Java Applets - is it a wrong choice today?

I have some non-trivial computational code that need to be applied on data already downloaded into the browser DOM and captured from user interactions. I do not wish to expose this code. I am wondering if:

  1. write a webservice and communicate with the browser over websocket or http. The tradeoff is speed of interaction (from slick to poor) and higher traffic costs.
  2. write a Java Applet (signed to hide the code) that encapsulates logic within the page and let JavaScript interact with the Java api. I read elsewhere that Java and JS engine can deadlock in certain scenarions. However since I am only computing, this is non-issue. Maybe, on multi core machines I could divvy up my work using a few more threads.
  3. write in JavaScript. But JavaScript is difficult to test, AND it's all in public eye.

Q&A such as usability of Java applets in the web and several others are also discouraging.

My question is: are Java applets a dead technology. There aren't even Q&A on this topic these days! Additionally, Java may not always be bundled with all browsers (desktop, tablet or mobile)?

Are there better ways to accomplish the same like hide code, utilize client cpu/ram, minimize data traffic?

The web pages are on Javascript/html5/css. Server only dishes out JSON/XML. The data packets are 10-20KB and updated frequently. The computations are expensive and client-specific so I would really like to use the client to do all that.

Thanks a lot.

Answers:

Answer

I thinks the biggest disadvantage of applet is that it assumes you have a JRE installed on a client machine. Is it really a viable assumption? Of course you can offer to download and install JRE as well, but why bother doing all this only for making some computation? Another question I would ask myself, can your clients be mobile phones, tablets and so on? If so, maybe the Java Script is a better option to go.

And yet another 5 cents :) You mentioned 'opened to eye java script' You should understand that the only real way of protecting your computation code is putting the computation on server. I mean, that even if you have a compiled binary code, java's assembly is easy-to-understand for skilled attacker. And obfuscation that you mentioned (its obfuscation, not signing jar) makes it slightly harder but still not impossible.

The only concern I see here is that if you have a lot of clients that are running the computation simultaneously and you put the burden of computation on your server it can collapse eventually.

Just my thoughts, hopefully this will help you to chose the best direction here...

Answer

As of September 2015 they are dead to me. There are pros and cons for using applets. But Chrome stopped supporting them, so by using them you simply don't support Chrome for desktop and when it comes to mobile browsers, which of them support NPAPI?

Official oracle announcement:

Chrome no longer supports NPAPI (technology required for Java applets) The Java plug-in for web browsers relies on the cross platform plugin architecture NPAPI, which has been supported by all major web browsers for over a decade. Google's Chrome version 45 (scheduled for release in September 2015) drops support for NPAPI, impacting plugins for Silverlight, Java, Facebook Video and other similar NPAPI based plugins.

Java applications are offered through web browsers as either a web start application (which do not interact with the browser once they are launched) or as a Java applet (which might interact with the browser). This change does not affect Web Start applications, it only impacts applets.

If you have problems accessing Java applications using Chrome, Oracle recommends using Internet Explorer (Windows) or Safari (Mac OS X) instead.

EDIT

Microsoft Edge also does not support them. So another blow against the already dying Java Applets.

EDIT 2

Announcement from Mozilla

Important: The new 64-bit version of Firefox for Windows does not recognize or support this plugin. See this Mozilla blog post for details.

So yeah. Java applets are dead.

EDIT 3 Oracle officially killed them with Java 9

EDIT 4 Java Web Start is also dead. From Java 11

Answer

..write a Java Applet (signed to hide the code)

Code signing is for the user's protection, not ours (or for protecting the code). It simply adds extra files. Perhaps you are thinking of obfuscation, which makes it mildly more difficult to steal the code. In fact, an obfuscated JS would be harder to decipher than digitally signed (but not obfuscated) Java classes.

The only real solution here to protect the code is to leave the important parts on the server. JS could probably handle most if not all of the user/browser/server interaction, so the only part a Java applet might play in this is for visualizing the returned (calculated) data. Even, then, I'd probably look for ways to show the result in an HTML 5 Canvas.

So the answer to your question..

Java Applets - is it a wrong choice today?

Yes for this use-case. An applet adds little or nothing over what could be supplied in pure JS/Canvas with the grunt work being done on the server.

Answer

John Demetriou presented very good information.

Additionally now (July 2017) only Firefox and Internet Explorer (and maybe Safari not sure) is allowing the usage of applets. You can use them if you meet the following 3 requirements:

  1. You allow the html site which accessing the .class applet file as an exception in the java control panel
  2. Java is updated to the version the browser supports (most likely latest version)
  3. The .class file is located in the same location as your html file!

You access the java applet, by typing the html's location in your browser. You still may receive a prompt, requesting whether to run Java, so just accept.

I only presented this info just to let people that there is a way to run applets. However, applets were disabled for a reason, they allow many security leaks. Use them only to learn their technology and gain some insight. They are not recommended elsewhere.

Answer

Applets will always be a good choice, when you have to use the client machine, i.e.: using biometric solutions or hardware stuff like.

But if you need only cosmetics or computing power, i guess a better way is for refactoring the code, make it light and clean, with less conditions as possible. Maybe using some views or SPs should help if you have separate server machines (DB and IIS for example).

I'm locked in a project that the only solution was the applet,... another choice was ActiveX, but it lock my client to IE and we don't want it.

Answer

Well first of all Java Applets are a growing technology and far from dead. Secondly browser and user installs are declining. Some use the the declining installs to claim that Java is dying but that are false, as there always have been a lot less actual use of Java Applets than there have been installed plugins.

But with your description I would probably not choose Applets. It's a powerful technology that I would use with a user base that I know would install whatever they need in order to use it. It's good for games, intranet sites etc. On an intranet IT can make sure that the applet works on all desktops that need to use it.

But in your case I would use Vaadin. It transforms a Java application into a web applications using JavaScript. Furthermore it protects your code which is a main feature in Vaadin. Most of your code would run as Java code on the server, only the GUI frontend are run in the browser.

As a result Vaadin are much slower than Applets (because JavaScript). It is also much slower than most other web frameworks, because it relied heavily on running code on the server. This of course also means that your calculations will not be translated into JavaScript and transmitted to the client computer.

However you will not have access to the powerful Swing API. Vaadin have its own Swing-like API that only covers a small portion of what Swing can do. But on the other hand so there are no other web framework that can do what Swing can do.

There really are no way to grant all your wishes. If you use the client for computation you will expose your calculations. There are no way around that. Not even if you write a native application in C++, it can still be reverse engeneered and extract your calculation. Therefore I recomend that you run your calculations on the server, and find a way to bill the user. That's exactly what you do if you use Vaadin.

If you on the other hand want to do calculations on the client you REALLY should use Java Applets. Java are way faster than JavaScript when it comes to making calculations. Flash are faster than JavaScript, but Java are still way faster.

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.