Wikipedia

Java Web Start: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Rmp (talk | contribs)
9 edits
Signed Web Start applications: Criticism of WebStart
Line 40:
 
By default, Java Web Start applications run "restricted", which means that they do not have access to some system resources such as local files. But publishers can remove these restrictions by signing their Web Start applications with the <code>jarsigner</code> tool that comes with the [[Java Development Kit | JDK]].
 
== Criticism ==
 
WebStart is a power technology that hasn't realized it potential. Some of problems with JNLP are:
 
* Developer has to write server URI in JNLP file, so it is not possible to use same JNLP descriptor file in production and testing environment. Developer cannot just drop .jnlp file into server shared directory, he or she has to edit it. This problem could be solved if .jnlp file opened by web browser prugin, or by introducing jnlp: URI scheme, so .jnlp file descriptor opened by URL like jnlp:http://my-site/app.jnlp. jnlp: URI scheme may be handled by JNLP handler.
* Developer has to sign with certificate all jar files used by JNLP. Although it is not a problem for serious production applications, it complicates learning and small applications development. Certificate may be self-signed, so this does not really solve security issues.
* Bad user experience: user downloads .jnlp file into temp directory or Downloads folder. Browser may ask user, if he really wants to save that .jnlp file, and then has have to open downloaded manually. This again could be solved by browser plugin, or by introducing jnlp: URL scheme.
* Permission checking is too simple. Developer hardcodes required permissions into .jnlp descriptor (for example, developer may request "all permissions"), and user has to confirm permissions once at application start. It would be better if jnlp had no permission specifications at all, but on unsafe operation JNLP engine asked user questions like "Application My Demo requests to read file 'preferences.txt', allow?" with answers like "Allow once", "Always allow this file", "Always allow read anything". JVM SecurityManager is capable of performing such checks, but JNLP does not utilize such capabilities.
* 64-bit Windows support added only in Java 6<ref name="win64">[http://bugs.sun.com/view_bug.do?bug_id=4802695 Bug ID 4802695, Support 64-bit Java Plug-in and Java webstart on Windows/Linux on AMD64]</ref>.
 
== Well-known applications ==
Retrieved from "https://en.wikipedia.org/wiki/Java_Web_Start"