Java for C# Programmers 8: Applets

Java Applets

A Java applet is a Java program that is usually run in a web browser. The Java bytecode is hosted on a web server and delivered to the user. In the user’s browser, the applet is run by a JVM which is part of the browser, usually in form of a plugin.

There are these main differences to a normal Java app.

  1. The main class must be derived from java.applet.Applet or, for a Swing applet from javax.swing.JApplet.
  2. There is no static void main(..) function. Instead, an applet has several functions that can and should be overridden by your applet. They are explained in the template below.
  3. No size inside the applet. Size is taken from HTML.
  4. An applet is closed, when the browser (or tab) is closed.
  5. An applet can not have a title, only the website can have it.
public class AppletTemplate extends Applet  // or JApplet
    // Is called once when the applet is first loaded 
    // into the browser.
    public void init() { }

    // Is called after loading of the applet, whenever the 
    // applet becomes visible. It then should start its execution.
    public void start() { }

    // Is called when the applet becomes invisible, e.g. because some 
    // other window is put in front of the applet. The applet then 
    // should stop its execution.
    public void stop() { }

    // Is called, when the applet is removed from memory. An applet
    // that uses resources must free them here.  
    public void destroy() { }

    // Is called when something shall be painted. 
    public void paint (Graphics g) { }

How to Test Your Java Applet Locally

It is easy to test it via Eclipse. When the active window contains an applet and you start debugging, automatically Eclipse’s applet viewer starts and shows the applet.

But at some point, you’ll probably want to see your applet running in a browser.

To be able to view an applet in the browser, a link to the applet has to be put into some html code. You can use the deprecated applet or the newer object tag. An example for both follows. The applet class here is ColorMixerClass in package Applets.

        <h1> ColorMixer Java Applets </h1>

         <object codetype="application/java-archive"
              width="500" height="300">

            width="500" height="300">


Gotcha: There are some minutiae which you need to know.

  1. Use a fully qualified URL-like path in the archive parameter, with leading file://. Just giving C:\Data\Java-works\bin\ColorMixer.jar in the example above will lead to an IllegalArgumentException: name.
  2. In the code or classid parameter, give the full path of the applet class inside the jar. Otherwise you’ll get an ClassNotFoundException
  3. Astounding, but true: Some of the latest Java update put a higher security restriction on applets coming from the local file system, than it does for applets from the internet.
    So even if you can run Java applets from the internet in your browser, it is probable that you cannot run the applet that you’ve written yourself and that is located on your local harddrive. If that is the case, you need to lower your computer’s security settings.

    1. Go to your Control Panel/Java/Configure Java/Security and put the security to Medium.
    2. After changing the security level, you might need to end some hanging browser and/or Java processes until you can get your applet to run.

How to Put Your Java Applet into a WordPress Blog Page

I’m showing you how I did it with my ColorMixer.

  1. I’ve created a ColorMixer.jar file. See my Java Binaries Post how to do this.
  2. I’ve uploaded the jar file to the server where my blog is hosted. I’ve put it to the directory /html/Wordpress/wp-content/uploads/applets/ColorMixer.jar.
  3. I’ve put the following html code into a blog post.
    Gotcha: All of this html code must be in one line (!) in WordPress’ text editor. Other wise it doesn’t work. At least in WordPress 3.9.
    <object codetype="application/java-archive" 
        width="570" height="270">  

Security Aspects

As applets are distributed via browser, security is a huge point.

There are two types of applets, sandbox applets and privileged applets. A Java-applet that runs in a sandbox cannot access private data of the user, at least in theory. These restrictions are put onto a sandbox applet.

  • Applets can not run local software
  • Applets can only talk to the host server from where they come from.
  • An applet can not read or write in the local file system.
  • An applet can not get any information about the local computer.

Nevertheless, the JVM plugins are often buggy, so that using Java-Applets is a certain risk and many users have switched off use of Java in their browser generally. Hence it was decided that only sigend applets should be allowed.


Signed Applets

These restrictions can be overcome by using signed applets.

  • A signed applet can have full access to the local machine if the user agrees.
  • You can sign your applet yourself.
  • Though currently (June 2014), I still can distribute applets which are not signed at all, this will probably be impossible soon.
  • From Wikipedia:

As of approximately Jan 1 2014, self-signed and unsigned applets are no longer accepted by the commonly available java plugins or java web start. Consequently, developers who wish to deploy java applets have no alternative but to acquire trusted certificates from commercial sources.

Self-Signing of an Applet

  1. You have to create a jar file. You cannot create certificates for class files.
  2. In Eclipse, use File - Export - Java - Java archive file to create a jar file.
  3. Use the commandline tool keytool like this to generate a key: keytool -genkey -keystore mykeystore -alias XCV
  4. Some questions are posted by the keytool. Answer them. The information you give will be shown to the end user when your applet is to be run.
  5. Use jarsigner to sign your jar file like this jarsigner -keystore mykeystore XYZ.jar XCV.
  6. Now your applet can use also local resources like clipboard, file system and so on.
  7. That it is soo easy to create applets which have full access to everything has not been clear to me. As said, in a future version of Java this method will be banned.