Explore the power of JAR file formats
Level: Getting started
Pagadala J. Suresh ( pjsuresh@), Software Engineer, IBM Global Services India
Palaniyappan Thiagarajan ( tpalaniy@), Software Engineer, IBM Global Services India
November 2003
Most Java programmers are familiar with the basic operations of JAR files. But only a few programmers understand the power of JAR file formats. In this article, the author explores many of the features and benefits of the JAR format, including packaging, executable JAR files, security, and indexing.
What is a JAR file?
The JAR file format is based on the popular ZIP file format and is used to aggregate many files into one file. Unlike ZIP files, JAR files are not only used for compression and distribution, but also for deployment and encapsulation of libraries, components, and plug-in programs, and can be used directly by tools like compilers and JVMs. Includes special files in the JAR, such as manifests and deployment descriptors, to indicate how the tool handles a specific JAR.
A JAR file can be used for:
Used to publish and use class libraries
As a building unit for applications and extensions
As a deployment unit for components, applets, or plug-in programs
Used to package auxiliary resources associated with components
JAR file formats offer many advantages and features, many of which are not provided by traditional compression formats such as ZIP or TAR. They include:
Security. You can add a digital signature to the content of the JAR file. In this way, tools that can identify signatures can selectively grant you software security privileges, which other files cannot do, and can also detect whether the code has been tampered with.
Reduce download time. If an applet is bundled into a JAR file, the browser can download the applet's class file and related resources in an HTTP transaction instead of opening a new connection to each file.
compression. The JAR format allows you to compress files for improved storage efficiency.
Transmission platform extension. The Java Extensions Framework provides ways to add functionality to the Java core platform, which are packaged with JAR files (Java 3D and JavaMail are examples of extensions developed by Sun).
Package sealed. Packages stored in JAR files can be optionally sealed for enhanced version consistency and security. Sealing a package means that all classes in the package must be found in the same JAR file.
Package version control. A JAR file can contain data about the files it contains, such as vendor and version information.
portability. The mechanism for handling JAR files is a standard part of the core API of the Java platform.
Compressed and uncompressed JARs
jar tools (see jar tools for details) compress files by default. Uncompressed JAR files can generally be loaded faster than compressed JAR files, because files are decompressed during loading, but uncompressed files may take longer to download on the network.
META-INF Directory
Most JAR files contain a META-INF directory that stores packages and extended configuration data, such as security and version information. The Java 2 platform identifies and interprets the following files and directories in the META-INF directory to configure applications, extensions, and class loaders:
. This manifest file defines data related to extensions and packages.
. This file is generated by the new option -i of the jar tool, which contains location information for packages defined in the application or extension. It is part of the JarIndex implementation and is used by the class loader to speed up the class loading process.
. This is the signature file of the JAR file. Placeholder xxx identifies the signer.
. A signature program block file associated with the signature file that stores the public signature used to sign the JAR file.
jar tools
To perform basic tasks with JAR files, use the Java Archive Tool (jar tool) provided as part of the Java Development Kit. Call the jar tool with the jar command. Table 1 shows some common applications:
Table 1. Common jar tool usage Function Commands
Create a JAR file with a separate file jar cf jar-file input-file...
Create a JAR file with a directory jar cf jar-file dir-name
Create an uncompressed JAR file jar cf0 jar-file dir-name
Update a JAR file jar uf jar-file input-file...
View the contents of a JAR file jar tf jar-file
Extract the content of a JAR file jar xf jar-file
Extract specific files from a JAR file jar xf jar-file archived-file...
Run an application packaged as an executable JAR file java -jar
Executable JAR
An executable jar file is a self-contained Java application stored in a specially configured JAR file that can be executed directly by the JVM without prior extraction of the file or setting the classpath. To run an application stored in a non-executable JAR, you must join it to your classpath and call the application's main class with a name. But with an executable JAR file, we can run an application without extracting it or knowing the main entry point. Executable JARs help to facilitate publishing and executing Java applications.
Create an executable JAR
Creating an executable JAR is easy. First put all the application code into one directory. Assume that the main class in the application is . You want to create a JAR file containing application code and identify the main class. To do this, create a file called manifest somewhere (not in the application directory) and add the following line to it:
Main-Class:
Then, create the JAR file like this:
jar cmf manifest application-dir
All you have to do is this - now you can execute this JAR file with java -jar.
An executable JAR must refer to all other subordinate JARs it needs through the header of the menufest file. If the -jar option is used, the environment variable CLASSPATH and all classpaths specified on the command line are ignored by the JVM.
Start executable JAR
Now that we have packaged our application into an executable JAR called , we can start the application directly from the file with the following command:
java -jar
Package seal
Sealing a package in a JAR file means that all classes defined in this package must be found in the same JAR file. This allows the author of the package to enhance version consistency between packaged classes. Sealing also provides a means to prevent code tampering.
To seal a packet, you need to add a Name header to the packet in the manifest file of the JAR and then add a Sealed header with the value "true". Like executable JARs, you can seal a JAR when creating a JAR by specifying a manifest file with the appropriate header element, as shown below:
Name: com/samplePackage/
Sealed: true
The Name header identifies the relative path name of the package. It ends with a "/" to distinguish it from the file name. All headers before the first blank line after the Name header act on the file or package specified in the Name header. In the above example, because the Sealed header appears behind the Name header and there are no blank lines in the middle, the Sealed header will be interpreted as being applied only to the package com/samplePackage.
If you try to load a class in the sealed packet from other than the JAR file where the sealed packet is located, the JVM will throw a SecurityException.
Extended Packaging
The extension has added functionality to the Java platform and an extension mechanism has been added to the JAR file format. The extension mechanism allows the JAR file to specify the required other JAR files through the Class-Path header in the manifest file.
Assume and are two JAR files in the same directory, the manifest file contains the following header:
Class-Path:
This header indicates that the class in \ is an extension class of the class in \. The class in , can call the class in , and does not require it to be in the classpath.
When loading JARs using extension mechanisms, the JVM efficiently and automatically adds JARs referenced in the Class-Path header to the classpath. However, an extension JAR path is interpreted as a relative path, so generally, an extension JAR must be stored in the same directory where the JAR that references it is located.
For example, suppose the class ExtensionClient refers to the class ExtensionDemo, which is bundled in a JAR file named , and the class ExtensionDemo is bundled in . In order for \ to be an extension, \ to be listed in the Class-Path header of the manifest, as shown below:
Manifest-Version: 1.0
Class-Path:
In this manifest, the value of the Class-Path header has no specified path, indicating that it is in the same directory as the ExtensionClient JAR file.
Security in JAR files
JAR files can be signed using the jarsigner tool or directly through the API. A signed JAR file is exactly the same as the original JAR file, except that it updates its manifest and adds two files, a signed file and a signed block file to the META-INF directory.
A JAR file is signed with a certificate stored in the Keystore database. The certificates stored in the keystore are password protected and must be provided with this password to the jarsigner tool in order to sign the JAR file.
Figure 1. Keystore database
Each signer of a JAR is represented by a signature file with a .SF extension in the META-INF directory of the JAR file. This file has a format similar to the manifest file -- a set of RFC-822 headers. As shown below, its composition includes a major part, which includes information provided by the signer, but is not specifically targeted to any particular JAR file items, and a series of separate items that must also be included in the menufest file. When verifying a signed JAR, the digest value of the signature file is compared with the digest value calculated for the corresponding item in the JAR file.
Listing 1. Signature Manifest and signature files in JAR
Contents of signature file META-INF/
Manifest-Version: 1.0
Created-By: 1.3.0 (Sun Microsystems Inc.)
Name:
SHA1-Digest: 3+DdYW8INICtyG8ZarHlFxX0W6g=
Name:
SHA1-Digest: YJ5yQHBZBJ3SsTNcHJFqUkfWEmI=
Contents of signature file META-INF/
Signature-Version: 1.0
SHA1-Digest-Manifest: HBstZOJBuuTJ6QMIdB90T8sjaOM=
Created-By: 1.3.0 (Sun Microsystems Inc.)
Name:
SHA1-Digest: qipMDrkurQcKwnyIlI3Jtrnia8Q=
Name:
SHA1-Digest: pT2DYby8QXPcCzv2NwpLxd8p4G4=
Digital signature
A digital signature is the signed version of the .SF signature file. Digital signature files are binary files and have the same file name as .SF files, but have different extensions. There are different extensions based on the type of digital signature -- RSA, DSA, or PGP -- and the type of certificate used to sign JARs.
Keystore
To sign a JAR file, you must first have a private key. The private key and its associated public key certificates are stored in a password-protected database called keystores. The JDK contains tools for creating and modifying keystores. Each key in the keystore can be identified with an alias, which is usually the name of the signer who owns the key.
All keystore entries (key and trusted certificate entries) are accessed with unique alias. The alias is specified when using the keytool -genkey command to generate a key pair (public and private key) and add an item in the keystore. The subsequent keytool command must refer to this item with the same alias.
For example, to generate a new public/private key pair with the alias "james" and wrap the public key into a self-signed certificate, use the following command:
keytool -genkey -alias james -keypass jamespass
-validity 80 -keystore jamesKeyStore
-storepass jamesKeyStorePass
This command sequence specifies an initial password "jamespass". This password is required when subsequent commands access the private key associated with the alias "james" in the keystore "jamesKeyStore". If the keystore "jamesKeyStore" does not exist, then keytool will automatically create it.
jarsigner tool
The jarsigner tool uses the keystore to generate or verify the digital signature of the JAR file.
Suppose the keystore "jamesKeyStore" is created like the example above, and it contains a key alias "james", which can be signed with the following command:
jarsigner -keystore jamesKeyStore -storepass jamesKeyStorePass
-keypass jamespass -signedjar james
This command uses the password "jamesKeyStorePass" to propose a key with alias "james" and password "jamespass" from the keystore named "jamesKeyStore", and signs the file and creates a signed JAR --.
The jarsigner tool can also verify a signed JAR file, which is much simpler than signing a JAR file, just execute the following command:
jarsigner -verify
If the signed JAR file has not been tampered with, the jarsigner tool will tell you that the JAR has passed the verification. Otherwise, it throws a SecurityException indicating which files have not passed the verification.
You can also programmatically sign JARs using and APIs (see Resources for details). You can also use tools like Netscape Object Signing Tool.
JAR index
If an application or applet is bundled into multiple JAR files, the class loader uses a simple linear search algorithm to search for each element in the class path, which makes the class loader likely to download and open many JAR files until the desired class or resource is found. If the class loader tries to find a resource that does not exist, all JAR files in the application or applet will be downloaded. For large web applications and applets, this can lead to slow startup, slow response and waste of bandwidth.
Since JDK 1.3, the JAR file format has begun to support indexing to optimize the search process for classes in web applications, especially applets. The JarIndex mechanism collects the contents of all JAR files defined in an applet or application and stores this information into the index file in the first JAR file. After downloading the first JAR file, the applet class loader will efficiently load the JAR file using the collected content information. This directory information is stored in a simple text file named META-INF directory of the root JAR file.
Create a JarIndex
A JarIndex can be created by specifying the -i option in the jar command. Suppose our directory structure is shown in the figure below:
Figure 2. JarIndex
You will use the following command to create an index file for JarIndex_Main.jar, JarIndex_test.jar, and JarIndex_test1.jar:
jar -i JarIndex_Main.jar JarIndex_test.jar SampleDir/JarIndex_test1.jar
The format of the file is very simple, including the name of the package or class contained in each indexed JAR file, as shown in Listing 2:
Listing 2. JarIndex file example
JarIndex-Version: 1.0
JarIndex_Main.jar
sp
JarIndex_test.jar
Sample
SampleDir/JarIndex_test1.jar
org
org/apache
org/apache/xerces
org/apache/xerces/framework
org/apache/xerces/framework/xml4j
Conclusion
The JAR format goes far beyond a compression format, which has many features that can improve efficiency, security, and organize Java applications. Because these capabilities are already built on the core platform -- including compilers and class loaders -- developers can leverage the capabilities of JAR file formats to simplify and improve the development and deployment process. .
References
See the documentation for command line options for the jar utility.
The article Raffi Krikorian published on ONJava provides help with programming-signing a JAR file.
This documentation on Java Archive Tool explains the options that can be used to create and manipulate JAR files.
The article "Java Web Start" (developerWorks, September 2001) describes how this technique is used so that applications can specify the required JAR files and download them dynamically.
For different ways J2EE servers (such as IBM WebSphere Application Server) use JAR file formats, see "What are Java Archive (JAR) files?"
The JAR format is the basis of the WAR (Web Archive) format, which is used to deploy Servlet and JSP applications in J2EE containers. For more information, see "What are WAR files?".
The JAR format is also the basis of the EAR (Enterprise Archive) format, which is used to deploy EJBs in J2EE containers. For more information, see "What are Enterprise Archive (EAR) files?".
Hundreds of articles on various aspects of Java programming can be found in the developerWorks Java technology section.
Level: Getting started
Pagadala J. Suresh ( pjsuresh@), Software Engineer, IBM Global Services India
Palaniyappan Thiagarajan ( tpalaniy@), Software Engineer, IBM Global Services India
November 2003
Most Java programmers are familiar with the basic operations of JAR files. But only a few programmers understand the power of JAR file formats. In this article, the author explores many of the features and benefits of the JAR format, including packaging, executable JAR files, security, and indexing.
What is a JAR file?
The JAR file format is based on the popular ZIP file format and is used to aggregate many files into one file. Unlike ZIP files, JAR files are not only used for compression and distribution, but also for deployment and encapsulation of libraries, components, and plug-in programs, and can be used directly by tools like compilers and JVMs. Includes special files in the JAR, such as manifests and deployment descriptors, to indicate how the tool handles a specific JAR.
A JAR file can be used for:
Used to publish and use class libraries
As a building unit for applications and extensions
As a deployment unit for components, applets, or plug-in programs
Used to package auxiliary resources associated with components
JAR file formats offer many advantages and features, many of which are not provided by traditional compression formats such as ZIP or TAR. They include:
Security. You can add a digital signature to the content of the JAR file. In this way, tools that can identify signatures can selectively grant you software security privileges, which other files cannot do, and can also detect whether the code has been tampered with.
Reduce download time. If an applet is bundled into a JAR file, the browser can download the applet's class file and related resources in an HTTP transaction instead of opening a new connection to each file.
compression. The JAR format allows you to compress files for improved storage efficiency.
Transmission platform extension. The Java Extensions Framework provides ways to add functionality to the Java core platform, which are packaged with JAR files (Java 3D and JavaMail are examples of extensions developed by Sun).
Package sealed. Packages stored in JAR files can be optionally sealed for enhanced version consistency and security. Sealing a package means that all classes in the package must be found in the same JAR file.
Package version control. A JAR file can contain data about the files it contains, such as vendor and version information.
portability. The mechanism for handling JAR files is a standard part of the core API of the Java platform.
Compressed and uncompressed JARs
jar tools (see jar tools for details) compress files by default. Uncompressed JAR files can generally be loaded faster than compressed JAR files, because files are decompressed during loading, but uncompressed files may take longer to download on the network.
META-INF Directory
Most JAR files contain a META-INF directory that stores packages and extended configuration data, such as security and version information. The Java 2 platform identifies and interprets the following files and directories in the META-INF directory to configure applications, extensions, and class loaders:
. This manifest file defines data related to extensions and packages.
. This file is generated by the new option -i of the jar tool, which contains location information for packages defined in the application or extension. It is part of the JarIndex implementation and is used by the class loader to speed up the class loading process.
. This is the signature file of the JAR file. Placeholder xxx identifies the signer.
. A signature program block file associated with the signature file that stores the public signature used to sign the JAR file.
jar tools
To perform basic tasks with JAR files, use the Java Archive Tool (jar tool) provided as part of the Java Development Kit. Call the jar tool with the jar command. Table 1 shows some common applications:
Table 1. Common jar tool usage Function Commands
Create a JAR file with a separate file jar cf jar-file input-file...
Create a JAR file with a directory jar cf jar-file dir-name
Create an uncompressed JAR file jar cf0 jar-file dir-name
Update a JAR file jar uf jar-file input-file...
View the contents of a JAR file jar tf jar-file
Extract the content of a JAR file jar xf jar-file
Extract specific files from a JAR file jar xf jar-file archived-file...
Run an application packaged as an executable JAR file java -jar
Executable JAR
An executable jar file is a self-contained Java application stored in a specially configured JAR file that can be executed directly by the JVM without prior extraction of the file or setting the classpath. To run an application stored in a non-executable JAR, you must join it to your classpath and call the application's main class with a name. But with an executable JAR file, we can run an application without extracting it or knowing the main entry point. Executable JARs help to facilitate publishing and executing Java applications.
Create an executable JAR
Creating an executable JAR is easy. First put all the application code into one directory. Assume that the main class in the application is . You want to create a JAR file containing application code and identify the main class. To do this, create a file called manifest somewhere (not in the application directory) and add the following line to it:
Main-Class:
Then, create the JAR file like this:
jar cmf manifest application-dir
All you have to do is this - now you can execute this JAR file with java -jar.
An executable JAR must refer to all other subordinate JARs it needs through the header of the menufest file. If the -jar option is used, the environment variable CLASSPATH and all classpaths specified on the command line are ignored by the JVM.
Start executable JAR
Now that we have packaged our application into an executable JAR called , we can start the application directly from the file with the following command:
java -jar
Package seal
Sealing a package in a JAR file means that all classes defined in this package must be found in the same JAR file. This allows the author of the package to enhance version consistency between packaged classes. Sealing also provides a means to prevent code tampering.
To seal a packet, you need to add a Name header to the packet in the manifest file of the JAR and then add a Sealed header with the value "true". Like executable JARs, you can seal a JAR when creating a JAR by specifying a manifest file with the appropriate header element, as shown below:
Name: com/samplePackage/
Sealed: true
The Name header identifies the relative path name of the package. It ends with a "/" to distinguish it from the file name. All headers before the first blank line after the Name header act on the file or package specified in the Name header. In the above example, because the Sealed header appears behind the Name header and there are no blank lines in the middle, the Sealed header will be interpreted as being applied only to the package com/samplePackage.
If you try to load a class in the sealed packet from other than the JAR file where the sealed packet is located, the JVM will throw a SecurityException.
Extended Packaging
The extension has added functionality to the Java platform and an extension mechanism has been added to the JAR file format. The extension mechanism allows the JAR file to specify the required other JAR files through the Class-Path header in the manifest file.
Assume and are two JAR files in the same directory, the manifest file contains the following header:
Class-Path:
This header indicates that the class in \ is an extension class of the class in \. The class in , can call the class in , and does not require it to be in the classpath.
When loading JARs using extension mechanisms, the JVM efficiently and automatically adds JARs referenced in the Class-Path header to the classpath. However, an extension JAR path is interpreted as a relative path, so generally, an extension JAR must be stored in the same directory where the JAR that references it is located.
For example, suppose the class ExtensionClient refers to the class ExtensionDemo, which is bundled in a JAR file named , and the class ExtensionDemo is bundled in . In order for \ to be an extension, \ to be listed in the Class-Path header of the manifest, as shown below:
Manifest-Version: 1.0
Class-Path:
In this manifest, the value of the Class-Path header has no specified path, indicating that it is in the same directory as the ExtensionClient JAR file.
Security in JAR files
JAR files can be signed using the jarsigner tool or directly through the API. A signed JAR file is exactly the same as the original JAR file, except that it updates its manifest and adds two files, a signed file and a signed block file to the META-INF directory.
A JAR file is signed with a certificate stored in the Keystore database. The certificates stored in the keystore are password protected and must be provided with this password to the jarsigner tool in order to sign the JAR file.
Figure 1. Keystore database
Each signer of a JAR is represented by a signature file with a .SF extension in the META-INF directory of the JAR file. This file has a format similar to the manifest file -- a set of RFC-822 headers. As shown below, its composition includes a major part, which includes information provided by the signer, but is not specifically targeted to any particular JAR file items, and a series of separate items that must also be included in the menufest file. When verifying a signed JAR, the digest value of the signature file is compared with the digest value calculated for the corresponding item in the JAR file.
Listing 1. Signature Manifest and signature files in JAR
Contents of signature file META-INF/
Manifest-Version: 1.0
Created-By: 1.3.0 (Sun Microsystems Inc.)
Name:
SHA1-Digest: 3+DdYW8INICtyG8ZarHlFxX0W6g=
Name:
SHA1-Digest: YJ5yQHBZBJ3SsTNcHJFqUkfWEmI=
Contents of signature file META-INF/
Signature-Version: 1.0
SHA1-Digest-Manifest: HBstZOJBuuTJ6QMIdB90T8sjaOM=
Created-By: 1.3.0 (Sun Microsystems Inc.)
Name:
SHA1-Digest: qipMDrkurQcKwnyIlI3Jtrnia8Q=
Name:
SHA1-Digest: pT2DYby8QXPcCzv2NwpLxd8p4G4=
Digital signature
A digital signature is the signed version of the .SF signature file. Digital signature files are binary files and have the same file name as .SF files, but have different extensions. There are different extensions based on the type of digital signature -- RSA, DSA, or PGP -- and the type of certificate used to sign JARs.
Keystore
To sign a JAR file, you must first have a private key. The private key and its associated public key certificates are stored in a password-protected database called keystores. The JDK contains tools for creating and modifying keystores. Each key in the keystore can be identified with an alias, which is usually the name of the signer who owns the key.
All keystore entries (key and trusted certificate entries) are accessed with unique alias. The alias is specified when using the keytool -genkey command to generate a key pair (public and private key) and add an item in the keystore. The subsequent keytool command must refer to this item with the same alias.
For example, to generate a new public/private key pair with the alias "james" and wrap the public key into a self-signed certificate, use the following command:
keytool -genkey -alias james -keypass jamespass
-validity 80 -keystore jamesKeyStore
-storepass jamesKeyStorePass
This command sequence specifies an initial password "jamespass". This password is required when subsequent commands access the private key associated with the alias "james" in the keystore "jamesKeyStore". If the keystore "jamesKeyStore" does not exist, then keytool will automatically create it.
jarsigner tool
The jarsigner tool uses the keystore to generate or verify the digital signature of the JAR file.
Suppose the keystore "jamesKeyStore" is created like the example above, and it contains a key alias "james", which can be signed with the following command:
jarsigner -keystore jamesKeyStore -storepass jamesKeyStorePass
-keypass jamespass -signedjar james
This command uses the password "jamesKeyStorePass" to propose a key with alias "james" and password "jamespass" from the keystore named "jamesKeyStore", and signs the file and creates a signed JAR --.
The jarsigner tool can also verify a signed JAR file, which is much simpler than signing a JAR file, just execute the following command:
jarsigner -verify
If the signed JAR file has not been tampered with, the jarsigner tool will tell you that the JAR has passed the verification. Otherwise, it throws a SecurityException indicating which files have not passed the verification.
You can also programmatically sign JARs using and APIs (see Resources for details). You can also use tools like Netscape Object Signing Tool.
JAR index
If an application or applet is bundled into multiple JAR files, the class loader uses a simple linear search algorithm to search for each element in the class path, which makes the class loader likely to download and open many JAR files until the desired class or resource is found. If the class loader tries to find a resource that does not exist, all JAR files in the application or applet will be downloaded. For large web applications and applets, this can lead to slow startup, slow response and waste of bandwidth.
Since JDK 1.3, the JAR file format has begun to support indexing to optimize the search process for classes in web applications, especially applets. The JarIndex mechanism collects the contents of all JAR files defined in an applet or application and stores this information into the index file in the first JAR file. After downloading the first JAR file, the applet class loader will efficiently load the JAR file using the collected content information. This directory information is stored in a simple text file named META-INF directory of the root JAR file.
Create a JarIndex
A JarIndex can be created by specifying the -i option in the jar command. Suppose our directory structure is shown in the figure below:
Figure 2. JarIndex
You will use the following command to create an index file for JarIndex_Main.jar, JarIndex_test.jar, and JarIndex_test1.jar:
jar -i JarIndex_Main.jar JarIndex_test.jar SampleDir/JarIndex_test1.jar
The format of the file is very simple, including the name of the package or class contained in each indexed JAR file, as shown in Listing 2:
Listing 2. JarIndex file example
JarIndex-Version: 1.0
JarIndex_Main.jar
sp
JarIndex_test.jar
Sample
SampleDir/JarIndex_test1.jar
org
org/apache
org/apache/xerces
org/apache/xerces/framework
org/apache/xerces/framework/xml4j
Conclusion
The JAR format goes far beyond a compression format, which has many features that can improve efficiency, security, and organize Java applications. Because these capabilities are already built on the core platform -- including compilers and class loaders -- developers can leverage the capabilities of JAR file formats to simplify and improve the development and deployment process. .
References
See the documentation for command line options for the jar utility.
The article Raffi Krikorian published on ONJava provides help with programming-signing a JAR file.
This documentation on Java Archive Tool explains the options that can be used to create and manipulate JAR files.
The article "Java Web Start" (developerWorks, September 2001) describes how this technique is used so that applications can specify the required JAR files and download them dynamically.
For different ways J2EE servers (such as IBM WebSphere Application Server) use JAR file formats, see "What are Java Archive (JAR) files?"
The JAR format is the basis of the WAR (Web Archive) format, which is used to deploy Servlet and JSP applications in J2EE containers. For more information, see "What are WAR files?".
The JAR format is also the basis of the EAR (Enterprise Archive) format, which is used to deploy EJBs in J2EE containers. For more information, see "What are Enterprise Archive (EAR) files?".
Hundreds of articles on various aspects of Java programming can be found in the developerWorks Java technology section.