Java applet

A Java applet that was created as supplementary demonstration material for a scientific publication.
A Java applet that uses 3D hardware acceleration to visualize 3D files in .pdb format downloaded from a server[1]
Using applet for nontrivial animation illustrating biophysical topic (randomly moving ions pass through voltage gates)[2]
Using a Java applet for computation  intensive visualization of the Mandelbrot set[3]
Applets' running speed is sufficient for making e.g. nontrivial computer games that play chess.[4]
NASA World Wind (open source) is a second generation applet[5] that makes heavy use of OpenGL and on-demand data downloading to provide a detailed 3D map of the world.
Web access to the server console at the hardware level with the help of a Java applet
Demonstration of image processing using two dimensional Fourier transform[6]

A Java applet is a small application which is written in Java or another programming language that compiles to Java bytecode and delivered to users in the form of that bytecode. The user launches the Java applet from a web page, and the applet is then executed within a Java Virtual Machine (JVM) in a process separate from the web browser itself. A Java applet can appear in a frame of the web page, a new application window, Sun's AppletViewer, or a stand-alone tool for testing applets. Java applets were introduced in the first version of the Java language, which was released in 1995.

Java applets are usually written in Java, but other languages such as Jython,[7] JRuby,[8] Pascal,[9] Scala, or Eiffel (via SmartEiffel)[10] may be used as well.

Java applets run at very fast speeds and, until 2011, they were many times faster than JavaScript.[11] Unlike JavaScript, Java applets had access to 3D hardware acceleration, making them well-suited for non-trivial, computation-intensive visualizations. As browsers have gained support for hardware-accelerated graphics thanks to the canvas technology (or specifically WebGL in the case of 3D graphics),[12][13] as well as just-in-time compiled JavaScript,[14][15] the speed difference has become less noticeable.

Since Java's bytecode is cross-platform (or platform independent), Java applets can be executed by browsers (or other clients) for many platforms, including Microsoft Windows, FreeBSD, Unix, macOS and Linux.

Overview

The Applets are used to provide interactive features to web applications that cannot be provided by HTML alone.They can capture mouse input and also have controls like buttons or check boxes. In response to user actions, an applet can change the provided graphic content. This makes applets well-suited for demonstration, visualization, and teaching. There are online applet collections for studying various subjects, from physics[16] to heart physiology.[2]

An applet can also be a text area only; providing, for instance, a cross-platform command-line interface to some remote system.[17] If needed, an applet can leave the dedicated area and run as a separate window. However, applets have very little control over web page content outside the applet's dedicated area, so they are less useful for improving the site appearance in general, unlike other types of browser extensions (while applets like news tickers[18] or WYSIWYG editors[19] are also known). Applets can also play media in formats that are not natively supported by the browser.[20]

Pages coded in HTML may embed parameters within them that are passed to the applet. Because of this, the same applet may have a different appearance depending on the parameters that were passed.

As applets were available before CSS and DHTML were standard, they were also widely used for trivial effects such as rollover navigation buttons. Heavily criticized, this usage is now declining.[21]

Technical information

Java applets are executed in a sandbox by most web browsers, preventing them from accessing local data like the clipboard or file system. The code of the applet is downloaded from a web server, after which the browser either embeds the applet into a web page or opens a new window showing the applet's user interface.

A Java applet extends the class java.applet.Applet, or in the case of a Swing applet, javax.swing.JApplet. The class which must override methods from the applet class to set up a user interface inside itself (Applet) is a descendant of Panel which is a descendant of Container. As applet inherits from container, it has largely the same user interface possibilities as an ordinary Java application, including regions with user specific visualization.

The first implementations involved downloading an applet class by class. While classes are small files, there are often many of them, so applets got a reputation as slow-loading components. However, since .jars were introduced, an applet is usually delivered as a single file that has a size similar to an image file (hundreds of kilobytes to several megabytes).

The domain from where the applet executable has been downloaded is the only domain to which the usual (unsigned) applet is allowed to communicate. This domain can be different from the domain where the surrounding HTML document is hosted.

Java system libraries and runtimes are backwards-compatible, allowing one to write code that runs both on current and on future versions of the Java virtual machine.

Similar technologies

Many Java developers, blogs and magazines are recommending that the Java Web Start technology be used in place of applets.[22][23] Java Web Start allows the launching of unmodified applet code, which then runs in a separate window (not inside the invoking browser).

A Java Servlet is sometimes informally compared to be "like" a server-side applet, but it is different in its language, functions, and in each of the characteristics described here about applets.

Embedding into a web page

The applet can be displayed on the web page by making use of the deprecated applet HTML element,[24] or the recommended object element.[25] The embed element can be used[26] with Mozilla family browsers (embed was deprecated in HTML 4 but is included in HTML 5). This specifies the applet's source and location. Both object and embed tags can also download and install Java virtual machine (if required) or at least lead to the plugin page. applet and object tags also support loading of the serialized applets that start in some particular (rather than initial) state. Tags also specify the message that shows up in place of the applet if the browser cannot run it due to any reason.

However, despite object being officially a recommended tag, as of 2010, the support of the object tag was not yet consistent among browsers and Sun kept recommending the older applet tag for deploying in multibrowser environments,[27] as it remained the only tag consistently supported by the most popular browsers. To support multiple browsers, the object tag currently requires JavaScript (that recognizes the browser and adjusts the tag), usage of additional browser-specific tags or delivering adapted output from the server side. Deprecating applet tag has been criticized.[28] Oracle now provides a maintained JavaScript code[29] to launch applets with cross platform workarounds.

The Java browser plug-in relies on NPAPI, which many web browser vendors are deprecating due to its age and security issues. In January 2016, Oracle announced that Java runtime environments based on JDK 9 will discontinue the browser plug-in.[30]

Example

The following example illustrates the use of Java applets through the java.applet package. The example also uses classes from the Java Abstract Window Toolkit (AWT) to produce the message "Hello, world!" as output.

import java.applet.*;
import java.awt.*;

// Applet code for the "Hello, world!" example.
// This should be saved in a file named as "HelloWorld.java".
public class HelloWorld extends Applet {

    // Print a message on the screen (x=20, y=10).
    public void paint(Graphics g) {
        g.drawString("Hello, world!", 20, 10);

        // Draws a circle on the screen (x=40, y=30).
        g.drawArc(40, 30, 20, 20, 0, 360);

      // Draws a rectangle on the screen (x1=100, y1=100, x2=300,y2=300).
        g.drawRect(100, 100, 300, 300);

      // Draws a square on the screen (x1=100, y1=100, x2=200,y2=200).
        g.drawRect(100, 100, 200, 200);



    }
}

Simple applets are shared freely on the Internet for customizing applications that support plugins.[31]

After compilation, the resulting .class file can be placed on a web server and invoked within an HTML page by using an <applet> or an <object> tag. For example:

<!DOCTYPE html>
<html>
<head>
  <title>HelloWorld_example.html</title>
</head>
<body>
  <h1>A Java applet example</h1>
  <p>Here it is: <applet code="HelloWorld.class" height="40" width="200">
    This is where HelloWorld.class runs.
  </applet></p>
</body>
</html>

When the page is accessed it will read as follows:

A Java applet example
Here it is: Hello, world!

To minimize download time, applets can be delivered in the form of a jar file. In the case of this example, if all necessary classes are placed in the compressed archive example.jar, the following embedding code could be used instead:

<p>Here it is: <applet archive="example.jar" code="HelloWorld" height="40" width="200">
  This is where HelloWorld.class runs.
</applet></p>

Applet inclusion is described in detail in Sun's official page about the APPLET tag.[32]

Advantages

A Java applet can have any or all of the following advantages:[33]

Disadvantages

A Java applet may have any of the following disadvantages compared to other client-side web technologies:

Sun has made considerable efforts to ensure compatibility is maintained between Java versions as they evolve, enforcing Java portability by law if required. Oracle seems to be continuing the same strategy.

1997 Sun vs Microsoft

The 1997 lawsuit,[35] was filed after Microsoft created a modified Java Virtual Machine of their own, which shipped with Internet Explorer. Microsoft added about 50 methods and 50 fields[35] into the classes within the java.awt, java.lang, and java.io packages. Other modifications included removal of RMI capability and replacement of Java native interface from JNI to RNI, a different standard. RMI was removed because it only easily supports Java to Java communications and competes with Microsoft DCOM technology. Applets that relied on these changes or just inadvertently used them worked only within Microsoft's Java system. Sun sued for breach of trademark, as the point of Java was that there should be no proprietary extensions and that code should work everywhere. Microsoft agreed to pay Sun $20 million, and Sun agreed to grant Microsoft limited license to use Java without modifications only and for a limited time.[36]

2002 Sun vs Microsoft

Microsoft continued to ship its own unmodified Java virtual machine. Over the years it became extremely outdated yet still default for Internet Explorer. A later study revealed that applets of this time often contain their own classes that mirror Swing and other newer features in a limited way.[37] In 2002, Sun filed an antitrust lawsuit, claiming that Microsoft's attempts at illegal monopolization had harmed the Java platform. Sun demanded Microsoft distribute Sun's current, binary implementation of Java technology as part of Windows, distribute it as a recommended update for older Microsoft desktop operating systems and stop the distribution of Microsoft's Virtual Machine (as its licensing time, agreed in the prior lawsuit, had expired).[36] Microsoft paid $700 million for pending antitrust issues, another $900 million for patent issues and a $350 million royalty fee to use Sun's software in the future.[38][39]

2010 Oracle vs Google

Google has developed its own Android platform that uses Java features and concepts, yet is incompatible with standard libraries. This may be a violation of conditions under which Sun granted OpenJDK patents to use open source Java for all.[40] In 2010, Oracle sued Google[41] for using Java "in a wrong way", claiming that "Google's Android competes with Oracle America's Java" and that "Google has been aware of Sun’s patent portfolio ... since Google hired certain former Sun Java engineers". In May 2012, the jury in this case found that Google did not infringe on Oracle's patents, and the trial judge ruled that the structure of the Java APIs used by Google was not copyrightable.[42][43]

Security

There are two applet types with very different security models: signed applets and unsigned applets.[44] As of Java SE 7 Update 21 (April 2013) applets and Web-Start Apps are encouraged to be signed with a trusted certificate, and warning messages appear when running unsigned applets.[45] Further starting with Java 7 Update 51 unsigned applets are blocked by default; they can be run by creating an exception in the Java Control Panel.[46]

Unsigned

Limits on unsigned applets are understood as "draconian":[47] they have no access to the local filesystem and web access limited to the applet download site; there are also many other important restrictions. For instance, they cannot access all system properties, use their own class loader, call native code, execute external commands on a local system or redefine classes belonging to core packages included as part of a Java release. While they can run in a standalone frame, such frame contains a header, indicating that this is an untrusted applet. Successful initial call of the forbidden method does not automatically create a security hole as an access controller checks the entire stack of the calling code to be sure the call is not coming from an improper location.

As with any complex system, many security problems have been discovered and fixed since Java was first released. Some of these (like the Calendar serialization security bug)[48] persisted for many years with nobody being aware. Others have been discovered in use by malware in the wild.

Some studies mention applets crashing the browser or overusing CPU resources but these are classified as nuisances[49] and not as true security flaws. However, unsigned applets may be involved in combined attacks that exploit a combination of multiple severe configuration errors in other parts of the system.[50] An unsigned applet can also be more dangerous to run directly on the server where it is hosted because while code base allows it to talk with the server, running inside it can bypass the firewall. An applet may also try DoS attacks on the server where it is hosted, but usually people who manage the web site also manage the applet, making this unreasonable. Communities may solve this problem via source code review or running applets on a dedicated domain.[51][52]

The unsigned applet can also try to download malware hosted on originating server. However it could only store such file into a temporary folder (as it is transient data) and has no means to complete the attack by executing it. There were attempts to use applets for spreading Phoenix and Siberia exploits this way, but these exploits do not use Java internally and were also distributed in several other ways.

Signed

A signed applet[53] contains a signature that the browser should verify through a remotely running, independent certificate authority server. Producing this signature involves specialized tools and interaction with the authority server maintainers. Once the signature is verified, and the user of the current machine also approves, a signed applet can get more rights, becoming equivalent to an ordinary standalone program. The rationale is that the author of the applet is now known and will be responsible for any deliberate damage. This approach allows applets to be used for many tasks that are otherwise not possible by client-side scripting. However, this approach requires more responsibility from the user, deciding whom he or she trusts. The related concerns include a non-responsive authority server, wrong evaluation of the signer identity when issuing certificates, and known applet publishers still doing something that the user would not approve of. Hence signed applets that appeared from Java 1.1 may actually have more security concerns.[54]

Self-signed

Self-signed applets, which are applets signed by the developer themselves, may potentially pose a security risk; java plugins provide a warning when requesting authorization for a self-signed applet, as the function and safety of the applet is guaranteed only by the developer itself, and has not been independently confirmed. Such self-signed certificates are usually only used during development prior to release where third-party confirmation of security is unimportant, but most applet developers will seek third-party signing to ensure that users trust the applet's safety.

Java security problems are not fundamentally different from similar problems of any client-side scripting platform. In particular, all issues related to signed applets also apply to Microsoft ActiveX components.

As of approximately Jan 1 2014, self-signed and unsigned applets are no longer accepted by the commonly available java plugins or java web start. Consequently, developers who wish to deploy java applets have no alternative but to acquire trusted certificates from commercial sources.

Alternatives

Alternative technologies exist (for example, JavaScript, Flash, signed SCSK Curl applets and Microsoft Silverlight) that satisfy some of the scope of what is possible with an applet. Of these, JavaScript is not always viewed as a competing replacement; JavaScript can coexist with applets in the same page, assist in launching applets (for instance, in a separate frame or providing platform workarounds) and later be called from the applet code.[55] JavaFX is an extension of the Java platform and may also be viewed as an alternative.

See also

References

  1. "The home site of the 3D protein viewer (Openastexviewer) under LGPL".
  2. 1 2 "The virtual hearth".
  3. "The home site of the Mandelbrot set applet under GPL".
  4. "The home site of the chess applet under BSD".
  5. "Java.Sun.com".
  6. "2D FFT Java applet".
  7. "Jython applet page".
  8. About Java applets in Ruby
  9. "Free Pascal Compiler for JVM".
  10. A tool to produce Java applets with SmartEiffel
  11. "An example of the 2005 year performance benchmarking". 8 June 2007.
  12. "canvas - HTML". Mozilla Developer Network. Retrieved 15 August 2015.
  13. "WebGL - Web API Interfaces". Mozilla Developer Network. Retrieved 15 August 2015.
  14. "Design Elements - Chrome V8". Retrieved 15 August 2015.
  15. "JavaScriptCore". Retrieved 15 August 2015.
  16. "Paul Falstad online applet portal".
  17. "Jraft.com".
  18. ObjectPlanet.com, an applet that works as news ticker
  19. Sferyx.com, a company that produces applets acting as WYSWYG editor.
  20. Cortado applet to play ogg format
  21. Top 13 Things Not to Do When Designing a Website
  22. "JavaWorld.com". JavaWorld. 6 July 2001.
  23. "JavaChannel.net".
  24. "W3.org".
  25. "W3.org".
  26. "Java Downloads for All Operating Systems". Java.com. 14 August 2012. Retrieved 2013-06-14.
  27. Sun's position on applet and object tags
  28. Criticism of APPLET tag deprecation
  29. Java applet launcher from Oracle - Link Broken!
  30. "Oracle deprecates the Java browser plugin, prepares for its demise". Ars Technica. Retrieved 15 April 2016.
  31. For example, see Java applet section in Wikiversity
  32. Java.Sun.com Sun's APPLET tag page Archived 5 January 2010 at the Wayback Machine.
  33. Oracle official overview on Java applet technology
  34. "How do I get Java for Mobile device?". 30 July 2014.
  35. 1 2 Zukowski, John (1 October 1997). "What does Sun's lawsuit against Microsoft mean for Java developers?". JavaWorld.
  36. 1 2 "Sun's page, devoted for the lawsuits against Microsoft".
  37. Kenai.com (2011) Most common problems, found in the code of the reviewed applets.
  38. "Sun - Microsoft 2002 lawsuit". Archived from the original on 21 December 2012.
  39. Microsoft page devoted to the Sun - Microsoft 2002 lawsuit Archived 25 February 2010 at the Wayback Machine.
  40. "Oracle's complaint against Google for Java patent infringement". Scribd.com. Retrieved 2013-06-14.
  41. "Oracle sues Google over Android". VentureBeat.
  42. Josh Lowensohn (23 May 2012). "Jury clears Google of infringing on Oracle's patents". ZDNet. Retrieved 2012-05-25.
  43. Joe Mullin (31 May 2012). "Google wins crucial API ruling, Oracle's case decimated". Ars Technica. Retrieved 2012-06-01.
  44. "Sun's explanation about applet security".
  45. "Java Applet & Web Start - Code Signing". Oracle. Retrieved 28 February 2014.
  46. "What should I do when I see a security prompt from Java?". Oracle. Retrieved 28 February 2014.
  47. Java Security FAQ Applet Security Restrictions by Mark Wutka
  48. Sami Koivu. "Description of Calendar serialization security bug".
  49. Java Security FAQ
  50. Avirubin.com
  51. Strategy.Wikimedia.org, proposal with discussion about Java applets in community sites
  52. Ultrastudio.org, user editable educational site with full applet support
  53. "Informit.com".
  54. "Sid Stamm, Markus Jakobsson, Mona Gandhi (2006). A study in socially transmitted malware".
  55. Rgagnon.com, calling a Java applet from JavaScript
Wikimedia Commons has media related to Java applets.
This article is issued from Wikipedia - version of the 12/3/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.