JARs and Security

As mentioned earlier, one of the main benefits of a JAR file is that it can be digitally signed. This allows potential users of the JAR file to inspect it and verify that it is a valid JAR file from one of the user's "trusted" sources. This gives JAR files a little more freedom to access system resource that normally would not be allowed.

By signing the JAR file with your particular signature, users that trust you will be able to inspect the signature and see that it came from you and then trust the JAR file. This is called verification.

It is possible to detect deliberate corruption of the files in a JAR archive. To do so, the JAR archive must be signed digitally. A digital signature is stronger than a physical one; it is harder ...

Get Special Edition Using Java 2 Standard Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.