Java: how to check jar version at runtime

Class loading issues can happen in complex execution environments. Situation gets worst when there are different versions of the same library “loaded” and we are not sure which our application is picking up.

To help debugging this issue, we could check at runtime which version of the library is loaded with the our application.

A code like the following can help:

// Example using HTMLEmail from Apache Commons Email 
Class theClass = HtmlEmail.class;
// Find the path of the compiled class 
String classPath = theClass.getResource(theClass.getSimpleName() + ".class").toString(); 
System.out.println("Class: " + classPath); 

// Find the path of the lib which includes the class 
String libPath = classPath.substring(0, classPath.lastIndexOf("!")); 
System.out.println("Lib:   " + libPath); 

// Find the path of the file inside the lib jar 
String filePath = libPath + "!/META-INF/MANIFEST.MF"; 
System.out.println("File:  " + filePath); 

// We look at the manifest file, getting two attributes out of it 
Manifest manifest = new Manifest(new URL(filePath).openStream()); 
Attributes attr = manifest.getMainAttributes(); 
System.out.println("Manifest-Version: " + attr.getValue("Manifest-Version")); 
System.out.println("Implementation-Version: " + attr.getValue("Implementation-Version"));

The above code shows how to find jar file path and how to read the contents of a file (it is usually the Manifest) to read some info from it.

New Java release: 7u25

Java_LogoOracle has released new Java 7 CPU (see meaning here) release: 7u25.

The release contains, in addition to usual security bug fixes, several changes that are also targeted to improve security.

The complete list of changes is here but let me remark the most important changes:

  • several changes on signed jar management including the check, before execution, that the certificate is valid (not revoked). The check can delay applet/application startup.
  • new attributes on JAR manifest file (permissions, to control jar execution authorizations, and codebase,to control who is using the JAR) has been introduced to let JAR author to better control JAR usage.

Other 40 bug fixes are documented here.