Recently I found an interesting Java applet which works pretty fine for electronic signature, but due to the recent NPAPI stuff with Chrome browser, I've considered it would be a good thing to migrate this applet to a Java application. HTML5/javascript/etc is not a possibility.
The special requisite is that the application should be launched from a browser, despite not being an applet.
The best approach I have found is as follows:
Create an installer which would create a java executable file in the local user's PC.
Create a javascript function to detect whether the application is installed in the computer (just as iTunes does/used to do).
In order to launch the application, create a custom URI Schema handler which would launch the application when found, sending the required parameters to the application (just like the applet does).
Everything sounds pretty smooth, but it's got certain drawbacks:
It's meant to work on different PC's. That means the URI Schema handler and the application MUST be installed/set up in every single computer I want to use the application in.
Migrating the applet code to a java application. It is an old application which i did not write, and it's got a single class with over four thousand lines.
With that in mind, I could not think of a better option. Is this viable? Any recommendation?
Thanks in advance.
Related
i am currently writing a game on javaFX and i have plans to post it in the website i run in the future (end exploit the Ads while at it). The problem is that after searching around a little it seems there is no way to run a java application on a browser.
Allowing people to run it through the browser would really help sharing the program.
My question is: is there today(2018) any way to run a java application through the web? Though i like java, no browser support seems like a really, really bad idea.
Oh, i also heard of Java Web Start. Although it looks like it is just avoiding the problem (not running in the browser) it seems like a good way to share an application. The problem is that it seems it is (Will be?) deprecated? I am helpless, it is like java isn't even trying anymore...
PS: If it makes any difference my game would be a 2D game with 3rd person view. It will also require some server stuff since players will create "arenas" that others can challenge. I would say my game wouldn't be "simple".
Java Web Start does the job very well—if you are willing to pay for a code signing certificate. (They’re a lot more expensive than regular SSL certificates.) The idea is that a user clicks on a hyperlink on your page, which causes the user’s Java installation to launch your application (possibly after installing it). This requires users to have Java installed beforehand.
If you don’t have the resources or desire to go with a code signing certificate, you can look at https://docs.oracle.com/javase/9/deploy/self-contained-application-packaging.htm. It allows you to create native installation packages for JavaFX applications. The disadvantage: You need each platform to create an installer for it. Meaning, you need Windows to create a Windows installer, OS X to create an OS X installation image, and Linux to create a Linux package. Some may also require signing using native tools.
Java 9 includes the jmod and jlink tools, which are capable of creating a file tree with an executable shell script or .bat file. A major advantage is that you can build such a tree for any platform, regardless of your own platform, if you unpackage the foreign platform’s JDK on your machine. Another advantage is that the user doesn’t need to have Java installed at all. A disadvantage is that the script requires a terminal, unless running on Linux.
Of course, you can just go the manual route and distribute a zip file which contains your .jar file(s), a shell script you’ve written, and a .bat file you’ve written. It’s not elegant, but it’s better than nothing. But it may trip up some non-technical users.
There exist a number of tools which create a native executable from .jar files, but I am not familiar with them (and I prefer to avoid third party tools unless they are truly necessary).
Whatever approach you choose, the answer is the same: You distribute something on your web page which the user downloads and runs. Aside from the download process, the browser is not involved.
What you can’t do is have users run your application inside the browser. That is deprecated, with good reason: It’s a disaster for the browser performance, for the Java runtime, for security, and for the user experience. And Firefox has all but banned plugins, so you’d be locking out a substantial percentage of users.
So, how much trust do I need to have in a publisher before I run their applet in the web browser?
In other words, I understand that a java applet is run in a sandbox in the browser, but this article suggests that the applet can actually access files stored on the local computer.
Can you please clarify the security limits of a java applet run in a modern browser, such as Firefox 50?
I understand that a java applet is run in a sandbox in the browser, but this article suggests that the applet can actually access files stored on the local computer.
There are potentially three different levels of security available to a Java applet.
The first is as you described 'sandboxed'. They can only access resources from their own server, nothing on your local file system unless they are launched using Java Web Start & will thereby have access to the services of the JNLP API. You might note that two of the services are the FileOpenService / FileSaveService! If the applet goes to use these, the end user will be prompted to permit the action via a dialog that states what the applet is trying to do, and asking for permission to proceed (to show a file chooser & go from there). These services provide back a 'file like' object that is more limited than the normal File API would supply. For example, it will not provide the path to the resource, just it's name and access to the content.
The level up from that can be specified in the launch file - '(J2EE) application client permissions'. This level removes the prompts for use of the JNLP API services.
The highest level of access is obtained by requesting, and being granted, 'all permissions'. Then the applet should have full access to File objects, be able to communicate with servers other than the one that launched it, etc. One of the few things they would still not be permitted to do in this mode is to call System.exit(n) to effectively 'kill the JRE' - this is something that is commonly done in other desktop apps.
But then there are JRE bugs, that screw all that up. Sun, then Oracle, kept stuffing up security so poorly (& regularly) that many browser manufacturers are entirely removing the support for applets (and other embedded objects requiring plug-ins) in web pages.
See Java Plugin support deprecated and Moving to a Plugin-Free Web for more detail.
..how much trust do I need to have in a publisher before I run their applet in the web browser?
I cannot answer for you, but my take would be that I would need to know them personally, and trust completely both their integrity and competence before I'd run their code in any browser I controlled.
Having said that, I don't think I have a single browser installed that even supports applets, and my complete lack of motivation to set something up, is probably a good view on whether I'd allow applets to run on this PC at all.
I have created a Java applet as part of a request from a client for a web-based program, and while I've gotten it embedded, Chrome has disabled support, you need to bypass various security protocols in both Internet Explorer and Firefox, and Edge doesn't have support for java in the first place. My question is, is there some sort of way we can run this program through a wrapper or an alternative way of getting it on the web without re-writing the entire program in a different language? Thanks!
Realistically, as you're seeing, applets are dead. Your best option is to use Java Web Start and convert your applet into an application. That really isn't too bad to do but it will require some work.
Basically the server sends a JNLP file that runs an application. The application (i.e. your Java application) can be downloaded from a remote server so that you don't have to have pre-installed anything except for Java on the client machine.
I am developing a web application using HTML5, AngularJS, REST Webservices, Java etc. I will be hosting it over company's intranet. I have a peculiar requirement where I need to run exes which are already copied to client machine. The 'run' should be triggered from backend java code and user need not click on any UI link.
I am exploring Java Web Start, but I guess some user interaction in mandatory in it. If some signed content, certificates are required I can do that.
Is this feasible?
What you want is exactly what any virus builder dreams of. Therefor, it has been made VERY difficult. There are only 2 ways in which I think you could do this:
Use a java applet. It needs to be signed perfectly and the security settings in the users browsers need to be lowered. Even then I'm not entirely sure they don't have to click 'accept' somewhere.
Create a browser plugin. You could write a browser plugin, which would allow you to do basically anything you want. You would need to install it everywhere though.
If there is any way of getting around the requirement of running an exe from a web browser, I suggest you take it.
Java Compatibility
I have been having some trouble with making a custom browser I am using a default class provided by oracle for a custom browser. One thing I noticed with the browser is that it cannot run java applets without some sort of variation of java browser plugins. How exactly do normal browsers receive information from a web server to run a java program externally? Is there any way to somehow point the browser toward the jre to run the app like on a normal browser. Just need somewhere to start. FireFox apparently references some sort of MIME format under the npjp2.dll native found in the jre directory. Thanks Very Much.
Oracle Example
You can provide the user with a standard html download page in order for him to download a JNLP file which is the standard file to start a java web start app (applet). If the user's system has java installed, it must recognize the .jnlp file and assosiate it as a java app. It's an extra step, for the user to manually download the file instead of running automatically on a web browser, however because of recent security loopholes on java web implementations, most browsers don't trust java anymore, therefore the blocking. If you insist on setting up a web start app in a browser you must make sure that all users have appropriate security configurations on ther java installation (very unlikely).
EDIT:
Here's a very nice tutorial on how to achieve what I just explained.
TUTORIAL