3.6. Starting and Stopping the Jemboss Server

After installing Jemboss the server will be running. Two scripts are created by the installation process; one to stop the server (tomstop) and another to start the server (tomstart). These scripts are created in the EMBOSS-x.y.z/jemboss/utils/ directory and may be copied to a more convenient place.

The tomstart script must be invoked by the unprivileged username that was used for installation of the server.

The server can, of course, be started at boot time either by creating appropriate operating system start/stop scripts or by invoking a line similar to the following at the end of the boot process:

/bin/su - jemboss -- /path/to/tomstartscript/tomstart > /dev/null 2>&1

where jemboss is the unprivileged username used for the installation.

3.6.1. Creating a Web Launch Page for the Jemboss Authenticating Server

Users of the server will be invoking the client software by clicking on a web page link at your site. You therefore need to create the web page using the instructions given below. Clicking on the link will invoke Java Web Start on the client. This will check that the client machine is using the latest version of the Jemboss software and download the client software if necessary; it will certainly download the client software on its first invocation.

For your convenience, the distribution provides a script to bundle all the java files, any SSL keystore files, the index.html file and the Jemboss.jnlp (Java Network Launching Protocol) file into one directory. It is recommended that you use the script.

The script is called makeJNLP.sh and must be run from the location where the server was installed and not from the source code directory. For example, if you installed Jemboss under /usr/local/emboss, as in the example above, then the script can be found in the directory /usr/local/emboss/share/EMBOSS/jemboss/utils/:

cd /usr/local/emboss/share/EMBOSS/jemboss/utils/

Here is an example session using makeJNLP.sh. The answers to the prompts reflect the Jemboss installation example used above.

*** Run this script from the installed jemboss utils directory.
*** If you are using SSL the script will use the client.keystore
*** in the $JEMBOSS/resources directory to create client.jar
*** which is wrapped with the Jemboss client in Jemboss.jar.
*** Press any key to continue.

After pressing [Return] the client.jar file will be created and you will get the following text and prompt.

Create client.jar to contain client.keystore.
      The following information is used by keytool to
      create a key store....

      What is your first and last name [Unknown]?
      Alan Bleasby

Your response to the above should be quite straightforward however, as it may appear in certificate security messages (see later), you may wish to use a generic name such as 'EBI Jemboss'.

What is the name of your organisational unit [Unknown]?

Your organisational unit may be 'Systems' or 'Bioinformatics' or some such.

What is the name of your organisation [Unknown]?

Change as appropriate.

What is the name of your City or Locality [Unknown]?

Change as appropriate.

What is the name of your State or Province [Unknown]?

Change as appropriate.

What is the two-letter country code for this unit [Unknown]?

Change as appropriate.

Give a key password (at least 6 characters):

This is a password to protect the individual private keys of the public/private key pairs generated during the signing of the java files required by the client. A user of Jemboss doesn't need to know this and, frankly, neither do you really. Usual password rules should apply though i.e. the example password isn't a good one.

Give a store password (at least 6 characters):

This is a password to ensure the integrity of the keystore which holds the private keys. Again, a user doesn't need to know this, and usual password rules should apply.

Provide the validity period for the signed jars, i.e. the
number of days before they expire and new ones need to be made [90]:

The signed jar files only have a lifetime of a fixed number of days. This is a security measure. If you believe that 90 days is too short then you may increase this number. For example, as there's usually at least an annual release of EMBOSS you may wish to set the above value to 365 days.

The script has now gathered all the information it requires and the following messages will be displayed.

Each of the jar files will now be signed....
Signing axis.jar

The signer certificate will expire within six months.
Signing commons-discovery.jar

[output truncated for clarity]

Signing Jemboss.jar

The signer certificate will expire within six months.

*** The signed jar files, index.html and Jemboss.jnlp have been
*** created in the directory /usr/local/emboss/share/EMBOSS/jemboss/jnlp.
*** Please edit the 'codebase' line in Jemboss.jnlp.
*** Also, edit the 'Click here' line in index.html to point
*** href at Jemboss.jnlp.
*** The 'jnlp' directory will then need to be added to your HTTP
*** server configuration file or moved into the www data
*** directories.
*** For your http server to recognise the jnlp application, the
*** following line needs to be added to the mime.types file:
*** application/x-java-jnlp-file jnlp

The above text gives a short description of what steps you now need to take: here is a more full description. The makeJNLP.sh script will have created a new directory namely, using the above example, /usr/local/emboss/share/EMBOSS/jemboss/jnlp. This directory contains all the Jemboss files required by your HTTP server.

% ls
axis.jar                Jemboss_logo_large.gif     sjaxrpc.jar
commons-discovery.jar   JembossPrintAlignment.jar  sJemboss.jar
commons-logging.jar     jembossstore               sJembossPrintAlignment.jar
grout.jar               saaj.jar                   ssaaj.jar
index.html              saxis.jar                  swsdl4j.jar
jakarta-regexp-1.2.jar  scommons-discovery.jar     wsdl4j.jar
jalview.jar             scommons-logging.jar
jaxrpc.jar              sgrout.jar
Jemboss.jar             sjakarta-regexp-1.2.jar
Jemboss.jnlp            sjalview.jar

First, edit the index.html file in the above directory. A little way down the file you'll find the following lines.

 <b><font size=+1 color="#FF0000">Click here to <a href="http://localhost/Jemboss/Jemboss.jnlp">
LAUNCH JEMBOSS</a></font></b></li>

You should replace 'localhost' with the IP address of your server. In our example installation this becomes:

<b><font size=+1 color="#FF0000">Click here to <a 
LAUNCH JEMBOSS</a></font></b></li>

The location Jemboss will be created as an alias. This is explained shortly.

Secondly, you need to edit the Jemboss.jnlp file. Near the top of this file you will see the following lines.


You need to edit the codebase line to point to the HTTP directory. For our example installation these become:

href="Jemboss.jnlp" >

Thirdly, you need to add an alias called 'Jemboss' to your httpd server configuration file. For apache servers this file is usually .../conf/httpd.conf where the three dots refer to the path to the httpd configuration files - this differs from system to system. For example, under Fedora Linux, the file is located at /etc/httpd/conf/httpd.conf. Using the given installation example, you need to add the following line at the bottom of the file:

Alias Jemboss /usr/local/emboss/share/EMBOSS/jemboss/jnlp    

This ensures that, when a user points his browser to http://yourserver/Jemboss, then he will be accessing the files in the above directory.

Finally, your httpd server may not know how to handle jnlp files correctly. Find the file mime.types associated with your httpd server. The location varies from system to system. For example, under Fedora Linux, the file is /etc/mime.types. Make sure that this file contains the following declaration:

application/x-java-jnlp-file jnlp    

If there is a jnlp declaration in the mime.types file that looks different to the above then it is usually advisable to comment out that line and add the one given above.


After editing the file /etc/mime.types you should restart your httpd server for the changes to take effect.

Your Jemboss server is now ready to use.

For those interested in technical details, the following describes what the makeJNLP.sh command really does. The content of the jnlp is:

<?xml version="1.0" encoding="UTF-8"?>
      <offline-allowed />
      <homepage href="/Jemboss/"/>
      <description kind="short">User interface to EMBOSS.
      <icon href="../Jemboss_logo_large.gif"/>
      <j2se version="1.3+"/>
        <jar href="saxis.jar"/>
        <jar href="scommons-logging.jar"/>
        <jar href="scommons-discovery.jar"/>
        <jar href="sJemboss.jar" main="true"/>
        <jar href="sjakarta-regexp-1.2.jar"/>
        <jar href="sjalview.jar" download="lazy"/>
        <jar href="sJembossPrintAlignment.jar"/>
        <jar href="sjcert.jar"/>
        <jar href="sjnet.jar"/>
        <jar href="sjsse.jar"/>
        <jar href="ssaaj.jar"/>
    <application-desc main-class="org.emboss.jemboss.Jemboss"/>

As you can see, it mentions several jar files. Most of them are signed versions of jar files from other projects e.g. saxis.jar is the signed version of axis.jar and is used by the (s)Jemboss.jar file for SOAP procedures.

The script first makes the Jemboss.jar file, using the makeJar.csh script in the same directory. The Jemboss.jar file contains the Jemboss java class files, images and sundry files including the jemboss.properties file described later.

It then creates a keystore using a standard public/private encryption key methodology. The Java keytool command is used for this i.e.

keytool -genkey -alias signFiles -keypass yourKeyPass -keystore jembossstore -storepass yourStorePass

Finally, jarsigner is used to sign all the jar files. The 's' prefix is used when the signed files are created e.g.

jarsigner -keystore jembossstore -signedjar sJemboss.jar Jemboss.jar signFiles
Enter Passphrase for keystore: <yourKeyPass>
Enter key password for signFiles: <yourStorePass>

One reason to bear these technical details in mind is that if, for whatever reason, you decide to edit the jemboss.properties file then you need to rerun the makeJNLP.sh procedure.