I have some non-trivial computational code that need to be applied on data already downloaded into the browser DOM and captured from user interactions. I do not wish to expose this code. I am wondering if:
Q&A such as usability of Java applets in the web and several others are also discouraging.
My question is: are Java applets a dead technology. There aren't even Q&A on this topic these days! Additionally, Java may not always be bundled with all browsers (desktop, tablet or mobile)?
Are there better ways to accomplish the same like hide code, utilize client cpu/ram, minimize data traffic?
Thanks a lot.
I thinks the biggest disadvantage of applet is that it assumes you have a JRE installed on a client machine. Is it really a viable assumption? Of course you can offer to download and install JRE as well, but why bother doing all this only for making some computation? Another question I would ask myself, can your clients be mobile phones, tablets and so on? If so, maybe the Java Script is a better option to go.
And yet another 5 cents :) You mentioned 'opened to eye java script' You should understand that the only real way of protecting your computation code is putting the computation on server. I mean, that even if you have a compiled binary code, java's assembly is easy-to-understand for skilled attacker. And obfuscation that you mentioned (its obfuscation, not signing jar) makes it slightly harder but still not impossible.
The only concern I see here is that if you have a lot of clients that are running the computation simultaneously and you put the burden of computation on your server it can collapse eventually.
Just my thoughts, hopefully this will help you to chose the best direction here...
As of September 2015 they are dead to me. There are pros and cons for using applets. But Chrome stopped supporting them, so by using them you simply don't support Chrome for desktop and when it comes to mobile browsers, which of them support NPAPI?
Official oracle announcement:
Chrome no longer supports NPAPI (technology required for Java applets) The Java plug-in for web browsers relies on the cross platform plugin architecture NPAPI, which has been supported by all major web browsers for over a decade. Google's Chrome version 45 (scheduled for release in September 2015) drops support for NPAPI, impacting plugins for Silverlight, Java, Facebook Video and other similar NPAPI based plugins.
Java applications are offered through web browsers as either a web start application (which do not interact with the browser once they are launched) or as a Java applet (which might interact with the browser). This change does not affect Web Start applications, it only impacts applets.
If you have problems accessing Java applications using Chrome, Oracle recommends using Internet Explorer (Windows) or Safari (Mac OS X) instead.
Microsoft Edge also does not support them. So another blow against the already dying Java Applets.
Announcement from Mozilla
Important: The new 64-bit version of Firefox for Windows does not recognize or support this plugin. See this Mozilla blog post for details.
So yeah. Java applets are dead.
EDIT 3 Oracle officially killed them with Java 9
EDIT 4 Java Web Start is also dead. From Java 11
..write a Java Applet (signed to hide the code)
Code signing is for the user's protection, not ours (or for protecting the code). It simply adds extra files. Perhaps you are thinking of obfuscation, which makes it mildly more difficult to steal the code. In fact, an obfuscated JS would be harder to decipher than digitally signed (but not obfuscated) Java classes.
The only real solution here to protect the code is to leave the important parts on the server. JS could probably handle most if not all of the user/browser/server interaction, so the only part a Java applet might play in this is for visualizing the returned (calculated) data. Even, then, I'd probably look for ways to show the result in an HTML 5 Canvas.
So the answer to your question..
Java Applets - is it a wrong choice today?
Yes for this use-case. An applet adds little or nothing over what could be supplied in pure JS/Canvas with the grunt work being done on the server.
John Demetriou presented very good information.
Additionally now (July 2017) only Firefox and Internet Explorer (and maybe Safari not sure) is allowing the usage of applets. You can use them if you meet the following 3 requirements:
You access the java applet, by typing the html's location in your browser. You still may receive a prompt, requesting whether to run Java, so just accept.
I only presented this info just to let people that there is a way to run applets. However, applets were disabled for a reason, they allow many security leaks. Use them only to learn their technology and gain some insight. They are not recommended elsewhere.
Applets will always be a good choice, when you have to use the client machine, i.e.: using biometric solutions or hardware stuff like.
But if you need only cosmetics or computing power, i guess a better way is for refactoring the code, make it light and clean, with less conditions as possible. Maybe using some views or SPs should help if you have separate server machines (DB and IIS for example).
I'm locked in a project that the only solution was the applet,... another choice was ActiveX, but it lock my client to IE and we don't want it.
Well first of all Java Applets are a growing technology and far from dead. Secondly browser and user installs are declining. Some use the the declining installs to claim that Java is dying but that are false, as there always have been a lot less actual use of Java Applets than there have been installed plugins.
But with your description I would probably not choose Applets. It's a powerful technology that I would use with a user base that I know would install whatever they need in order to use it. It's good for games, intranet sites etc. On an intranet IT can make sure that the applet works on all desktops that need to use it.
However you will not have access to the powerful Swing API. Vaadin have its own Swing-like API that only covers a small portion of what Swing can do. But on the other hand so there are no other web framework that can do what Swing can do.
There really are no way to grant all your wishes. If you use the client for computation you will expose your calculations. There are no way around that. Not even if you write a native application in C++, it can still be reverse engeneered and extract your calculation. Therefore I recomend that you run your calculations on the server, and find a way to bill the user. That's exactly what you do if you use Vaadin.
©2020 All rights reserved.