Explore powerful features in JAR file format
Level: Getting Started
Pagadala J. Suresh (
Pjsuresh@in.ibm.com), software engineer, IBM Global Services India
Palaniyappan thiagarajan
TPalaniy@in.ibm.com), software engineer, IBM Global Services INDIA
November 2003
Most Java programmers are familiar with the basic operations of the JAR file. But only a few programmers understand powerful features in the JAR file format. In this article, the authors discussed many features and advantages in the JAR format, including packaging, executable JAR files, security, and indexes.
What is the JAR file?
The JAR file format is based on the popular ZIP file format to gather many files to a file. Unlike the ZIP file, JAR files are not only used for compression and release, but also for deploying and package libraries, components, plug-in, and can be used directly like compilers and JVMs. In Jar contains special files, such as manifests and deployment descriptors, used to indicate how tools handle specific JAR.
A JAR file can be used:
Used to publish and use class libraries
Construction unit as an application and extended build unit
Deployment units for components, applets, or plug-in
Accessibility resources associated with components
The JAR file format provides many advantages and features, many of which are not provided by traditional compression formats such as ZIP or TAR. They include:
safety. You can add a digitized signature on the contents of JAR files. In this way, you can identify the signed tools to selectively grant software security privileges, which is what other files cannot be done, and it can also detect whether the code is tampered with.
Reduce download time. If an applet is bundled into a JAR file, the browser can download the applet class file and related resources in an HTTP transaction, not to open a new connection to each file.
compression. The JAR format allows you to compress files to increase storage efficiency.
Transmission platform extension. Java Extensions Framework provides a method of adding a function to the Java core platform, which is packaged with JAR files (Java 3D and JavaMail are extended by Sun development).
Package seal. Packages stored in the JAR file can be selected to enhance version consistency and security. Sealed a package means that all classes in the package must be found in the same jar file.
Package version control. A JAR file can contain data about the files it contain, such as vendors and version information.
portability. The mechanism for processing JAR files is the standard part of the core API of the Java platform.
Compressed and unrecompressed JAR
JAR Tools (See JAR Tools for details) compressed files by default. Uncompressed JAR files can generally be loaded more quickly than compressed JAR files because the files to decompress files during the loading process, but uncompressed files can be longer on the network.
META-INF directory
Most JAR files contain a meta-inflicity, which is used to store package and extended configuration data, such as security and version information. Java 2 platform identifies and explains the following files and directories in the meta-infers of the Meta-Inf to configure the application, extension, and class loader:
MANIFEST.MF. This manifest file defines data related to extended and package.
Index.list. This file is generated by the new option -i of the JAR tool, which contains location information of the package defined in the application or extension. It is part of the JARINDEX implementation and is used by class loaders to accelerate class loading procedures.
xxx.sf. This is a signature file for the JAR file. The placeholder XXX identifies the signature. XXX.DSA. The signature block file associated with the signature file, which stores a public signature for signing JAR files.
JAR tools
In order to perform basic tasks with JAR files, use Java Archive Tool (JAR tools) provided as part of Java Development Kit. Use the jar command to call the JAR tool. Table 1 shows some common applications:
Table 1. Common JAR tool usage function commands
Create a JAR file JAR CF JAR-File Input-File in a separate file ...
Create a JAR file JAR CF JAR-FILE DIR-NAM with a directory
Create an uncompressed JAR file JAR CF0 JAR-File Dir-Name
Update a JAR file JAR UF JAR-File Input-File ...
View on a JAR file JAR TF JAR-FILE
Extract a JAR file for JAR XF JAR-FILE
Extract specific file JAR XF JAR-File Archived-file from a JAR file ...
Running a package to execute JAR file Java -jar app.jar
Executable JAR
A executable JAR file is a self-contained Java application that stores in a specially configured JAR file, which can be executed directly by JVM without having to extract files or set the class path in advance. To run an application stored in a non-executable JAR, you must add it to your classpath and use the name of the application's primary class. But use the executable JAR file, we can run an application without extracting it or knowing the primary entry point. JAR can be implemented to facilitate the release and execute Java applications.
Create an executable JAR
It is easy to create a executable JAR. First put all application code in a directory. Suppose the primary class in the application is com.mycompany.myapp.sample. You want to create a JAR file containing the application code and identify the primary class. To do this, create a file called Manifest in a location (not in the application directory), and add the following line:
Main-class: com.mycompany.myapp.sample
Then, create a JAR file like this:
JAR CMF Manifest Executablejar.jar Application-Dir
What you have to do is these - now you can use Java-Jar to execute this JAR file executablejar.jar.
An executable JAR must reference all other subordinate JAR it needs through the header of the Menifest file. If the -jar option is used, the environment variable ClassPath and all class paths specified in the command line are ignored by the JVM.
Start executive JAR
Since we have already packaged your application to execute JAR named Executablejar.jar, then we can start this application from the file with the following command:
Java -jar Executablejar.jar
Package seal
A package in the seal JAR file means that all classes defined in this package must be found in the same JAR file. This allows the author of the package to enhance the version consistency between the packaging class. The seal also provides means to prevent code tampering.
To seal the package, you need to add a name header for the package in the JAR's Manifest file, then add the value "true" Sealed header. Like executable JAR, you can seal a JAR by specifying a manifest file with an appropriate head element, as follows:
Name: COM / SamplePackage / Sealed: True
Name header identifies the relative path name of the package. It ends with the file name in a "/". All heads prior to the first space behind the Name head act on the files or packages specified in the NAME header. In the above example, since the Sealed header appears after the NAME head and there is no space line, the Sealed header will be interpreted as only applied to the package COM / SamplePackage.
If you try to load a class in the seal package from the JAR file outside the seal, the JVM will throw a securityException.
Extension package
Extended to increase the function to the Java platform, and the extended mechanism has been added in JAR file format. The extended mechanism allows the JAR file to specify the other JAR files required by the class-path header in the Manifest file.
Suppose Extension1.jar and Extension2.jar are two JAR files in the same directory, and the Manifest file of Extension1.jar contains the following:
Class-path: extension2.jar
This header indicates that classes in Extension2.jar are extended classes of classes in Extension1.jar. The classes in Extension1.jar can call classes in Extension2.jar and do not require Extension2.jar in the classpath.
When the JAR loaded using the extension mechanism, the JVM will automatically add the JAR referenced in the Class-Path head to the classpath in the JAR in the class-path header. However, the extended JAR path is interpreted as a relative path, so in general, the extension JAR must be stored in the same directory where the JAR is referenced.
For example, assume that class extensionClient references class ExtensionDemo, which is bundled in a JAR file called ExtensionClient.jar, and class ExtensionDemo is bundled in ExtensionDemo.jar. In order to make the extensionDemo.jar become an extension, you must list the extensionDemo.jar in the class-path header of the Manifest in ExtensionClient.jar, as shown below:
Manifest-Version: 1.0
Class-path: extensionDemo.jar
In this manifest, the value of the Class-Path head is extensionDemo.jar that does not specify the path, indicating that extensionDemo.jar is in the same directory with the ExtensionClient JAR file.
Security in the JAR file
JAR files can be signed by JARSIGNER tools or passing the Java.Security API. A signature JAR file is exactly the same as the original JAR file, just updates its manifest and adds two files, a signature file, and a signature block file in the meta-inflicide.
The JAR file is signed with a certificate stored in the KeyStore database. The certificate stored in the keystore has password protection, and this password must be provided to the JARSIGNER tool to sign the JAR file.
Figure 1. KeyStore database
Each signature of JAR is represented by a signature file with a .sf extension in the Meta-INF directory of the JAR file. The format of this file is similar to the Manifest file - a set of RFC-822 heads. As shown below, its composition includes a major part, which includes information provided by the signature, but does not specifically for any specific JAR file item, there is a series of separate items, which must also be included in the Menifest file. . When verifying a signature JAR, the summary value of the signature file is compared to the summary value calculated by the corresponding item in the JAR file. Listing 1. Manifest and Signature files in signature jar
Contents of Signature File Meta-Inf / Manifest.mf
Manifest-Version: 1.0
CREATED-by: 1.3.0 (Sun Microsystems Inc.)
Name: Sample.java
SHA1-Digest: 3 DDYW8INICTYG8ZARHLFX0W6G =
Name: Sample.class
SHA1-Digest: yj5yqhbzbj3sstnchjfqukfwemi =
Contents of signature file meta-inf / james.sf
Signature-Version: 1.0
Sha1-Digest-Manifest: hbstzojbuutj6qmidb90t8sjaom =
CREATED-by: 1.3.0 (Sun Microsystems Inc.)
Name: Sample.java
SHA1-Digest: Qipmdrkurqckwnyili3jtrnia8Q =
Name: Sample.class
SHA1-Digest: pt2dyby8qxpcczv2nwplxd8p4g4 =
digital signature
A digital signature is the signed version of the .sf signature file. Digital signature files are binary and have the same file name as the .sf file, but the extension is different. Depending on the type of digital signature - RSA, DSA or PGP - and a different extension of the certificate type for signature JAR.
KeyStore
To sign a JAR file, you must first have a private key. The private key and its associated public key certificate are stored in a password-protected database called KeyStores. JDK contains tools that create and modify keystores. Each key in KeyStore can be identified by an individual name, which is usually the name of the signature owner with this key.
All KeyStore items (certificate items for keys and trust) are accessed with unique alias. The alias is specified by generating a key pair (public key and private key) with the keytool -genkey command and add items to the KeyStore. The subsequent keytool command must use the same alias to reference this.
For example, use alias "James" to generate a new public key / private key pair and package the public key into the self-signed certificate, use the following command:
KeyTool -Genkey -Alaias James -Keypass JamesPass
-Validity 80-KeyStore JameskeyStore
-storepass jameskeystorepass
This command sequence specifies an initial password "jamespass", which requires this password when accessing the keystore "jameskeystore" JamesKeyStore). If KeyStore "JameskeyStore does not exist, KeyTool will automatically create it.
Jarsigner tool
The Jarsigner tool uses keystore to generate or verify the digital signature of the JAR file.
It is assumed that KeyStore "jameskeystore" is created like the above example, and it contains a key called "James", you can sign a JAR file with the following command: jarsigner -keystore jameskeystore -storepass JameskeyStorePass
-Keypass Jamespass -Signedjar Ssample.jar Sample.jar James
This command "JAMESKEYSTOREPASS" raises an alias "james" from the keystore named "jameskeystore", password is the key "jamespass", and the Sample.jar file is signed, created a signature JAR - SSAMPLE.jar .
The Jarsigner tool can also verify a signature JAR file, which is much simpler than the signature JAR file, just execute the following command:
Jarsigner -verify ssample.jar
If the signature JAR file is not tampered, the Jarsigner tool will tell you that JAR is verified. Otherwise, it will throw a securityException, indicating which files are not verified.
You can also use Java.util.jar and Java.Security API to programmab to sign JAR (see Referring to References). You can also use tools like Netscape Object Signing Tool.
JAR index
If an application or applet bundles into multiple JAR files, then the class loader uses a simple linear search algorithm to search for each element in the path, which enables the class loader to download and open a lot of JAR files. Until the desired class or resource. If the class loader tries to find a non-existing resource, all JAR files in the application or applet will download. For large web applications and applets, this will cause slow start and respond slowly and wasted bandwidth.
After JDK 1.3, JAR file format starts support indexing to optimize search procedures in the network application, especially applets. The JARINDEX mechanism collects the contents of all JAR files defined in Applets or applications, and stores this information into the index file in the first JAR file. After downloading the first JAR file, the Applet class loader uses the collected content information to efficiently load the JAR file. This directory information is stored in a simple text file named Index.list in the meta-INF directory of the root JAR file.
Create a Jarindex
You can create a JARINDEX by specifying the -i option in the JAR command. Suppose our directory structure is shown below:
Figure 2. Jarindex
You will create an index file using the following command to create an index file for jarindex_main.jar, jarindex_test.jar, and jarindex_test1.jar:
Jar -i jarindex_main.jar jarindex_test.jar Sampledir / jarindex_test1.jar
The format of the index.list file is simple, containing the names of the package or class included in each indexed JAR file, as shown in Listing 2:
Listing 2. JARINDEX INDEX.LIST file example
Jarindex-Version: 1.0
Jarindex_main.jar
SP
Jarindex_test.jar
Sample
Sampledir / jarindex_test1.jar
Org
ORG / APACHE
ORG / APACHE / XERCES
ORG / APACHE / XERCES / FRAMEWORK
ORG / APACHE / XERCES / FRAMEWORK / XML4J Conclusion
The JAR format is far exceeded in a compressed format, which has many functions that improve efficiency, security, and organization Java applications. Because these functions have been established at the core platform - including compilers and class loaders -, developers can simplify and improve the development and deployment procedures using JAR file format. .
Reference
See the documentation for the command line options for the JAR utility.
Raffi Krikorian published in ONJava provides help with Programmatical Signing a Jar File.
This documentation about Java Archive Tool explains the options that created and operated JAR files can be used.
Article "Java Web Start" (September 2001) describes how to use this technology to allow applications to specify the required JAR files and dynamically download them.
For different ways with J2EE servers (such as IBM WebSphere Application Server), please refer to "What Are Java Archive (JAR) Files?"
The JAR format is the basis of the WAR (Web Archive) format, and the WAR is used to deploy a Servlet and JSP applications in the J2EE container. See "What Are War Files?" For more details.
The JAR format is also the basis of EARPRISE ARCHIVE format, and EAR is used to deploy EJB in the J2EE container. See "What Are Enterprise Archive (EAR) Files?".
Hundreds of articles on all aspects of Java programming can be found on the developerWorks Java technology area.