Skip to main content

Trip and Tick 2: JooJ up your project page with a Web Start demo

Posted by evanx on July 20, 2006 at 4:55 AM PDT

So you're hosting your project on, and you've uploaded some screenshots. Supoib! The next step is putting a Webstart "Launch" button on your page, innit.

Since i'm too lazy to read the JNLP documentation, and to write a JNLP file from scratch by hand, i'm gonna use those firefox goggles for starters. Later we'll be forced to read Deploying Software with JNLP and Java Web Start and edit the JNLP XML by hand, when as expected, things don't work as expected right off the bat.

Using the goggles we quickly see that Netbeans has a JNLP tool, woohoo! And a tutorial aptly named Using Java Web Start in NetBeans IDE which i followed as follows.

We go to the Update Manager, choose the Netbeans Update Center Beta.


When in doubt press the OK button. Unfortunately the above screen does not have
an OK button, so we try the Next button.


We add the Netbeans Module for Java Web Start.


I think we should meet and greet this module!


Now we see a Java Web Start item in the menu when we right click on our project. We enable this, and when we Run with Webstart, Netbeans generates our JNLP file, woohoo! It even provides a JNLP designer for for manipulating the file with the mouse, as you can see below. Oisome!


As expected from years of experience with softwarez, it doesn't work for us the first time, D'oh!

We enable the Java Webstart Console to see the exception, or just click on Details and select the Exception tab. We see it's a security permissions problem with the application trying to access system properties ie. command line options. Probably preferences would also cause a security violation. So i disable properties and preferences in the application.


Trying again, there is a different error, ie. progress, woohoo!


Looks like the above security exception is caused by field.setAccessible() ie. reflection.

Let's try a different angle of attack which is to disable sandbox security, for now. We do this by adding a security element with all-permissions into our JNLP as follows. If you know how to provide limited permissions, but not all permissions, eg. to allow reflection and "standard" stuff, but obviously not local file system access, please post a comment.


But we get a "jar not signed" JNLP exception, as we see when we click on Details and then the Exception tab.


For this to work we gotta sign the jar as detailed in Web Start Developer's Guide, which gives us the following keytool and jarsigner commands.
(Update. Kirill Grouchnikov's "Signing jars for Web Start applications" provides a great tutorial on signing your jars.)

    cd /opt/java5/bin
    keytool -genkey -keystore myKeystore -alias myself
    keytool -selfcert -alias myself -keystore myKeystore
    keytool -list -keystore myKeystore
    jarsigner -keystore myKeystore /aptframework/netbeans/dist/aptframework.jar myself
    javaws /aptframework/netbeans/aptframework.jnlp

where the keytool commmands we do once only, to create our "keystore,"
and the jarsigner command we do to prep the jar prior to trying to web start it.


Now we write a JNLP file for our web page, as follows.

<?xml version="1.0" encoding="UTF-8"?>
<jnlp codebase="<b></b>">
    <title><b>AptFramework Demo</b></title>
    <icon href="default"/>
    <j2se version="1.5+" />
    <jar href="<b>aptframework.jar</b>"/>
  <application-desc main-class="<b>aptcomponent.common.ZViewContext</b>"/>

For going online, all that changes is the codebase, which is now an http URL, rather than a local file.

I found that the webserver transforms XML files somehow, like our JNLP file, so that Firefox displays the XML rather than launching Web Start. So we upload our JNLP file and our jar to rather because that seems to work.

Now we can insert the JNLP link into our HTML web page as follows.

webstart.small.gif (695k, unsandboxed, Java5)

Addendum on Dependent Jar Resources

Kirill Grouchnikov's "Signing jars for Web Start applications" addresses dependent jars, where these might be signed by someone else, eg. activation.jaret al signed by Sun. In this case, you can't include these directly as jar resources in your JNLP. As Kirill shows, the trick is to wrap them in their own JNLP, and list that as the resource in your JNLP. I include such an example below, for completeness.

But if you have dependent jars that are signed by someone else eg. Sun, then you gonna get an error because your jars are not all signed by the same certificate, ie. yours. You can inspect the signing certificates et al, using the following command. (Incidently, the following JavaDB jar isn't signed, but for the sake of this discussion, let's pretend that it is signed by Sun.)

jarsigner -certs -verbose -verify /projects/aptframework/lib/derby.jar    

As Kirill shows, we can create a JNLP file for dependent jars which are signed by Sun et al, as follows.

<?xml version="1.0" encoding="UTF-8"?>
<jnlp codebase="<b></b>" href="<b>javadb.jnlp</b>">
    <title><b>JavaDB jar</b></title>
    <vendor><b>Signed by Sun Microsystems, Inc</b></vendor>
      <jar href="<b>derby.jar</b>"/>

where in this case, i'm gonna check-in dependent jars under the www subdirectory of my project, in which case the codebase is my project homepage.

And then in the resources section of our JNLP, we list dependent jars, including those wrapped in their own JNLP file, as follows.

    <j2se version="1.5+" />
    <jar href="aptframework.jar</b>"/>
    <jar href="aptfoundation.jar</b>"/>
    <b><extension href="javadb.jnlp"/></b>

Now i've just gotta update my demo to actually use JavaDB, eg. for an in-memory database :)

Related Topics >>