Because JME is a Java standard, developers and
security testers benefit from being able to use roughly the same
toolchain as used for standard Java development. If you have a favorite
Java development environment, it may be worth sticking with it. The only
unique development requirements are a device emulator and the CLDC and
MIDP libraries. The compiler is identical. Sun freely provides the Java
ME SDK (the SDK), which includes an emulator, emulator images, class
libraries, samples, and a simple development environment. Each device
manufacturer or operator may also distribute their own version of the
toolkit, which contains additional emulator images and libraries. These
custom toolkits are generally only required when targeting specific
devices.
JME development tools for
CLDC, CDC, and MIDP applications used to be distributed independently.
Now every mobile configuration and profile is bundled together in the
SDK and available as one download.
This author’s preferred
development environment is NetBeans with the NetBeans Mobility Pack. It
seamlessly integrates with the SDK and requires very little
configuration to get things up and running. Other developers prefer
Eclipse (www.eclipse.org) with the Mobile Tools for Eclipse plug-in installed (www.eclipse.org/dsdp/mtj/).
Unfortunately, some of the JME profiling tools are not yet integrated
into Eclipse. Throughout this article, screenshots and instructional
text will refer to development using the free NetBeans editor and the
Java ME SDK. At the time of this writing, the most recently released
version of the SDK is 3.0.
To find manufacturer custom
SDKs, visit the manufacturer’s website. If you’re testing a device on a
specific carrier, that carrier may offer unique emulator images that are
customized and differ from the manufacturer’s standard images. Almost
everyone requires registration, but the APIs themselves are almost
always free. Use the carrier specific packages if they exist because
many operators, especially in North America, change security settings,
add software, or otherwise affect the device’s behavior. Here are some
manufacturer and carrier download sites:
Configuring a Development Environment and Installing New Platforms
Follow these steps to install NetBeans and the JME SDK 3.0 on Windows:
1. | Download and install version 5 or 6 of the Java Development Kit (JDK). This is required to run NetBeans.
|
2. | Download the SDK from Sun’s website (http://java.sun.com/javame/downloads/sdk30.jsp).
Installing Sun’s SDK is not strictly required because a version is
included with NetBeans. However, installing the latest version is always
a good idea.
|
3. | Run the downloaded executable file (sun_java_me_sdk-3_0-win.exe).
|
4. | Click
through the installer and read the options to make sure they work for
you. By default, the SDK will be installed to \Java_ME_platform_SDK_3.0.
|
5. | Download NetBeans with the Mobility Pack (www.netbeans.org/downloads/index.html).
Make sure to select a version that supports Java ME development.
Alternatively, you could use the pared-down version of NetBeans that
comes with Sun’s SDK, but it does not have a debugger, which is an
essential security testing tool.
|
6. | After installing NetBeans, make sure to install any updates. There have been security vulnerabilities in the JME SDK before.
|
7. | Once NetBeans has been installed, start the IDE by clicking on the NetBeans IDE icon in the Start menu. See Figure 1 for the screenshot.
|
8. | You
will now have to tell NetBeans about the new version of the JME SDK.
After you do this, NetBeans will be able to compile using those
libraries and use the emulator images. This is the same process used
when downloading and installing operator and manufacturer SDKs.
|
9. | Within NetBeans, open the Tools menu and select Java Platforms.
|
10. | Click Add Platform to add a new Java platform.
|
11. | Select the Java ME MIDP Platform Emulator radio button and click Next.
|
12. | NetBeans
should find the third-edition SDK automatically. If it doesn’t,
navigate to the folder where the SDK was installed (for example,
c:\JAVA_ME_platform_SDK_3.0).
|
13. | Click Okay to install the platform.
|
If
you are running on a Windows system with Data Execution Protection
(DEP) enabled, the emulator may crash immediately because it is
executing code from operating system memory pages not marked as
executable. Here’s how to fix this:
In Windows, open the Advanced System Settings dialog by right-clicking on Computer and choosing Properties. Select the Advanced tab and click Performance Options. Choose the Data Execution Prevention tab. Add
the emulator runtime to the DEP excepted programs list
(C:\Java_ME_platform_SDK_3.0\runtimes\cldc-hi-javafx\bin\
runMidlet.exe).
Each wireless
toolkit names this executable slightly differently. To determine which
executable is crashing, review the system crash report. Be careful not
to leave nonspecialized applications such as java.exe in the exclusion
list because this does decrease your machine’s anti-exploitation
protections.
|
|
14. | To
test everything out, import one of the sample projects by clicking File
| New Project. Select the Java ME category, choose the Mobile Projects
with Existing MIDP Sources project type, and navigate to one of the
samples installed with the JME SDK. The Demos application is a good
starting point (C:\Java_ME_platform_SDK_3.0\apps\Demos).
|
15. | Once
the project is imported, click the green Run arrow in the toolbar to
actually run the project. If all has gone well, an emulator should pop
up and the application should be started.
|
Emulator
The emulator lets you
simulate real-world devices without having the actual hardware. For JME,
this is especially invaluable because there are thousands of different
models in the marketplace. Thankfully, the SDK contains emulator images
for the most popular devices and form factors. These images are a great
place to start when you’re first poking around with JME.
One advantage of JME over
other shared mobile platforms (such as Windows Mobile) is that the
application and platform security behavior is specified by MIDP and
CLDC. Therefore, the emulator’s behavior should be relatively consistent
with the
behavior of real devices. However, some manufacturers and carriers do
tweak the rules, so always make sure to test on the target device.
Configuring the Emulator
The default SDK emulators
support many of the newer JSRs that may not be available on production
devices. Also, the emulators don’t enforce security by default, which
makes it impossible to test the security system. Before using the
emulators, make sure to enable security and add or remove JSRs to match
your testing target. This is especially handy when an emulator is not
easily available from the device manufacturer.
Adding and Removing JSRs
To add or remove support for optional JSRs in NetBeans, do the following:
Open the project’s properties by right-clicking on the project and selecting Properties.
Select the Platform category from the right-side tree menu. This property page lets you tweak individual settings on the device.
Disable
or enable individual JSRs by finding their API set and clicking the
check box. Unfortunately, the actual JSR number is not provided in this
list.
Enabling Security
The MIDP security specification groups access to a device into permission domains.
By default, applications written in NetBeans will run in the Maximum
permission domain, which should never happen in the real world and won’t
exhibit close to the same security behavior as it will on an actual
device. To actually test the security of your application, force the
application to run in a restricted permission domain. This way, you can
see how the application will respond on a real device. Of course,
individual devices may behave differently, and any real testing should
be performed with the appropriate target toolkit and certificates.
To cause an application to run in a particular permission domain when being deployed from NetBeans, do the following:
Open the project’s properties by right-clicking on the project and selecting Properties.
Select the Running category from the right-side tree menu.
Check the Specify the Security Domain check box and select a permission domain. For this exercise, choose Minimum.
Run
the Demos project. Notice that the application won’t actually start.
This is because the project uses the HTTP and HTTPS library and is not
being signed by NetBeans, which causes the device to block the
application from running.
