Featured White Papers

Java Web Hosting | DailyRazor.com - Over 10yrs Of Java Web Hosting Exp!

Update: Java FTP libraries benchmarked

Find out which library best suits your needs

By Jean-pierre Norguet, JavaWorld.com, 03/06/06

Print
Feedback

As discussed in my previous JavaWorld article "Java FTP Client Libraries Reviewed" (April 2003), FTP support in the JDK does not fully implement the FTP specification (Request for Comments 959). For example, the JDK does not allow the creation of directories on the server or permit the FTP connection to remain open between two file transfers. Thus, when RFC959-compliance is needed, the JDK proves unsatisfying. In addition, when using the JDK's FTP support, FTP server responses are returned as raw strings instead of convenient Java objects. To get complete RFC959-compliant support and convenient methods, Java developers must turn to the third-party libraries available on the market.

Many Java FTP libraries exist and are available on the Internet. These libraries include:

JScape's Secure FTP Factory
Enterprise Distributed Technologies' FTPj
JFtp
Jakarta Commons/Net
Sun JDK
Florent Cueto's JavaFTP API
Bea Petrovicova's jvFTP
The Globus Alliance's Java CoG Kit
Glub Tech's Secure FTP Bean
Calvin Tai's FtpBean

This list is quite long, and comparing the libraries is not straightforward. Indeed, all these libraries implement different features, at various prices, with diverse levels of quality and license terms. Therefore, selecting the right library with regard to specific needs can prove difficult. To help decision-makers choose a library that suits their needs, this article compares and evaluates these libraries.

The comparison involves a number of criteria, including features supported, commercial aspects with regard to the library provider, and file transfer performance. I covered some of this criteria in "Java FTP Client Libraries Reviewed"—please refer to that article for a review. New criteria for this evaluation are security support and file transfer performance. The security support criterion indicates whether the library implements the security extensions for FTP. The performance criterion compares the libraries' transfer speeds.

The security extensions for FTP are defined in the Internet Engineering Task Force's reference document RFC2228. According to the recommendation, secure FTP extensions can be of two types: implicit and explicit. Implicit secure FTP is actually FTP over Secure Socket Layer, using a direct SSL connection, typically over port 990. Explicit secure FTP is FTP over SSL, but instead of using a direct SSL connection as in implicit connection, it first connects to the server using a plain-text FTP connection and then switches to SSL mode using the AUTH SSL or AUTH TLS command to switch to a secure SSL connection. Both implicit SSL and explicit SSL are typically referred to as FTPS (FTP over SSL). FTP security can also be implemented as a subprotocol of SSH (Secure Shell). This kind of implementation is referred to as SFTP. Although the protocols have similar names and functions, they are completely different. This comparison identifies what kinds of SFTP and FTPS secure FTP transfers are supported by each library.

The libraries' performance comparison is based on two measures of transfer speeds. The first measure represents the transfer speed of one large file and indicates how fast the library transfers data over a network. The second measures the transfer speed of many small files and indicates how fast the library operates the communication protocol with the server. These two measures should help in selecting which library is best suited for the target application's specific needs. For example, a library for video transfer over a network should score high at transferring large files, whereas a library for an application that involves many interactions with the FTP server should score high at transferring many small files.