Most Java programmers are familiar with the basic operations of the JAR file. But only a few programmers understand the JAR file format
Powerful function. In this article, the authors discussed many features and advantages in the JAR format, including packaging, executable JAR files, security, and indexes.
What is the JAR file? The JAR file format is based on the popular ZIP file format to gather many files to a file. Unlike the ZIP file, JAR files are not only used for compression and release, but also for deploying and package libraries, components, plug-in, and can be used directly like compilers and JVMs. In Jar contains special files, such as manifests and deployment descriptors, used to indicate how tools handle specific JAR.
A JAR file can be used:
Used to publish and use class libraries as application and extended build units as components, Applets, or plug-in deployment units for packaging and components associated with components
The JAR file format provides many advantages and features, many of which are not provided by traditional compression formats such as ZIP or TAR. They include:
safety. You can add a digitized signature on the contents of JAR files. In this way, you can identify the signed tools to selectively grant software security privileges, which is what other files cannot be done, and it can also detect whether the code is tampered with. Reduce download time. If an applet is bundled into a JAR file, the browser can download the applet class file and related resources in an HTTP transaction, not to open a new connection to each file. compression. The JAR format allows you to compress files to increase storage efficiency. Transmission platform extension. Java Extensions Framework provides a method of adding a function to the Java core platform, which is packaged with JAR files (Java 3D and JavaMail are extended by Sun development). Package seal. Packages stored in the JAR file can be selected to enhance version consistency and security. Sealed a package means that all classes in the package must be found in the same jar file. Package version control. A JAR file can contain data about the files it contain, such as vendors and version information. portability. The mechanism for processing JAR files is the standard part of the core API of the Java platform.
Compressed and uncompressed Jarjar tools (related details) are compressed by default. Uncompressed JAR files can generally be loaded more quickly than compressed JAR files because the files to decompress files during the loading process, but uncompressed files can be longer on the network.
Meta-Inf Directory Most JAR files contain a meta-inflica, which is used to store package and extended configuration data, such as security and version information. Java 2 platform identifies and explains the following files and directories in the meta-infers of the Meta-Inf to configure the application, extension, and class loader:
MANIFEST.MF. This manifest file defines data related to extended and package. Index.list. This file is generated by the new option -i of the JAR tool, which contains location information of the package defined in the application or extension. It is part of the JARINDEX implementation and is used by class loaders to accelerate class loading procedures. xxx.sf. This is a signature file for the JAR file. The placeholder XXX identifies the signature. XXX.DSA. The signature block file associated with the signature file, which stores a public signature for signing JAR files.
JAR Tools In order to perform basic tasks with JAR files, Java Archive Tool (JAR tools) provided as part of Java Development Kit is used. Use the jar command to call the JAR tool. Table 1 shows some common applications:
Table 1. Common JAR tool usage
Function command creates a JAR file JAR CF JAR-File Input-file with a separate file ... Create a JAR file JAR CF JAR-File Dir-Name Create an uncompressed JAR file JAR CF0 JAR-File Dir -Name Update a JAR file JAR UF JAR-File Input-File ... View a JAR file JAR TF JAR-File extracts a JAR file in JAR XF JAR-FILE extracts specific files from a JAR file JAR XF JAR-File Archived-File ... Run a package for executable JAR file Java -jar app.jar executable JAR an executable JAR file is a self-contained Java application, which is stored in special configuration In the JAR file, you can execute it directly by JVM without having to extract files in advance or set class path. To run an application stored in a non-executable JAR, you must add it to your classpath and use the name of the application's primary class. But use the executable JAR file, we can run an application without extracting it or knowing the primary entry point. JAR can be implemented to facilitate the release and execute Java applications.
Creating an executable JAR to create a executable JAR is easy. First put all application code in a directory. Suppose the primary class in the application is com.mycompany.myapp.sample. You want to create a JAR file containing the application code and identify the primary class. To do this, create a file called Manifest in a location (not in the application directory), and add the following line:
Main-class: com.mycompany.myapp.sample
Then, create a JAR file like this:
JAR CMF Manifest Executablejar.jar Application-Dir
What you have to do is these - now you can use Java-Jar to execute this JAR file executablejar.jar.
An executable JAR must reference all other subordinate JAR it needs through the header of the Menifest file. If the -jar option is used, the environment variable ClassPath and all class paths specified in the command line are ignored by the JVM.
Starting executive JAR Since we have already packaged your application to an executive JAR named Executablejar.jar, then we can start using the following command directly from the file:
Java -jar Executablejar.jar
A package in the package seal seal JAR file means that all classes defined in this package must be found in the same JAR file. This allows the author of the package to enhance the version consistency between the packaging class. The seal also provides means to prevent code tampering.
To seal the package, you need to add a name header for the package in the JAR's Manifest file, then add the value "true" Sealed header. Like executable JAR, you can seal a JAR by specifying a manifest file with an appropriate head element, as follows:
Name: COM / SamplePackage /
Sealed: True
Name header identifies the relative path name of the package. It ends with the file name in a "/". All heads prior to the first space behind the Name head act on the files or packages specified in the NAME header. In the above example, since the Sealed header appears after the NAME head and there is no space line, the Sealed header will be interpreted as only applied to the package COM / SamplePackage.
If you try to load a class in the seal package from the JAR file outside the seal, the JVM will throw a securityException.
Extended package expansion adds a function to the Java platform, which has already joined the extended mechanism in the JAR file format. The extended mechanism allows the JAR file to specify the other JAR files required by the class-path header in the Manifest file. Suppose Extension1.jar and Extension2.jar are two JAR files in the same directory, and the Manifest file of Extension1.jar contains the following:
Class-path: extension2.jar
This header indicates that classes in Extension2.jar are extended classes of classes in Extension1.jar. The classes in Extension1.jar can call classes in Extension2.jar and do not require Extension2.jar in the classpath.
When the JAR loaded using the extension mechanism, the JVM will automatically add the JAR referenced in the Class-Path head to the classpath in the JAR in the class-path header. However, the extended JAR path is interpreted as a relative path, so in general, the extension JAR must be stored in the same directory where the JAR is referenced.
For example, assume that class extensionClient references class ExtensionDemo, which is bundled in a JAR file called ExtensionClient.jar, and class ExtensionDemo is bundled in ExtensionDemo.jar. In order to make the extensionDemo.jar become an extension, you must list the extensionDemo.jar in the class-path header of the Manifest in ExtensionClient.jar, as shown below:
Manifest-Version: 1.0
Class-path: extensionDemo.jar
In this manifest, the value of the Class-Path head is extensionDemo.jar that does not specify the path, indicating that extensionDemo.jar is in the same directory with the ExtensionClient JAR file.
The security JAR file in the JAR file can be signed with the JARSIGNER tool or pass the Java.security API. A signature JAR file is exactly the same as the original JAR file, just updates its manifest and adds two files, a signature file, and a signature block file in the meta-inflicide.
The JAR file is signed with a certificate stored in the KeyStore database. The certificate stored in the keystore has password protection, and this password must be provided to the JARSIGNER tool to sign the JAR file.
Figure 1. KeyStore database
Each signature of JAR is represented by a signature file with a .sf extension in the Meta-INF directory of the JAR file. The format of this file is similar to the Manifest file - a set of RFC-822 heads. As shown below, its composition includes a major part, which includes information provided by the signature, but does not specifically for any specific JAR file item, there is a series of separate items, which must also be included in the Menifest file. . When verifying a signature JAR, the summary value of the signature file is compared to the summary value calculated by the corresponding item in the JAR file.
Listing 1. Manifest and Signature files in signature jar
Contents of Signature File Meta-Inf / Manifest.mf
Manifest-Version: 1.0
CREATED-by: 1.3.0 (Sun Microsystems Inc.)
Name: Sample.java
SHA1-Digest: 3 DDYW8INICTYG8ZARHLFX0W6G =
Name: Sample.classha1-Digest: yj5yqhbzbj3sstnchjfqukfwemi =
Contents of signature file meta-inf / james.sf
Signature-Version: 1.0
Sha1-Digest-Manifest: hbstzojbuutj6qmidb90t8sjaom =
CREATED-by: 1.3.0 (Sun Microsystems Inc.)
Name: Sample.java
SHA1-Digest: Qipmdrkurqckwnyili3jtrnia8Q =
Name: Sample.class
SHA1-Digest: pt2dyby8qxpcczv2nwplxd8p4g4 =
Digital signature a digital signature is the signed version of the .sf signature file. Digital signature files are binary and have the same file name as the .sf file, but the extension is different. Depending on the type of digital signature - RSA, DSA or PGP - and a different extension of the certificate type for signature JAR.
KeyStore To sign a JAR file, you must first have a private key. The private key and its associated public key certificate are stored in a password-protected database called KeyStores. JDK contains tools that create and modify keystores. Each key in KeyStore can be identified by an individual name, which is usually the name of the signature owner with this key.
All KeyStore items (certificate items for keys and trust) are accessed with unique alias. The alias is specified by generating a key pair (public key and private key) with the keytool -genkey command and add items to the KeyStore. The subsequent keytool command must use the same alias to reference this.
For example, use alias "James" to generate a new public key / private key pair and package the public key into the self-signed certificate, use the following command:
KeyTool -Genkey -Alaias James -Keypass JamesPass
-Validity 80-KeyStore JameskeyStore
-storepass jameskeystorepass
This command sequence specifies an initial password "jamespass", which requires this password when accessing the keystore "jameskeystore" JamesKeyStore). If KeyStore "JameskeyStore does not exist, KeyTool will automatically create it.
Jarsigner Tools Jarsigner Tool Use KeyStore to generate or verify the digital signature of the JAR file.
It is assumed that the keystore "jameskeystore" is created like the above example, and it contains a key called "James", you can sign a JAR file with the following command:
Jarsigner -keystore JameskeyStore -storepass JameskeyStorePass
-Keypass Jamespass -Signedjar Ssample.jar Sample.jar James
This command "JAMESKEYSTOREPASS" raises an alias "james" from the keystore named "jameskeystore", password is the key "jamespass", and the Sample.jar file is signed, created a signature JAR - SSAMPLE.jar .
The Jarsigner tool can also verify a signature JAR file, which is much simpler than the signature JAR file, just execute the following command:
Jarsigner -verify ssample.jar
If the signature JAR file is not tampered, the Jarsigner tool will tell you that JAR is verified. Otherwise, it will throw a securityException, indicating which files are not verified. You can also use Java.util.jar and Java.Security API to programmab to sign JAR (see Referring to References). You can also use tools like Netscape Object Signing Tool.
JAR Index If an application or applet bundles into multiple JAR files, then the class loader uses a simple linear search algorithm to search each element in the path in the path, which enables the class loader might to download and open many JAR File until you find the class or resource you want. If the class loader tries to find a non-existing resource, all JAR files in the application or applet will download. For large web applications and applets, this will cause slow start and respond slowly and wasted bandwidth.
After JDK 1.3, JAR file format starts support indexing to optimize search procedures in the network application, especially applets. The JARINDEX mechanism collects the contents of all JAR files defined in Applets or applications, and stores this information into the index file in the first JAR file. After downloading the first JAR file, the Applet class loader uses the collected content information to efficiently load the JAR file. This directory information is stored in a simple text file named Index.list in the meta-INF directory of the root JAR file.
Creating a JARINDEX can create a JARINDEX by specifying the -i option in the JAR command. Suppose our directory structure is shown below:
Figure 2. Jarindex
You will create an index file using the following command to create an index file for jarindex_main.jar, jarindex_test.jar, and jarindex_test1.jar:
Jar -i jarindex_main.jar jarindex_test.jar Sampledir / jarindex_test1.jar
The format of the index.list file is simple, containing the names of the package or class included in each indexed JAR file, as shown in Listing 2:
Listing 2. JARINDEX INDEX.LIST file example
Jarindex-Version: 1.0
Jarindex_main.jar
SP
Jarindex_test.jar
Sample
Sampledir / jarindex_test1.jar
Org
ORG / APACHE
ORG / APACHE / XERCES
ORG / APACHE / XERCES / FRAMEWORK
ORG / APACHE / XERCES / FRAMEWORK / XML4J
Conclusion JAR format far exceeds a compressed format, which has many functions that improve efficiency, security, and organization Java applications. Because these functions have been established at the core platform - including compilers and class loaders -, developers can simplify and improve the development and deployment procedures using JAR file format. .
Ayuan
9CBS certified blog expert
Blog expert
Huawei old employees
Big Data
More than ten years, in Huawei, Internet Corporation's experience, profound understanding and practical experience in CRM, big data, mainly sharing various project experience, including architecture, Java, big data and other articles