I have problems running Java applets locally, i.e. the class files reside in the local file system, not on a server. The following example
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<body>
<applet code="Java10Test.class"
width=200
height=200
codebase="http://www.cis.upenn.edu/~matuszek/General/JavaVersionTests/"
>
</applet>
Text ...
</body>
</html>
works well with Firefox 23 and Oracle Java 7u25. But it does not work if I download Java10Test.class to my local machine and put it in the same folder as the .html no matter what codebase I use. I tried codebase="." and codebase="file:///pathToTheFolder" without success. Firefox does not even reserve the 200x200 space for the applet. Java is also not started in the background (the Java console does not open as it does for all other applets), i.e. it is not a Java security issue. There are no warning/error messages.
The local version works in Chrome without problems. The behaviour is reproducable on different machines (Mac/Linux).
What is the correct way to use applets locally in Firefox? I need this for a system without access to the internet.
What is the correct way to use applets locally in Firefox?
Run them from a server at localhost (e.g. install Apache) and they should show the same behavior as on the net.
..it would still be interesting, why the local class file is not used properly.
I'd suggest it is related to security. IE has long prompted an HTML running a script when it is loaded from the local file system. In general, 'a network' is considered a safer environment than your own disks.
Incidentally, I run FF and noted it recently started failing when running the Deployment Toolkit Script used for embedding applets and launching JWS apps. I had not realized it simply (and completely) ignored 'local (unjar'd, unsigned) applet elements' until I tested with yours. The fact it ignores them without warning or prompt is ..disturbing, at least for developers who have to write or maintain applets. :(
The only way to be confident an applet is loaded successfully, is to use JS to query the applet after it is loaded. If a public method of the applet cannot be accessed from JS after a specific time, presume the applet failed to load for whatever reason and proceed from there.
This is a known bug in Firefox 23. It should block the use of locally insecure codebases like .. but accidentally blocks other local paths, too.
The currently known workarounds are:
set security.fileuri.strict_origin_policy=false in about:config
use a local web server instead of local files as suggested in the other answer
Related
I have a html file, there are links in it, I wonder if there is a way to use those links to call a java program to generate another html file ?
Something like this :
<Html>
<body>
Some text
<A Href=[somehow point to a java .class file to run]>My Link</A>
More text
</Body>
</Html>
I know how to use Java to generate html, what I'm asking here is how to pass a parameter to this local java class so that it can generate html file with the input ?
So if the Java program is called : MyHtmlGen.java
Then the class will be MyHtmlGen.class
And then if I run it from the command line, it would be like this :
> java MyHtmlGen my_input
But I don't know how to turn that into the html link above ?
You could use WebStart to launch an Java application from a browser interaction.
The section of the linked documentation titled: "Running a Java Web Start Application From a Browser" provides a demo you can try. The link to the Java application is provided as:
Launch Notepad Application
That documentation states that when you click the link:
Java Web Start software loads and runs the application based on instructions in the JNLP file.
That isn't the behavior I get on Safari 7.1 on OS X 10.9 with Oracle Java 8u40 installed. Instead, I just get the jnlp file downloaded and can double click on the downloaded file to run the application. I think on some browsers, Oracle may provide a plugin to the browser which is able to launch the jnlp referenced application automatically without the user having to also double click on a downloaded jnlp file. Perhaps if the Java deployment toolkit were used, rather than a straight a href link, the user experience might be a bit more seamless.
Note: browser manufacturers have been phasing out support for plugin technology like this, so the experience or even the ability to automatically run the referenced application may vary for both you and your users. Additionally, allowing such plugins to run within a browser environment can increase the security attack vulnerability surface for a user's browser. WebStart is also quick a tricky technology to use and support for your users. So for these reasons I normally don't recommend using WebStart as a deployment solution.
That's just impossible. A link <a> will fire a GET request to the server for the URI set in the href attribute, it's not meant to execute a specific piece of code. If you want to execute code when clicking a link, use JavaScript, but be aware that JavaScript cannot start an instance of JVM and run your exact Java application.
On the other hand, maybe you should look into Applet or JavaFX and embed the java application in your page. Or probably you may submit an action to the server, and at server side you may start the JVM and execute your Java code.
Is it possible for a web site that uses either Java or Javascript to accomplish the installation (meaning: not just forced download) of an executable on a client Windows system (Windows 7 or newer) when user clicks on only one link on the website?
So in this scenario, the user clicks on a link (e.g. some click-bait link) that is supposed to display some article or a video, on a website. Can this sole single click lead to both a forced download and actual installation of an executable on the users machine?
I do not need, nor am I looking for, explicit detail on how this is done. I am more curious of whether this is even possible with the current Windows OS. In this case the user would be using a recent version of one of the following browsers: IE, FF, Chrome, or Opera.
You are asking about a drive by downloader?
The answer is yes these in java are called applets. Here is come HTML from a webclient what uses an applet.
<HTML>
<HEAD>
<TITLE>Your Webclient</TITLE>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</HEAD>
<BODY>
<applet name="yourclientname" width="765" height="503" archive="client.jar" code="client.class">
<param name="java_arguments" value="-Xmx1024m">
</applet>
</BODY>
</HTML>
For a hacker to do it all they need to do is change the .jar and .class in the above. And Java will prompt you to ask if you want to run the applet once you click yes it will run java code normally a dropper. Btw most hackers don't install stuff they either sneak into registry or they simply put a copy of their exe or .jar into your startup folder.
You will have a chance to say no as stated above its just an allow or disallow option. The rest of the HTML can be used to load a picture or whatever. Here is what the allow screen looks like,
http://openigloo.org/wp-content/uploads/2011/05/signed-applet.jpg
Java Compatibility
I have been having some trouble with making a custom browser I am using a default class provided by oracle for a custom browser. One thing I noticed with the browser is that it cannot run java applets without some sort of variation of java browser plugins. How exactly do normal browsers receive information from a web server to run a java program externally? Is there any way to somehow point the browser toward the jre to run the app like on a normal browser. Just need somewhere to start. FireFox apparently references some sort of MIME format under the npjp2.dll native found in the jre directory. Thanks Very Much.
Oracle Example
You can provide the user with a standard html download page in order for him to download a JNLP file which is the standard file to start a java web start app (applet). If the user's system has java installed, it must recognize the .jnlp file and assosiate it as a java app. It's an extra step, for the user to manually download the file instead of running automatically on a web browser, however because of recent security loopholes on java web implementations, most browsers don't trust java anymore, therefore the blocking. If you insist on setting up a web start app in a browser you must make sure that all users have appropriate security configurations on ther java installation (very unlikely).
EDIT:
Here's a very nice tutorial on how to achieve what I just explained.
TUTORIAL
I'm trying to run this simple HelloWorld code written in Java from my browser (Chrome):
public class HelloWorld extends JApplet {
public void init() {
try {
SwingUtilities.invokeAndWait(new Runnable() {
public void run() {
JLabel lbl = new JLabel("Hello World");
add(lbl);
}
});
}
catch (Exception e) {
System.err.println("createGUI didn't complete successfully");
}
}
I compiled it with NetBeans, and then I created a WebApplication project. The HTML code that runs the applet is:
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><applet code="HelloWorld" archive="applet_HelloWorld.jar" width="590" height="530"></applet></p>
</body>
</html>
If run the applet from NetBeans it works. But when I run the HTML code by double clicking it, the following message pops up from the browser:
Your security settings have blocked a local application from running.
I tried with Internet Explorer and Firefox but nothing.
This message started to appear after the last update of Java. Where is the problem?
After reading Java 7 Update 21 Security Improvements in Detail mention..
With the introduced changes it is most likely that no end-user is able to run your application when they are either self-signed or unsigned.
..I was wondering how this would go for loose class files - the 'simplest' applets of all.
Local file system
Your security settings have blocked a local application from running
That is the dialog seen for an applet consisting of loose class files being loaded off the local file system when the JRE is set to the default 'High' security setting.
Note that a slight quirk of the JRE only produced that on point 3 of.
Load the applet page to see a broken applet symbol that leads to an empty console.
Open the Java settings and set the level to Medium.
Close browser & Java settings.
Load the applet page to see the applet.
Open the Java settings and set the level to High.
Close browser & Java settings.
Load the applet page to see a broken applet symbol & the above dialog.
Internet
If you load the simple applet (loose class file) seen at this resizable applet demo off the internet - which boasts an applet element of:
<applet
code="PlafChanger.class"
codebase="."
alt="Pluggable Look'n'Feel Changer appears here if Java is enabled"
width='100%'
height='250'>
<p>Pluggable Look'n'Feel Changer appears here in a Java capable browser.</p>
</applet>
It also seems to load successfully. Implying that:-
Applets loaded from the local file system are now subject to a stricter security sandbox than those loaded from the internet or a local server.
Security settings descriptions
As of Java 7 update 51.
Very High: Most secure setting - Only Java applications identified by a non-expired certificate from a trusted authority will be allowed to run.
High (minimum recommended): Java applications identified by a certificate from a trusted authority will be allowed to run.
Medium - All Java applications will be allowed to run after presenting a security prompt.
I faced the same issue today, and I was able to fix the issue by changing the security settings on the Java Control Panel from HIGH to MEDIUM.
Well, setting the Java Security Setting to MEDIUM permanently is not really recommended as this will allow potentialy malicious software to run on your system and not be blocked. So I suggest after running your applet you may want to change back the setting to HIGH.
Location of the Java Control Panel
Change the setting of the Control Panel
If you are using Linux, these settings are available using /usr/bin/jcontrol (or your path setting to get the current Java tools). You can also edit the files in ~/.java/deployment/deployment.properties to set "deployment.security.level=MEDIUM".
Surprisingly, this information is not readily available from the Oracle web site. I miss java.sun.com...
Go to Control Panel
Double click on Java
Open the Security tab
Select Medium
Click on Apply
Restart your web browser
That's it!
If you have no Medium security level, then you should add your application to the Exception Site List (Java Control Panel → Security tab).
Open your applet in a browser and copy the contents of your address bar.
Go to Control Panel → Java Control Panel → Security tab and press the Edit Site List... button.
Press the Add button, insert your path and press Enter.
Press Continue on the security warning that appears.
Open the applet again and don't forget to press Run on the pop-up window.
If you are like me whose Java Control Panel does not show Security slider under Security Tab to change security level from High to Medium then follow these instructions: Java known bug: security slider not visible.
Symptoms:
After installation, the checkbox to enable/disable Java and the security level slider do not appear in the Java Control Panel Security tab. This can occur with 7u10 and above.
Cause
This is due to a conflict that Java 7u10 and above have with standalone installations of JavaFX.
Example: If Java 7u5 and JavaFX 2.1.1 are installed and if Java is updated to 7u11, the Java Control Panel does not show the checkbox or security slider.
Resolution
It is recommended to uninstall all versions of Java and JavaFX before installing Java 7u10 and above.
Please follow the steps below for resolving this issue.
1. Remove all versions of Java and JavaFX through the Windows Uninstall Control Panel. Instructions on uninstalling Java.
2. Run the Microsoft uninstall utility to repair corrupted registry keys that prevents programs from being completely uninstalled or blocking new installations and updates.
3. Download and install the Windows offline installer package.
My problem case was to run portecle.jnlp file locally using Java8.
What worked for me was
Start Programs --> Java --> Configure Java...
Go to Security --> Edit Site List...
Add http://portecle.sourceforce.net
Start javaws portecle.jnlp in CMD prompt
On step 3, you might try also to add file:///c:/path/portecle.jnlp, but this addition didn't help with my case.
I am using an older Data Structure and Algs book that comes with Java Applets for practice. So I needed to store and run some applets locally. I am currently running Windows 10 OS with Edge, Chrome, and IE 11.
Running applets seem to only be allowed in IE11, and as other have mentioned you have to add the applet to the exception list. My issue was since I am storing these locally, and opening them in IE, it opened with path starting with "C:\..." Adding the full path using, "file///..." like mentioned in one of the other answers didn't work for me.
The fix:
So, I just added(without the quotes), "file:///" to the exception site list and finally got it working. This also allows me to run any applet stored locally, and I do not have to explicitly add an exception for each applet path.
I plan to remove the exception from the list once I am done using the programs, and only add it back as necessary.
Java applets do create a security risk, hence are disabled in most modern browsers. You have to lower the security to run it. There is a guide by Oracle for that.
Starting with Java 8, there is no "medium" risk setting in the Security tab under Java
You will keep getting this error till you revert to older Java (suggested Java 7, it has hit the end of life though).
Install both 32-bit and 64-bit version because browsers are still 32-bit, even on a 64-bit machine, 64-bit OS
I noticed that the launching of Java applets using deployJava.js seems to have stopped working on some Mac browsers. Safari and FF still work, but Opera and Chrome send the user to Java installation page, as if the plugin was not found.
Take for example this. If you click the launch button in Opera, it sends you to a Java installation page. Any ideas on how to fix this?
I ended up checking User-Agent HTTP header for "Opera" and in this case using standard tag. For any other browser I use deploy deployJava.js as currently served by Sun.
I know that there are modified versions of deployJava.js (e.g. this one used by Atlassian JIRA) which correctly start the applet in Opera instead of sending the user to Java installation page. But in my case, this approach caused ClassLoader issues (truncated classes) with Opera as I was using applets packaged into several jar files (main + 3rd party jars). had no such problems, even with Opera (which has buggy Java support as Sun claims).
Strangely, I had no issues with standard deployJava.js with Chrome (checked on Linux and Mac Snow Leopard).
As an alternative, could you offer a plain link to the .jnlp?
From the "Deploying a Java Web Start Application", "If you are not sure whether your end users will have the JavaScript interpreter enabled in their browsers, you can deploy the Java Web Start application directly by creating a link to the JNLP file..."