JARs versus Web-Start

Discussion in 'Java' started by Stefan Ram, May 20, 2010.

  1. Stefan Ram

    Stefan Ram Guest

    When one follows a web link to an executable JAR on a
    webserver, it will be transferred via HTTP and then executed
    (for example, under Windows, after Java was installed). The
    operating system might ask the user for a confirmation and
    then will run the JAR.

    Many users do not know much about what a JAR is, so they
    might not be able to appreciate the possibly enhanced
    security of Applets or of Web-Start (is there any?)

    So, in order to enable someone to start a Java-Application
    via the Web, what might be some reasons to prefer one of
    those means above the other (a link to an executable JAR
    versus Web-Start)?
    Stefan Ram, May 20, 2010
    #1
    1. Advertising

  2. In article <-berlin.de>,
    -berlin.de (Stefan Ram) wrote:

    > When one follows a web link to an executable JAR on a
    > webserver, it will be transferred via HTTP and then executed
    > (for example, under Windows, after Java was installed). The
    > operating system might ask the user for a confirmation and
    > then will run the JAR.
    >
    > Many users do not know much about what a JAR is, so they
    > might not be able to appreciate the possibly enhanced
    > security of Applets or of Web-Start (is there any?)
    >
    > So, in order to enable someone to start a Java-Application
    > via the Web, what might be some reasons to prefer one of
    > those means above the other (a link to an executable JAR
    > versus Web-Start)?


    IIUC, a JAR runs with no security restrictions, while a Java Web Start
    program is launched with whatever permissions are defined in the
    controlling JNLP file. As concrete examples, this game's JNLP requests
    no special permissions; by default, it runs in a restricted, "sandbox"
    environment:

    <http://sites.google.com/site/drjohnbmatthews/buttons>

    In contrast, this game requests access to the local file system in
    order to save preferences:

    <http://robotchase.sourceforge.net/>

    When run, the first engenders no security dialog; the seconds does.
    Both JAR's are signed to mitigate the risk of tampering.

    More details here:

    <http://java.sun.com/docs/books/tutorial/deployment/webstart/security.html>

    --
    John B. Matthews
    trashgod at gmail dot com
    <http://sites.google.com/site/drjohnbmatthews>
    John B. Matthews, May 20, 2010
    #2
    1. Advertising

  3. On May 20, 9:39 am, -berlin.de (Stefan Ram) wrote:
    >   When one follows a web link to an executable JAR on a
    >   webserver, it will be transferred via HTTP and then executed
    >   (for example, under Windows, after Java was installed). ..


    On Ubuntu Linux the user would be offered many options,
    including 'save to disk' and 'open in archive manager'.

    > ..The
    >   operating system might ask the user for a confirmation and
    >   then will run the JAR.
    >
    >   Many users do not know much about what a JAR is, so they
    >   might not be able to appreciate the possibly enhanced
    >   security of Applets or of Web-Start (is there any?)


    Already covered.

    >   So, in order to enable someone to start a Java-Application
    >   via the Web, what might be some reasons to prefer one of
    >   those means above the other (a link to an executable JAR
    >   versus Web-Start)?


    JWS provides..
    - Easy ways to add extra APIs and entire extensions
    (JOGL, Java3D etc.) to the application's run-time
    classpath, including natives delivered specific for
    the platform.
    - Automatic update.
    - Splash screens.
    - Desk-top integration.
    - APIs only available to JWS apps. like the
    PersistenceService, the SingleInstanceService & the
    ExtensionInsallerService that make some things very
    much easier. E.G.s at <http://pscode.org/jws/api.html>
    Note that Robot Chase app. mentioned by John could be
    deployed sand-boxed, by using the PersistenceService.
    - Fine-grained JRE versioning. For details see
    <http://pscode.org/jws/version.html>
    - ...

    --
    Andrew T.
    pscode.org
    Andrew Thompson, May 20, 2010
    #3
  4. Stefan Ram

    Roedy Green Guest

    On Thu, 20 May 2010 00:55:20 -0400, "John B. Matthews"
    <> wrote, quoted or indirectly quoted someone who
    said :

    >
    >IIUC, a JAR runs with no security restrictions, while a Java Web Start
    >program is launched with whatever permissions are defined in the
    >controlling JNLP file. As concrete examples, this game's JNLP requests
    >no special permissions; by default, it runs in a restricted, "sandbox"
    >environment:


    Further the browser/os may need to be configured to associate jars
    with java.exe, otherwise it will just be saved to disk.

    You can run an Applet in a jar with <APPLET or that other abomination.
    --
    Roedy Green Canadian Mind Products
    http://mindprod.com

    Beauty is our business.
    ~ Edsger Wybe Dijkstra (born: 1930-05-11 died: 2002-08-06 at age: 72)

    Referring to computer science.
    Roedy Green, May 20, 2010
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ike
    Replies:
    6
    Views:
    1,054
    Andrew Thompson
    Sep 24, 2004
  2. Replies:
    5
    Views:
    9,029
  3. JavaEnquirer
    Replies:
    2
    Views:
    514
    JavaEnquirer
    Feb 22, 2006
  4. Ulf Meinhardt
    Replies:
    2
    Views:
    1,401
  5. Paul Butcher
    Replies:
    12
    Views:
    711
    Gary Wright
    Nov 28, 2007
Loading...

Share This Page