Google has recently announced their intentions to remove client-side Java support from Chrome in the near future. I, a Java developer by nature, have built nearly all of my web-based applications on top of some form of Java.
As such, I am looking for a workaround for Chrome's discontinuation of Java support, without having to rewrite all of my client-side web apps from the ground-up in another language.
Furthermore, I'm searching for a workaround which does not require Chrome's built-in NPAPI workarounds, as I need basic users to be able to continue to use the applets as they are.
The best option I'm aware of is Java Web Start (tutorial), which doesn't run in browser but does allow users to easily run a Java application you serve from a website. Oracle provides some documentation on how to migrate to JWS, but the gist is to simply replace the <applet> tags with a link to a .jnlp file with the same information the <applet> tag had. You may have to tweak Chrome's application defaults as well.
There is also the Google Web Toolkit, which isn't for applets, but does let you write Java that compiles into JavaScript.
If your applets are more integrated into the browser, unfortunately you may not be able to keep using Java. Chromium does offer some alternatives on their NPAPI deprecation page, but they're not pretty. Options include HTML5/WebGL, WebRTC, NaCL, or Chrome Extensions. The Chrome Experiments site is worth browsing if migrating off of Java becomes your best option.
Oracle's official recommendation, however, is to avoid Chrome. That's pretty heavy-handed, and won't work for most website owners, but it's worth mentioning.
Related
I'm little worrying about the removal of Java web Start from Java 11.
Any special reason behind javaws removal ? And share the best alternatives for javaws.
IcedTea-Web seems to be a go-to replacement for Java Web Start.
Reason for removing it can be found in JEP-289
To run a Java applet in a web browser requires the use of a browser plug-in. As of late 2015, however, many browser vendors have either already removed plug-in support or else announced timelines for such removal. Once browser plug-ins disappear, there will be no reason to use the Applet API.
I have made and compiled a Java applet and run it using java appletviewer. It is running fine as expected. But I am not able to run it usingany web browser like chrome or internet explorer even after enabling java. I have viewed lots of pages and forums with people facing the same problem with no use. My html code is:
`<html>
<head>
<title> Calculator </title>
<!--<meta name="discription" content="MultiPurpose Calculator">
<meta name="keywords" content="standard calculator;scientific calculator;loan calculator;calculator;applet">-->
</head>
<Applet code="cal3.class" width=500 height=600>
</Applet>
</html>`
cal3 is the name of the compiled java class. Thank you in advance!!
tl;dr
Wrap your Java applet in a JNLP file to be served as a Java Web Start app.
Oracle no longer supports Java Applet technology
Oracle officially deprecated the Applet API in JEP 289 for Java 9. The appletviewer tool is also deprecated. These are not marked for deletion in the next version after Java 9, but may go away in later versions.
Browsers no longer support Java Applet
Embedding Java Applets within web browsers has proven to be an insoluble security problem. The industry has given up on trying to make this work. Ditto for Flash and Silverlight.
Google Chrome browser no longer supports the NPAPI plugin architecture, and therefore no longer supports Java Applet technology.
Microsoft Edge web browser does not support plugins such as that needed for Java Applet.
Mozilla Firefox browser dropped support for the NPAPI plugin architecture, and therefore Java Applet, in version 52 and later. See this Question on SuperUser.StackExchange.com. For older versions, Mozilla gives instructions on how to disable Java Applet.
Apple has been taking steps to phase out Java Applet support for years. This includes giving directions to disable the necessary plugin, as well as defaulting to disabling, and later omitting, the necessary plugin. Now Safari 11 has no direct support, though you might get it to work by mimicking a Microsoft Internet Explorer browser as described here.
And speaking of Microsoft Internet Explorer browsers, you might be able to get Java Applet to work. Try these instructions. I do not recommend doing so.
Java Web Start
I do not recommend using Java Applets.
Instead, learn about Java Web Start technology. You get the convenience of obtaining and launching Java apps via the web browser, but the actual app runs as a separate local app on the user’s machine rather than inside the browser.
For security, they run by default in the same kind of limited “sandbox” as Java Applets. This sandbox restricts access to the various features of the host OS and hardware. You can take measures to relax the security restrictions, as appropriate to the needs of your app.
Wrap your applet
You can even wrap an existing Java Applet in a jar file with a JNLP file to deploy as a Java Web Start app.
Oracle and the Java community continue to actively support and advance Java Web Start, including an update to the JNLP spec in 2017-09.
Your code is okay the problem is on he browser. Most browsers now days are ending support for java. Browsers don't allow and don't support java code to run, like running applets on the browser. The good old days of java code on browser has come to an end. Newer version and updates of HTML are killing java same they did with flashplayer.
Maybe Internet Explorer might be a good option in this case.
We have a custom Java applet that performs certain tasks, like loading a PDF from local filesystem, signing it with certificates from system KeyStore/smart card etc. Such actions are not possible in regular HTML/JavaScript. Now that Java is being deprecated across browsers, we are looking for possibilities to replace the applet functionality.
There is this Web Cryptography API, but unfortunately the spec does not cover using system keystore. There is another spec for this, WebCrypto Key Discovery, but I don't think it is currently supported by any browser.
Mozilla had an API that might be exactly what we need, but unfortunately it is deprecated now.
So it looks like our only options are:
Write a custom desktop GUI app
Write a custom browser plugin
Or is there some better solution? What do you suggest? I don't care if the solution would be only for Internet Explorer since most of our users use.
Due to Java restrictions on browsers is not possible in general to use the OS native Key Store. You still can use Java in old versions of IE and Firefox, but Oracle has announced that will discontinue JRE plugin for browser, and Firefox decided to drop java support in 2017, so it is not recommended
Write a browser plugin is not possible because browsers do not allow access to several OS functions. In particular Chrome plugin API only allow access to user certificates in Chrome OS, not in Windows or Linux. For Edge, I think the plugin interface is not available yet.
There are some alternatives
Use WebCryptographyApi to load a software certificate. See How to load a PKCS#12 Digital Certificate with Javascript WebCrypto API
Use chrome messaging api (Estonian solution). See https://stackoverflow.com/a/29806091/6371459
Use a local application connected through javascript (Spanish solution) See https://stackoverflow.com/a/38658414/6371459
I personally have tested the first and the last options. For Estonian solution, I suggest to contact with the team. I think the currently support only some smartcards
I need to create digital signature of some XML data with a client certificate(smart card) using web browser. Usually I used to do it with a java applet executing on the client side. The benefit being multiplatform in terms of OS and browsers.
However this option is getting increasingly harder and harder to implement and support in the long term. Virtually all browsers require some sort of action in order to execute such applet, code signing with a trusted certificate is almost mandatory nowadays, new manifest attributes and so on. Well there is nothing wrong with some extra layer of security and I am ok with that.
However Google Chrome as of April 2015 has stopped support for Java applets (and other plugins as well) - there is a configuration switch but it won't be available for much longer as stated here.
Mozilla Firefox does not have end of support date for NPAPI but they call it "legacy technology".
As for IE - it does not support plugins in Modern UI.
So with Java applets no longer really a universal option what are my choices?
What I have investigated so far:
ActiveX - IE only
Silverlight - no access to certificates at all and as a plugin faces the same limitations as Java
Browser specific extensions; For example Firefox up until version 33 used to have window.crypto.signText but not anymore
local applications installed on the client - not easy to install, support, develop and update for several OS and their different versions.
Web Cryptography - "only basic cryptographic functions", no certificates support
I ran out of ideas. All suggestions are welcome and appreciated.
I did same research few weeks ago, and the first option for me is migrate to firefox (at least for now).
An alternative, could be migrate applets to JNLP java client application (maybe with some websocket/restful synchronization between java client/server/web page).
I think the options that you mentioned have less support among browsers than java applet.
Proprietary API available
I want to revive an answer previously deleted for lack of information. My answer does not provide complete info but since I had the same problem and stumbled upon this question, I'd like to share my findings.
I also have an additional requirement so that the browser signature works on "older" (IE9) browsers.
There is a web API at https://www.4identity.eu/ distributed by Italian smart card manufacturer Bit4id.
The 4identity API, however, is not really a full "web API" that relies on plain Javascript, as it still requires to download a Windows-only client (sic!). The client, as far as I could understand, responds on a custom keychain URL protocol (I had a past Oauth-2 related question on how to handle desktop applications....) which is not standard according to my findings. The client has access to the key store so it can upload the signed file to the remote web service who is being polled by the Ajax page.
I need to do some paperwork to get full API access, and I have no information about pricing. Still, I deem worth to give a detailed look.
Part 2 of the question
Supporting a real digital signature from browser requires browser vendors and W3C, who oversees web standards, to do a lot of effort, maybe just the same effort they did for standardizing DRM solutions in HTML5 for sake of multimedia companies (criticism mode on). Currently there is WebCrypto standard but according to research it is not available in "mainstream browsers"
Digital signing a remote file with a smart card requires access to the key store and the implementation of cryptography libraries. An open source implementation of PaDES/CaDES is expectable by the community, but without a final implementation of a standard way to access the key store the smart card cannot be accessed.
See also this answer.
This additional part of the answer does not apply to my case as I require this to work on older browsers.
Disclaimer: I am not affiliated with Bit4id but I know them since I had the opportunity to integrate their work in my apps. One of our customers is a Bit4id partner
We're writing a platform for building apps that are able to run on any browser and we were thinking, is there a way to do this with Python? Or should we better go with Java and Java Applets?
I was also wondering, how hard is it to write a custom browser plugin? How long would it take e.g. in man-hours?
Thank you!
The universal API for browser addons is javascript. It is well supported in Firefox, Chromium/Chrome, and Opera at least; it is the only extension API available on the last two. Intersting API subsets are firefox's Fuel, Chromium's trimmed down extension api, and the very portable GreaseMonkey functions.
A second runtime would have its own startup costs, garbage heap, and ffi overhead. It would require special privileges, and would still have to translate its API calls into javascript. That would make it fairly unattractive.
Edit: you were asking about web content with possible plugin or addon support? You also have the option of the NPAPI (also the Pepper project around it). This api is C-level and can render to a rectangular area on its own (using OS APIs), at the cost of very little support from the browser and being a portability nightmare.