Java Web Start
  • Java Web Start applications - Java Web Start applications are launched via a browser the first time. They may subsequently be launched from a desktop shortcut. Once a Java Web Start application is downloaded and its security certificate has been accepted by the user, it behaves almost like a standalone application.
  • Updates to a Java Web Start application are automatically downloaded when the application is run standalone from the user's desktop.
  • Java Web Start software is installed as part of the JRE software. Users do not have to install Java Web Start software separately or perform additional tasks to use Java Web Start applications.
  • A Java application started with JWS does not need to be an Applet. It can use Swing or AWT.
  • To run applications deployed with Java Web Start technology, you must have a compatible version of JRE.

JWS Security

Applications launched with Java Web Start are, by default, run in a restricted environment, known as a sandbox. In this sandbox, Java Web Start:

  1. Protects users against malicious code that could affect local files
  2. Protects enterprises against code that could attempt to access or destroy data on networks
  3. Unsigned JAR files launched by Java Web Start remain in this sandbox, meaning they cannot access local files or the network.

A web server should be setup in order to host jws application. You must configure the Web server so that files with the .jnlp extension are set to the application/x-java-jnlp-file MIME type.


Rich Internet applications (applets and Java Web Start applications) support session and permanent cookies. The underlying cookie store depends on the browser and the operating system on the client.

The two types of cookies follow:

  • Session cookies: are stored in memory and are accessible as long as the user is using the web application. Session cookies are lost when the user exits the web application. Such cookies are identified by a session ID and are most commonly used to store details of a shopping cart.
  • Permanent cookies: are used to store long-term information such as user preferences and user identification information. Permanent cookies are stored in persistent storage and are not lost when the user exits the application. Permanent cookies are lost when they expire.

You must sign your RIA JAR file in order to access cookies.


The Java Network Launch Protocol (JNLP) enables an application to be launched on a client desktop by using resources that are hosted on a remote web server. Java Plug-in software and Java Web Start software are considered JNLP clients because they can launch remotely hosted applets and applications on a client desktop. JNLP (xml file) sample:

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="" href="">
        <title>Dynamic Tree Demo</title>
        <vendor>Dynamic Team</vendor>
        <icon href="sometree-icon.jpg"/>
        <!-- Application Resources -->
        <j2se version="1.6+" href=
        <jar href="DynamicTreeDemo.jar"
            main="true" />

         name="Dynamic Tree Demo Application"
     <update check="background"/>

You can reduce the download time of your RIA by compressing your RIA's JAR file by using the pack200 tool.

Rich Internet applications (RIAs) are cached locally to improve startup time. However, before launching a RIA, the launch software checks to make sure that every JAR file referenced in the RIA's Java Network Launch Protocol (JNLP) file is up-to-date. These updates can be avoided or reduced.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License