In this article by Alex Kasko, Stanislav Kobyl yanskiy, and Alexey Mironchenko, authors of the book OpenJDK Cookbook, we will cover the following topics:
- Building the IcedTea browser plugin on Linux
- Using the IcedTea Java WebStart implementation on Linux
- Preparing the IcedTea Java WebStart implementation for Mac OS X
- Preparing the IcedTea Java WebStart implementation for Windows
Introduction
For a long time, for end users, the Java applets technology was the face of the whole Java world. For a lot of non-developers, the word Java itself is a synonym for the Java browser plugin that allows running Java applets inside web browsers. The Java WebStart technology is similar to the Java browser plugin but runs remotely on loaded Java applications as separate applications outside of web browsers.
The OpenJDK open source project does not contain the implementations for the browser plugin nor for the WebStart technologies. The Oracle Java distribution, otherwise matching closely to OpenJDK codebases, provided its own closed source implementation for these technologies.
The IcedTea-Web project contains free and open source implementations of the browser plugin and WebStart technologies. The IcedTea-Web browser plugin supports only GNU/Linux operating systems and the WebStart implementation is cross-platform.
While the IcedTea implementation of WebStart is well-tested and production-ready, it has numerous incompatibilities with the Oracle WebStart implementation. These differences can be seen as corner cases; some of them are:
- Different behavior when parsing not well-formed JNLP descriptor files: The Oracle implementation is generally more lenient for malformed descriptors.
- Differences in JAR (re)downloading and caching behavior: The Oracle implementation uses caching more aggressively.
- Differences in sound support: This is due to differences in sound support between Oracle Java and IcedTea on Linux. Linux historically has multiple different sound providers (ALSA, PulseAudio, and so on) and IcedTea has more wide support for different providers, which can lead to sound misconfiguration.
The IcedTea-Web browser plugin (as it is built on WebStart) has these incompatibilities too. On top of them, it can have more incompatibilities in relation to browser integration. User interface forms and general browser-related operations such as access from/to JavaScript code should work fine with both implementations. But historically, the browser plugin was widely used for security-critical applications like online bank clients. Such applications usually require security facilities from browsers, such as access to certificate stores or hardware crypto-devices that can differ from browser to browser, depending on the OS (for example, supports only Windows), browser version, Java version, and so on. Because of that, many real-world applications can have problems running the IcedTea-Web browser plugin on Linux.
Both WebStart and the browser plugin are built on the idea of downloading (possibly untrusted) code from remote locations, and proper privilege checking and sandboxed execution of that code is a notoriously complex task. Usually reported security issues in the Oracle browser plugin (most widely known are issues during the year 2012) are also fixed separately in IcedTea-Web.
Building the IcedTea browser plugin on Linux
The IcedTea-Web project is not inherently cross-platform; it is developed on Linux and for Linux, and so it can be built quite easily on popular Linux distributions. The two main parts of it (stored in corresponding directories in the source code repository) are netx and plugin.
NetX is a pure Java implementation of the WebStart technology. We will look at it more thoroughly in the following recipes of this article.
Plugin is an implementation of the browser plugin using the NPAPI plugin architecture that is supported by multiple browsers. Plugin is written partly in Java and partly in native code (C++), and it officially supports only Linux-based operating systems. There exists an opinion about NPAPI that this architecture is dated, overcomplicated, and insecure, and that modern web browsers have enough built-in capabilities to not require external plugins. And browsers have gradually reduced support for NPAPI. Despite that, at the time of writing this book, the IcedTea-Web browser plugin worked on all major Linux browsers (Firefox and derivatives, Chromium and derivatives, and Konqueror).
We will build the IcedTea-Web browser plugin from sources using Ubuntu 12.04 LTS amd64.
Getting ready
For this recipe, we will need a clean Ubuntu 12.04 running with the Firefox web browser installed.
How to do it...
The following procedure will help you to build the IcedTea-Web browser plugin:
- Install prepackaged binaries of OpenJDK 7:
sudo apt-get install openjdk-7-jdk
- Install the GCC toolchain and build dependencies:
sudo apt-get build-dep openjdk-7
- Install the specific dependency for the browser plugin:
sudo apt-get install firefox-dev
- Download and decompress the IcedTea-Web source code tarball:
wget http://icedtea.wildebeest.org/download/source/icedtea-web-1.4.2.tar.gz
tar xzvf icedtea-web-1.4.2.tar.gz
- Run the configure script to set up the build environment:
./configure
- Run the build process:
make
- Install the newly built plugin into the /usr/local directory:
sudo make install
- Configure the Firefox web browser to use the newly built plugin library:
mkdir ~/.mozilla/plugins
cd ~/.mozilla/plugins
ln -s /usr/local/IcedTeaPlugin.so libjavaplugin.so
- Check whether the IcedTea-Web plugin has appeared under Tools | Add-ons | Plugins.
- Open the http://java.com/en/download/installed.jsp web page to verify that the browser plugin works.
How it works...
The IcedTea browser plugin requires the IcedTea Java implementation to be compiled successfully. The prepackaged OpenJDK 7 binaries in Ubuntu 12.04 are based on IcedTea, so we installed them first. The plugin uses the GNU Autconf build system that is common between free software tools. The xulrunner-dev package is required to access the NPAPI headers.
The built plugin may be installed into Firefox for the current user only without requiring administrator privileges. For that, we created a symbolic link to our plugin in the place where Firefox expects to find the libjavaplugin.so plugin library.
There's more...
The plugin can also be installed into other browsers with NPAPI support, but installation instructions can be different for different browsers and different Linux distributions.
As the NPAPI architecture does not depend on the operating system, in theory, a plugin can be built for non-Linux operating systems. But currently, no such ports are planned.
Using the IcedTea Java WebStart implementation on Linux
On the Java platform, the JVM needs to perform the class load process for each class it wants to use. This process is opaque for the JVM and actual bytecode for loaded classes may come from one of many sources. For example, this method allows the Java Applet classes to be loaded from a remote server to the Java process inside the web browser. Remote class loading also may be used to run remotely loaded Java applications in standalone mode without integration with the web browser. This technique is called Java WebStart and was developed under Java Specification Request (JSR) number 56.
To run the Java application remotely, WebStart requires an application descriptor file that should be written using the Java Network Launching Protocol (JNLP) syntax. This file is used to define the remote server to load the application form along with some metainformation. The WebStart application may be launched from the web page by clicking on the JNLP link, or without the web browser using the JNLP file obtained beforehand. In either case, running the application is completely separate from the web browser, but uses a sandboxed security model similar to Java Applets.
The OpenJDK project does not contain the WebStart implementation; the Oracle Java distribution provides its own closed-source WebStart implementation. The open source WebStart implementation exists as part of the IcedTea-Web project. It was initially based on the NETwork eXecute (NetX) project. Contrary to the Applet technology, WebStart does not require any web browser integration. This allowed developers to implement the NetX module using pure Java without native code. For integration with Linux-based operating systems, IcedTea-Web implements the javaws command as shell script that launches the netx.jar file with proper arguments.
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime
In this recipe, we will build the NetX module from the official IcedTea-Web source tarball.
Getting ready
For this recipe, we will need a clean Ubuntu 12.04 running with the Firefox web browser installed.
How to do it...
The following procedure will help you to build a NetX module:
- Install prepackaged binaries of OpenJDK 7:
sudo apt-get install openjdk-7-jdk
- Install the GCC toolchain and build dependencies:
sudo apt-get build-dep openjdk-7
- Download and decompress the IcedTea-Web source code tarball:
wget http://icedtea.wildebeest.org/download/source/icedtea-web-1.4.2.tar.gz
tar xzvf icedtea-web-1.4.2.tar.gz
- Run the configure script to set up a build environment excluding the browser plugin from the build:
./configure –disable-plugin
- Run the build process:
make
- Install the newly-built plugin into the /usr/local directory:
sudo make install
- Run the WebStart application example from the Java tutorial:
javaws http://docs.oracle.com/javase/tutorialJWS/samples/
deployment/dynamictree_webstartJWSProject/dynamictree_webstart.jnlp
How it works...
The javaws shell script is installed into the /usr/local/* directory. When launched with a path or a link to the JNLP file, javaws launches the netx.jar file, adding it to the boot classpath (for security reasons) and providing the JNLP link as an argument.
Preparing the IcedTea Java WebStart implementation for Mac OS X
The NetX WebStart implementation from the IcedTea-Web project is written in pure Java, so it can also be used on Mac OS X. IcedTea-Web provides the javaws launcher implementation only for Linux-based operating systems. In this recipe, we will create a simple implementation of the WebStart launcher script for Mac OS X.
Getting ready
For this recipe, we will need Mac OS X Lion with Java 7 (the prebuilt OpenJDK or Oracle one) installed. We will also need the netx.jar module from the IcedTea-Web project, which can be built using instructions from the previous recipe.
How to do it...
The following procedure will help you to run WebStart applications on Mac OS X:
- Download the JNLP descriptor example from the Java tutorials at http://docs.oracle.com/javase/tutorialJWS/samples/deployment/dynamictree_webstartJWSProject/dynamictree_webstart.jnlp.
- Test that this application can be run from the terminal using netx.jar:
java -Xbootclasspath/a:netx.jar net.sourceforge.jnlp.runtime.Boot dynamictree_webstart.jnlp
- Create the wslauncher.sh bash script with the following contents:
#!/bin/bash
if [ "x$JAVA_HOME" = "x" ] ; then
JAVA="$( which java 2>/dev/null )"
else
JAVA="$JAVA_HOME"/bin/java
fi
if [ "x$JAVA" = "x" ] ; then
echo "Java executable not found"
exit 1
fi
if [ "x$1" = "x" ] ; then
echo "Please provide JNLP file as first argument"
exit 1
fi
$JAVA -Xbootclasspath/a:netx.jar net.sourceforge.jnlp.runtime.Boot $1
- Mark the launcher script as executable:
chmod 755 wslauncher.sh
- Run the application using the launcher script:
./wslauncher.sh dynamictree_webstart.jnlp
How it works...
The next.jar file contains a Java application that can read JNLP files and download and run classes described in JNLP. But for security reasons, next.jar cannot be launched directly as an application (using the java -jar netx.jar syntax). Instead, netx.jar is added to the privileged boot classpath and is run specifying the main class directly. This allows us to download applications in sandbox mode.
The wslauncher.sh script tries to find the Java executable file using the PATH and JAVA_HOME environment variables and then launches specified JNLP through netx.jar.
There's more...
The wslauncher.sh script provides a basic solution to run WebStart applications from the terminal. To integrate netx.jar into your operating system environment properly (to be able to launch WebStart apps using JNLP links from the web browser), a native launcher or custom platform scripting solution may be used. Such solutions lay down the scope of this book.
Preparing the IcedTea Java WebStart implementation for Windows
The NetX WebStart implementation from the IcedTea-Web project is written in pure Java, so it can also be used on Windows; we also used it on Linux and Mac OS X in previous recipes in this article. In this recipe, we will create a simple implementation of the WebStart launcher script for Windows.
Getting ready
For this recipe, we will need a version of Windows running with Java 7 (the prebuilt OpenJDK or Oracle one) installed. We will also need the netx.jar module from the IcedTea-Web project, which can be built using instructions from the previous recipe in this article.
How to do it...
The following procedure will help you to run WebStart applications on Windows:
- Download the JNLP descriptor example from the Java tutorials at http://docs.oracle.com/javase/tutorialJWS/samples/deployment/dynamictree_webstartJWSProject/dynamictree_webstart.jnlp.
- Test that this application can be run from the terminal using netx.jar:
java -Xbootclasspath/a:netx.jar net.sourceforge.jnlp.runtime.Boot dynamictree_webstart.jnlp
- Create the wslauncher.sh bash script with the following contents:
#!/bin/bash
if [ "x$JAVA_HOME" = "x" ] ; then
JAVA="$( which java 2>/dev/null )"
else
JAVA="$JAVA_HOME"/bin/java
fi
if [ "x$JAVA" = "x" ] ; then
echo "Java executable not found"
exit 1
fi
if [ "x$1" = "x" ] ; then
echo "Please provide JNLP file as first argument"
exit 1
fi
$JAVA -Xbootclasspath/a:netx.jar net.sourceforge.jnlp.runtime.Boot $1
- Mark the launcher script as executable:
chmod 755 wslauncher.sh
- Run the application using the launcher script:
./wslauncher.sh dynamictree_webstart.jnlp
How it works...
The netx.jar module must be added to the boot classpath as it cannot be run directly because of security reasons.
The wslauncher.bat script tries to find the Java executable using the JAVA_HOME environment variable and then launches specified JNLP through netx.jar.
There's more...
The wslauncher.bat script may be registered as a default application to run the JNLP files. This will allow you to run WebStart applications from the web browser. But the current script will show the batch window for a short period of time before launching the application. It also does not support looking for Java executables in the Windows Registry. A more advanced script without those problems may be written using Visual Basic script (or any other native scripting solution) or as a native executable launcher. Such solutions lay down the scope of this book.
Summary
In this article we covered the configuration and installation of WebStart and browser plugin components, which are the biggest parts of the Iced Tea project.
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Ukraine
Luxembourg
Estonia
Lithuania
South Korea
Turkey
Switzerland
Colombia
Taiwan
Chile
Norway
Ecuador
Indonesia
New Zealand
Cyprus
Denmark
Finland
Poland
Malta
Czechia
Austria
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Netherlands
Bulgaria
Latvia
South Africa
Malaysia
Japan
Slovakia
Philippines
Mexico
Thailand
