR Signing Requires:JAR Signing Requires:n Java 2 SDK jarsigner tooln A Certificate

n Assures the user public/private keys in JAR are yours.n Should come from a Certifying Authority (i.e.. VeriSign)n Does not mean the user should trust the application (Yes, Brad Shuler signed the JAR. But... Do I trust Brad Shuler?)

Java Web Start - Security (cont.)

nn Issues with CertificatesIssues with Certificatesn They Cost $$$ (Paid to certifying authority)n Take time to get (procurement cycle)

nn The Alternative..The Alternative..nn Create a Create a Self Signed Test CertificateSelf Signed Test Certificatenn Should be used for testing and prototypes onlyShould be used for testing and prototypes only

Java Web Start - Example

nn Signing a JAR using a Test Certificate:Signing a JAR using a Test Certificate:nn Self SignedSelf Signed (use for testing only!): (use for testing only!):

Example: Creating a Test Certificate

nn Step 1: Creating a keystoreStep 1: Creating a keystorenn Use the Java 2 SDK Use the Java 2 SDK keytoolkeytool program programnn Creates a keystore file on the local machineCreates a keystore file on the local machinenn Holds public and private keysHolds public and private keysnn Public key exported as a certificatePublic key exported as a certificate


nn Step 1: Creating a keystoreStep 1: Creating a keystore


nn Step 1: Creating a keystore (list contents)Step 1: Creating a keystore (list contents)


nn Step 1: Creating a keystore (file location)Step 1: Creating a keystore (file location)

Note:Note: .keystore .keystore is the default file name, is the default file name,Create a custom name using: Create a custom name using: keytoolkeytool -keystore -keystore namename

Example: Signing a JAR File

nn Step 2: Use the Java 2 SDK Step 2: Use the Java 2 SDK jarsignerjarsigner programprogramnn Exports certificate from keystore, places in JARExports certificate from keystore, places in JARnn Each file in archive is given a Each file in archive is given a digest entrydigest entry in the in the

manifest.manifest.nn Digest entries are one way hashes -- if file is modified,Digest entries are one way hashes -- if file is modified,

it’s hash value is no longer valid.it’s hash value is no longer valid.nn When JAR is being verified (by Java Web Start),When JAR is being verified (by Java Web Start),

digests are recomputed and compared to values indigests are recomputed and compared to values inmanifest.manifest.

Example: Signing a JAR File

nn Step 2: Use the Java 2 SDKStep 2: Use the Java 2 SDK jarsignerjarsigner program program

nn Finally, move the file to the web server deploymentFinally, move the file to the web server deploymentarea.area.

Note:Note: The Ant The Ant SignJarSignJar Built-In Task makes signing JARS seamless.. Built-In Task makes signing JARS seamless..

Java Web Start Application Manager

nn Manage the application cacheManage the application cachenn Add desktop icons, Start menu entriesAdd desktop icons, Start menu entriesnn Enable the Java ConsoleEnable the Java Consolenn Enable LoggingEnable Loggingnn Configure HTTP proxy settingsConfigure HTTP proxy settingsnn View installed View installed JRE’sJRE’snn View, import, export certificatesView, import, export certificates

Java Web Start Application Manager

Java Web Start: JNLP API

nn BasicServiceBasicService (query environment)(query environment)nn ClipboardServiceClipboardService (access clipboard data)(access clipboard data)nn DownloadServiceDownloadService (control how cached) (control how cached)nn FileOpenServiceFileOpenService (see local disk) (see local disk)nn FileSaveServiceFileSaveService (write to local disk) (write to local disk)nn PrintServicePrintServicenn PersistentServicePersistentService (similar to cookies) (similar to cookies)

Summary

nn Java Web Start:Java Web Start:n Provides the “plumbing” to allow client

machines to download a centralized Java 2application over a network and run on theirmachine -- all with one click.

n Always guarantees the user is running thelatest version.

n Is secure (Java 2 Security Model)

Referencesn Sun Java Web Start Home Page -

http://java.sun.com/products/javawebstart/index.html

n Sun Java Developer Connection JWS/JNLP Forum:http://forum.java.sun.com/forum.jsp?forum=38

n Java Community Process (JNLP Specification) -http://jcp.org/aboutJava/communityprocess/final/jsr056/index.html

n JavaWorld - http://www.javaworld.com/javaworld/jw-07-2001/jw-0706-webstart.html

n IBM - http://www.ibm.com/developerworks/library/j-webstart/index.html

n Unofficial Java Web Start FAQ -http://www.geocities.com/vamp201/jwsfaq.html

Date post:	06-Mar-2018
Category:	Documents
Upload:	lyanh
View:	219 times
Download:	1 times

Java Web Start - java.ociweb.comjava.ociweb.com/javasig/knowledgebase/2002Jan/JavaWebStart.pdf ·...

Documents