Skip to main content

Trip and Tick 200: WebStart me up, baby!

Posted by evanx on October 19, 2006 at 3:31 PM PDT

So today i tried pack200 - and it compresses my jar from 440k to, urm, 110k! OK, so, um, clearly all WebStart jars should be made this way. Some great resources i found in the process were which has the important links related to WebStart, and "Deployment Tips and Tricks using WebStart and Java Plugin" (JavaOne2006 PDF slides), which shows you how to lazily load your app via the web, eg. maybe your WebStart app is just a login splash-screen teaser thingymajig that loads your real app in the background, to create the perception of loading a very large app, very quickly. "Mmmm... crumbled-up cookie things."

Previously in "JooJ up your project page with a WebStart demo" we looked at using Netbeans' JNLP tool to create our first JNLP file. This article is the PG13 SNVL version of that, minus the sxx, nudity, and violence - darn it to hell, what a frikkin pity! At least we
got the bad language going on, woohoo!

Creating the JNLP

Once we get through the XML with all those angle brackets, we notice that a JNLP file is actually a trivially minimal thing that just specifies our main class, dependent jars, required JRE version, and um, URL thingy.

<jnlp codebase="">
    <icon href="default"/>
    <shortcut online="true"/>
    <j2se version="1.5+"/>
    <jar href="aptfoundation610.jar"/>
    <jar href="cglib.jar"/>
    <extension href="javadb.jnlp"/>
  <application-desc main-class="quitebusydemo.common.QMessageBusDemo">

We specify the codebase to be where we upload our jars eg. The all-permissions means we can be naughty, eg. use reflection. Hopefully in future there'll be a some-permissions option. For testing offline, we would specify the codebase as a local directory where we gonna put we jars.
<jnlp codebase="file:///C:/my/jars">

Wrapping Jars signed by others

You can test if a jar is signed as follows, using jarsigner, which is included in the JDK of course (along with keytool, pack200 and javaws).

jarsigner -certs -verbose -verify activation.jar    

If any of your resources are jars signed by others, you gotta wrap those in a JNLP as follows, and put this in the resources section of the JNLP as an extension, as shown above.
<jnlp codebase="" href="javadb.jnlp">
    <title>JavaDB jar</title>
    <vendor>Signed by Sun Microsystems, Inc</vendor>
      <jar href="derby.jar"/>

Creating a keystore

We create a keystore (file), and a key therein, using keytool (in the JDK).

cd /my/jars
keytool -genkey -keystore myKeystore -alias myself
keytool -selfcert -alias myself -keystore myKeystore
keytool -list -keystore myKeystore
ls myKeystore

Signing the jars

We copy our minty jar and sign it as follows.

cd /my/jars
cp /my/nbprojects/myproject/dist/my.jar .
jarsigner -keystore myKeystore my.jar myself
pack200 my.jar.pack.gz my.jar
javaws my_local.jnlp

pack200 creates my.jar.pack.gz, where we need to have both the original jar, as well as the compressed gz one, in our codebase. The heffalump one is a fallback, e.g. for older javaws clients that don't do the pack200 thing. I keep two JNLP files, one local one (with my local jars directory as the codebase) e.g. my_local.jnlp, and then the uploadable one eg. my.jnlp, with the online codebase, eg. on
In the above script, i test using the local one, before uploading and testing the online one.

The HTML Link

Now we can insert the JNLP link into our HTML web page as follows.

<a href="">
   <img border="0" alt="Launch"
</a>(QuiteBusy, 150k/500k, unsandboxed, Java5)

Which looks like...
webstart.small.gif (QuiteBusy, 110k/440k, unsandboxed, Java5)

We need to put the alt "Launch" text in the img element, because some people configure their browsers to load images from the "originating" site only, in which case the webstart.small.gif won't show, and they'll see nothing to click on. You'll want check the server webserver logs (if you can), to make sure it is the pack200'ed my.jar.pack.gz that is getting downloaded :)

Related Topics >>