JAR (file format)
Filename extension | .jar |
---|---|
Internet media type | |
Uniform Type Identifier (UTI) | com.sun.java-archive |
Magic number | 50 4b 03 04 ASCII:PK\x03\x04 |
Developed by | Netscape, Sun Microsystems, Oracle Corporation |
Type of format | File archive, data compression |
Extended from | ZIP |
A JAR ("Java archive") file is a package file format typically used to aggregate many Java class files and associated metadata and resources (text, images, etc.) into one file for distribution.[4]
JAR files are archive files that include a Java-specific manifest file. They are built on the ZIP format and typically have a .jar
file extension.[5]
Design
A JAR file allows Java runtimes to efficiently deploy an entire application, including its classes and their associated resources, in a single request. JAR file elements may be compressed, shortening download times.
A JAR file may contain a manifest file, that is located at META-INF/MANIFEST.MF
. The entries in the manifest file describe how to use the JAR file. For instance, a Classpath entry can be used to specify other JAR files to load with the JAR.
Extraction
The contents of a file may be extracted using any archive extraction software that supports the ZIP format, or the
jar
command line utility provided by the Java Development Kit.
Security
Developers can digitally sign JAR files. In that case, the signature information becomes part of the embedded manifest file. The JAR itself is not signed, but instead every file inside the archive is listed along with its checksum; it is these checksums that are signed. Multiple entities may sign the JAR file, changing the JAR file itself with each signing, although the signed files themselves remain valid. When the Java runtime loads signed JAR files, it can validate the signatures and refuse to load classes that do not match the signature. It can also support 'sealed' packages, in which the Classloader will only permit Java classes to be loaded into the same package if they are all signed by the same entities. This prevents malicious code from being inserted into an existing package, and so gaining access to package-scoped classes and data.
The content of JAR files may be obfuscated to make reverse engineering more difficult.
Executable JAR files
An executable Java program can be packaged in a JAR file, along with any libraries the program uses. Executable JAR files have the manifest specifying the entry point class with Main-Class: myPrograms.MyClass
and an explicit Class-Path (and the -cp argument is ignored). Some operating systems can run these directly when clicked. The typical invocation is java -jar foo.jar
from a command line.
Native launchers can be created on most platforms. For instance, Microsoft Windows users who prefer having Windows EXE files can use tools such as JSmooth, Launch4J, WinRun4J or Nullsoft Scriptable Install System to wrap single JAR files into executables.
Manifest
A manifest file is a metadata file contained within a JAR.[6][7] It defines extension and package-related data. It contains name–value pairs organized in sections. If a JAR file is intended to be used as an executable file, the manifest file specifies the main class of the application. The manifest file is named MANIFEST.MF
. The manifest directory has to be the first entry of the compressed archive.
Specifications
The manifest appears at the canonical location META-INF/MANIFEST.MF
.[8] There can be only one manifest file in an archive and it must be at that location.
The content of the manifest file in a JAR file created with version 1.0 of the Java Development Kit is the following.
Manifest-Version: 1.0
The name is separated from its value by a colon. The default manifest shows that it conforms to version 1.0 of the manifest specification.
The manifest can contain information about the other files that are packaged in the archive. Manifest contents depend on the intended use for the JAR file. The default manifest file makes no assumptions about what information it should record about other files, so its single line contains data only about itself. It should be encoded in UTF-8.
Special-Purpose Manifest Headers
JAR files created only for the purpose of archiving do not use the MANIFEST.MF
file.
Most uses of JAR files go beyond simple archiving and compression and require special information in the manifest file.
Features
The manifest allows developers to define several useful features for their jars. Properties are specified in key-value pairs.
Applications
If an application is contained in a JAR file, the Java Virtual Machine needs to know the application's entry point. An entry point is any class with a public static void main(String[] args)
method. This information is provided in the manifest Main-Class header, which has the general form:
Main-Class: com.example.MyClassName
In this example com.example.MyClassName.main()
executes at application launch.
Package Sealing
Optionally, a package within a JAR file can be sealed, which means that all classes defined in that package are archived in the same JAR file. A package might be sealed to ensure version consistency among the classes in the software or as a security measure.
To seal a package, a Name entry needs to appear, followed by a Sealed header, such as:
Name: myCompany/myPackage/
Sealed: true
The Name header's value is the package's relative pathname. Note that it ends with a '/' to distinguish it from a filename. Any headers following a Name header, without any intervening blank lines, apply to the file or package specified in the Name header. In the above example, because the Sealed
header occurs after the Name: myCompany/myPackage
header with no intervening blank lines, the Sealed
header applies (only) to the package myCompany/myPackage
.
The feature of sealed packages is outmoded by the Java Platform Module System introduced in Java 9, in which modules cannot split packages.[9]
Package Versioning
Several manifest headers hold versioning information. One set of headers can be assigned to each package. The versioning headers appear directly beneath the Name header for the package. This example shows all the versioning headers:
Name: java/util/
Specification-Title: "Java Utility Classes"
Specification-Version: "1.2"
Specification-Vendor: "Sun Microsystems, Inc.".
Implementation-Title: "java.util"
Implementation-Version: "build57"
Implementation-Vendor: "Sun Microsystems, Inc."
Multi-Release
A jar can be optionally marked as a multi-release jar. Using the multi-release feature allows library developers to load different code depending on the version of the Java runtime.[10] This in turn allows developers to leverage new features without sacrificing compatibility.
A multi-release jar is enabled using the following declaration in the manifest:
Multi-Release: true
Dependencies
The MANIFEST.MF
file can be used to specify all the classes that must be loaded for an application to be able to run.[11]
Note that Class-Path entries are delimited with spaces, not with the system path delimiter:
Class-Path: . pkg1.jar path/to/pkg2.jar
Apache Ant Zip/JAR support
The Apache Ant build tool has its own package to read and write Zip and JAR archives, including support for Unix filesystem extensions. The org.apache.tools.zip package is released under the Apache Software Foundation license and is designed to be usable outside Ant.
Related formats
Several related file formats build on the JAR format:
- WAR (Web application archive) files, also Java archives, store XML files, Java classes, JavaServer Pages and other objects for Web Applications.
- RAR (resource adapter archive) files (not to be confused with the RAR file format), also Java archives, store XML files, Java classes and other objects for J2EE Connector Architecture (JCA) applications.
- EAR (enterprise archive) files provide composite Java archives that combine XML files, Java classes and other objects including JAR, WAR and RAR Java archive files for Enterprise Applications.
- SAR (service archive) is similar to EAR. It provides a
service.xml
file and accompanying JAR files. - APK (Android application package), a variant of the Java archive format, is used for Android applications.[12]
- AAR (Android archive) is used for distribution of Android libraries, typically via Maven.[13]
- PAR (plan archive) – supported by Eclipse Virgo OSGi application server, allows the deployment of multi-bundle OSGi applications as a single archive and provides isolation from other PAR-based applications deployed in the same server.
- KAR (Karaf archive) – supported by Apache Karaf OSGi application server, allows the deployment of multi-bundle, multi-feature OSGi applications.
See also
- JAR hell
- Java Platform Module System
- Open Packaging Conventions
- JAD (file format)
- GIFAR attack
- .a static libraries
References
- ^ "File Extension .JAR Details". Retrieved 29 November 2012.
- ^ "MIME : Java Glossary". Retrieved 29 November 2012.
- ^ "IANA Assignment". Retrieved 12 May 2023.
- ^ "JDK 6 Java Archive (JAR)-related APIs & DeveloperGuides".
- ^ "JAR File Specification". Java SE Documentation. Oracle. Archived from the original on 2017-09-11.
- ^ "Understanding the Manifest". Java.sun.com. 2003-03-21. Retrieved 2012-07-31.
- ^ "JAR File Specification". Download.oracle.com. Retrieved 2012-07-31.
- ^ "JAR File Specification". Download.oracle.com. Retrieved 2012-07-31.
- ^ "JEP 261: Module System". Retrieved 2021-02-06.
- ^ "JEP 238: Multi-Release JAR Files". Retrieved 2021-02-06.
- ^ the sun servlet specification, page 72 (servlet-2_4-fr-spec.pdf). See also the Java Tech Notes.
- ^ "Glossary". developer.android.com.
- ^ "Android library". developer.android.com.