A JAR file allows Java runtimes to efficiently deploy a set of classes and their associated resources. The elements in a JAR file can be compressed, which, together with the ability to download an entire application in a single request, makes downloading a JAR file much more convenient than separately downloading the many uncompressed files which would form a single Java Application. The package
java.util.zip contains classes that read and write JAR files.
A JAR file has an optional manifest file located in the path
META-INF/MANIFEST.MF. The entries in the manifest file determine how one can use the JAR file. For instance, aClasspath entry can be used to specify other JAR files for loading with the JAR. This entry consists of a list of absolute or relative paths to other JAR files. Although intended to simplify JAR use, in practice it turns out to be notoriously brittle, as it depends on all the relevant JARs being in the exact locations specified when the entry-point JAR was built. To change versions or locations of libraries, a new manifest is needed.
To extract the contents of a JAR file users can use any standard unzip software, or the
jar command which comes with every Java Virtual Machine: “
jar -xf foo.jar“.
Developers can digitally sign JAR files. In that case, the signature information becomes part of the embedded manifest file. The JAR itself is not signed, but instead every file inside the archive is listed along with its checksum; it is these checksums that are signed. Multiple entities may sign the JAR file, changing the JAR file itself with each signing, although the signed files themselves remain valid. When the Java runtime loads signed JAR files, it can validate the signatures and refuse to load classes that do not match the signature. It can also support ‘sealed’ packages, in which the Classloader will only permit Java classes to be loaded into the same package if they are all signed by the same entities. This prevents malicious code from being inserted into an existing package, and so gaining access to package-scoped classes and data.
Developers can obfuscate JAR files so that a user of the JAR file doesn’t get much information regarding the code it contains, or to reduce its size, which is useful in Embedded system development, where space may be limited.
Executable JAR files
An executable Java program can be packaged in a JAR file, along with any libraries the program uses. Executable JAR files have the manifest specifying the entry point class with
Main-Class: myPrograms.MyClass and an explicit Class-Path (and the -cp argument is ignored). Some operating systems can run these directly when clicked. The typical invocation is “
java -jar foo.jar” from a command line.
Native launchers can be created on most platforms. For instance Microsoft Windows users who prefer having Windows EXE files can use tools such as JSmooth, Launch4J,WinRun4J or Nullsoft Scriptable Install System to wrap single JAR files into executables.