JRuby + JNLP = headache
So I've been working in the JRuby codebase for the last few weeks, trying to realize my vision of a JRuby network client that uses ActiveResource for object persistence to a remote web server, and uses the WebStart JNLP feature of Java to automatically download the appropriate Java Runtime and latest versions of extension libraries (including JRuby). So far it's been one roadblock after another.ActiveResource comes as a RubyGems package, which is great for a normal JRuby install. But when running out of JNLP, you're basically adding jruby-complete.jar to your classpath and invoking org.jruby.Ruby yourself, and all of your Ruby core scripts are stored in the JAR file. Which means that in order to install any RubyGems, you first have to extract the complete JAR file into your home directory's .jruby directory.
Which wouldn't be such a big deal if it weren't for JNLP's extreme security model. Java code within a signed JAR file is allowed access to the filesystem, but other code is not. And JRuby classes get defined on-the-fly through bytecode and then loaded with a custom classloader, so they don't meet the "signed JAR" requirement and run into lots of security problems that don't happen when you run straight Java classes.
There's also another issue: ActiveResource requires net/https, which in turn requires openssl, which in JRuby is loaded through an extension JAR. And you guessed it, that has a security conflict with JNLP, and would require modifying the openssl extension in addition to JRuby. I can get around it by writing my own trimmed-down ActiveResource, which isn't all that hard. Just provide some method_missing and YAML marshalling magic and you're good to go. But then, when you try to open an HTTP connection to the server, WebStart pops up a security dialog asking if you want to allow the connection to be made. Making the same connection through the standard java.net.URL.openConnection of course works fine.
So for now, I'm going to add "automatic extension downloader/updater that doesn't have the security roadblocks of JNLP" to my wish list. In the meantime, I've made a couple of patches for JRuby that fix some of my issues. JRUBY-1574 allows extraction from a non-file: url, so you can download the jruby-complete.jar over http. Working on another to fix part of JNLP JRuby not working at all for Java Integration, where building the proxy class fails because the static Java class members are inaccessible due to the JNLP security.
posted by Adam Payne @ 3:58 PM
permalink
0 Comments:
Post a Comment
<< Home