We at e-Zest are working on JavaFX 2.0 for more than a year and are amongst the few early adopters of the technology. Based on our experience with JavaFX we are evaluating it for a new project we recently received.
The project has the following two requirements for which we need to convert the application to native library using AOT compilation
- The application needs to be deployed on Windows, Linux and Mac environments and will be distributed to non-technical users .The users should be able to install the application on a single click. They shouldn’t be required to install the Java and JavaFX runtimes.
- The application code needs to be highly secured and users should not be able to view the source code using decompilers.
Packaging JavaFX application as Native
For the first requirement the application doesn’t really need AOT compilation. There are various paid and open source tools available which package the Java and JavaFX runtimes along with the application jars together into a native installer. The user can use the installer to install the application without having to worry about any other software.
We successfully created and tested the installer for a sample JavaFX application on Windows 7 using Install4j . Install4j claims to prepare a similar installer for Linux and Mac OS as well.
Install4j is a paid tool but there are various other open source tools available. More details can be used from the below JavaFX reference link
Securing JavaFX code:
We cannot use the above tools as Users can easily decompile the source code from the jars packaged with the installers. Although jar obfuscation provides difficulty in reading the source code but a determined hacker can still understand the source.
We evaluated the below tools which support AOT compilation:
Although Excelsior Jet claims to convert JavaFX 1.2 based applications to native code (http://www.excelsior-usa.com/blog/tag/javafx/) it seems they currently don’t provide support for JavaFX 2.0 based applications.
At the time of writing this blog Excelsior Jet provides support for Java 6 update 26 whereas JavaFX 2.0 needs a higher version of Java.
The tool does convert the application to a native exe but fails to run the application as it’s unable to find the classes specific to higher version of Java. The tool claims to support Java 7 in 3Q of 2012.
Aonix Perc (http://www.atego.com/products/aonix-perc/):
It was difficult to evaluate this tool as an evaluation copy of the tool was not directly available.
After having some conversation with their technical team they informed they currently don’t support JavaFX because it is a technology proprietary to Sun/Oracle (whereas the Java Specification is openly available to the public). While Oracle have announced their intention to also make JavaFX publicly available and part of OpenJDK (which would make it available for inclusion/implementation in PERC), this is not due to happen until at least OpenJDK/Java 8.
Based on the above evaluations we concluded that currently JavaFX 2.0 based applications cannot be converted to native code using AOT compilation.
Dongle based Security
We are currently evaluating using install4j for converting the application into native installer and using dongle based security solution provided by Safenet (http://www.safenet-inc.com/data-protection) for securing the jars. From our initial discussion they claim to secure the code packaged through their tool. I will provide details of our evaluations in my next blog.