How is Java typically invoked from HTML? And Java Permissions question...

Discussion in 'Java' started by Aaron J. Margosis, Jan 29, 2008.

  1. I'm not a Java programmer, but I'm trying to solve some application
    compatibility issues with locked down security settings on Windows.

    My question: How do different Java-delivery tools invoke client-side Java
    in their HTML? Is the <APPLET> tag the way they usually go, or do they use
    another mechanism? E.g., invoking it as an ActiveX via <OBJECT>? Through
    some kind of scripted invocation? Some other tag? One specific: what does
    Oracle Application Server / Oracle Forms do?

    The reason for the question is that in locked down configurations on
    Windows, the Internet Explorer setting for "Java Permissions" (settable via
    Group Policy) is set to "Disable Java", which comes into play only when the
    <APPLET> tag is used. So in app-compat testing, I've seen the "Java
    Permissions" setting completely block some Java apps from even loading,
    while in other cases they do run. I'm trying to gain insight into the
    specific causes that would cause one result or the other.

    Follow-on question: The Internet Explorer "Java Permissions" setting can be
    set to "Disable Java", "High safety", "Medium safety", or "Low safety". Do
    any versions of Java other than the now-extinct Microsoft JVM look at those
    settings at all? That is, if the "High safety" setting is chosen, does it
    actually restrict what Java applets can actually do? Or do all the Java
    implementations out there have their own authorization mechanism that
    doesn't look at the Windows/IE setting?

    Thanks.

    (And my apologies if I cross-posted too broadly -- I don't know which
    newsgroups provide the best responses.)

    -- Aaron
    Aaron J. Margosis, Jan 29, 2008
    #1
    1. Advertising

  2. Aaron J. Margosis

    Roedy Green Guest

    On Tue, 29 Jan 2008 12:04:18 -0500, "Aaron J. Margosis"
    <> wrote, quoted or indirectly quoted someone
    who said :

    > Is the <APPLET> tag the way they usually go, or do they use
    >another mechanism?


    <applet works fine. The other variations are so complicated and silly
    you need automation to generate them. You can't maintain them
    manually.

    The only advantage of the others is you they will install Java if it
    is not there. You can get the same effect with a separate button, once
    per page, whose intent is clearer.

    See http://mindprod.com/jgloss/applet.html
    --
    Roedy Green, Canadian Mind Products
    The Java Glossary, http://mindprod.com
    Roedy Green, Jan 29, 2008
    #2
    1. Advertising

  3. Aaron J. Margosis

    Wayne Guest

    Re: How is Java typically invoked from HTML? And Java Permissionsquestion...

    Roedy Green wrote:
    > On Tue, 29 Jan 2008 12:04:18 -0500, "Aaron J. Margosis"
    > <> wrote, quoted or indirectly quoted someone
    > who said :
    >
    >> Is the <APPLET> tag the way they usually go, or do they use
    >> another mechanism?

    >
    > <applet works fine. The other variations are so complicated and silly
    > you need automation to generate them. You can't maintain them
    > manually.
    >
    > The only advantage of the others is you they will install Java if it
    > is not there. You can get the same effect with a separate button, once
    > per page, whose intent is clearer.
    >
    > See http://mindprod.com/jgloss/applet.html


    Note the APPLET tag was removed from the HTML standard. It's
    not in the current HTML 5 draft either. The official method
    is to use the OBJECT tags, nested as in this example for JavaSE 1.4:

    <!-- Simple OBJECT tag, works with modern mozilla and other browsers: -->
    <object classid="java:Foo.class" height="200" width="300">
    <!-- More complex OBJECT tag, works with some older browsers,
    and includes support to download the plug-in if missing/old: -->
    <object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
    width="300" height="200"
    codebase="http://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab#Version=1,4,0,0"
    standby="Loading Applet...">
    <param name="code" value="Foo.class">
    </object>
    </object>

    Not all of these attributes are standard. Also using param tags this way
    limits their use for real applet parameters.

    I believe it was MS that insisted on the removal of the applet tag from HTML 4.
    What I find interesting is that MS IIS servers will parse all html files it serves,
    and refuse to serve any with nested object tags (support for which is required in
    the HTML standard)! Apparently MS doesn't want to support standard HTML that
    can run the same from any server or user agent.

    At one point MS removed support for the applet tag from IE, but at that point
    you couldn't run applets unless you uses JavaScript to generate appropriate
    object tags for your system. Sun provides a tool, htmlconverter, that replaces
    applet tags in html files with the appropriate 20 lines or so of JavaScript.
    Using htmlconverter or object tags with support for checking JRE version and
    downloading the latest may require updating your html files every time Sun
    releases a newer JRE.

    However today all browsers seem to support the applet tag correctly, and that
    is the recommended solution. If HTML compliance is an issue for your organization
    you should use applect tags for development and htmlconverter for production.

    Why HTML 5 draft won't include the applet tag is a mystery to me. (I see
    they did add back the embed tag.) Every user agent I know of supports it
    the same way, and support for alternatives such as nested object tags
    is not universal. *sigh*

    (Maybe using Java Web Start is a better option when possible as an alternative
    to applets.)

    -Wayne
    Wayne, Jan 30, 2008
    #3
  4. Re: How is Java typically invoked from HTML? And Java Permissionsquestion...

    > Is the <APPLET> tag the way they usually go, or do they use
    > another mechanism? E.g., invoking it as an ActiveX via <OBJECT>?


    In fact there is a bit of confusion about this. The applet tag has
    been
    deprecated, so w3c recommends the <object> tag. Anyway, the specifics
    of
    <object> are not too clear, so sun recommends the applet tag
    (see http://java.sun.com/docs/books/tutorial/deployment/applet/applettag.html).
    I too would use the applet tag, to be sure it works. Anyway, once the
    browser
    understands the applet or object tag, the invocation of the applet
    is the same

    About explorer's limitations about Java, it is quite hard to
    understand
    what limitations mean, as having a JVM that allows control on its
    operations, a Java applet should always be safe for execution. For
    example,
    by default firefox always executes Java without even prompting. I
    don't think
    other JVM will stop a non-dangerous applet.

    If you want your applet to run with fewer limitations and to have
    more chances on explorer, you may also want to obtain a digital
    signature
    for it.

    So long,
    Stefano
    Stefano Brocchi, Feb 10, 2008
    #4
  5. Re: How is Java typically invoked from HTML? And Java Permissionsquestion...

    On Jan 30, 3:04 am, "Aaron J. Margosis" <>
    wrote:

    > Sub: How is Java typically invoked from HTML?


    WebStart is becoming the most prominent and
    reliable way to launch Java apps.
    (Waits for any number of people to jump in to
    'dispute the numbers'..)

    > I'm not a Java programmer,


    Do you deploy these applets? There are any
    number of horrid deployment gotcha's with
    applets, depending on the HTML, the exact Java
    version, and the micro-version of the browser.

    Trust no words to the effect 'applets work
    fine these days' assurances. This is wrong.
    It always has been, and always will be.

    (Some of the more recent problems range from
    the security environment surrounding Java applets
    in IE on Vista, to FF reloading the applet on
    'scroll up' in the web page..)

    >..but I'm trying to solve some application
    > compatibility issues with locked down security settings on Windows.


    Your best bet is to deploy the applets using
    web start. There are still things to trip up
    the process. But they are fewer and generally
    less problematic.

    > (And my apologies if I cross-posted too broadly -- I don't know which
    > newsgroups provide the best responses.)


    I dropped the F-U to c.l.j.dev - Google refuses
    to post to it, and will set the follow-ups to
    c.l.j.p. only, since I've never heard of the
    first 'dev' group, and softwaretools is very slow.

    --
    Andrew T.
    PhySci.org
    Andrew Thompson, Feb 11, 2008
    #5
  6. Aaron J. Margosis

    Roedy Green Guest

    On Tue, 29 Jan 2008 12:04:18 -0500, "Aaron J. Margosis"
    <> wrote, quoted or indirectly quoted someone
    who said :

    >My question: How do different Java-delivery tools invoke client-side Java
    >in their HTML? Is the <APPLET> tag the way they usually go, or do they use
    >another mechanism? E.g., invoking it as an ActiveX via <OBJECT>


    the <object> tag is obscenely complicated. It is part of Microsoft's
    plan to screw Java. Boycott it. It has only one saving grace: it will
    auto download a JVM if it is missing. You can do that more simply
    with a button.
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Feb 11, 2008
    #6
  7. Aaron J. Margosis

    Roedy Green Guest

    On Tue, 29 Jan 2008 12:04:18 -0500, "Aaron J. Margosis"
    <> wrote, quoted or indirectly quoted someone
    who said :

    >My question: How do different Java-delivery tools invoke client-side Java
    >in their HTML? Is the <APPLET> tag the way they usually go, or do they use
    >another mechanism? E.g., invoking it as an ActiveX via <OBJECT>


    see http://mindprod.com/jgloss/applet.html#OBJECT
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Feb 11, 2008
    #7
  8. Hi Aaron,

    Here's another example: -
    http://manson.vistech.net/t3$examples/cornucopiae.html

    The Applet doesn't actually take up any real-estate on the html page but
    pops up a couple of dialogue boxes to handle user authentication. To see it
    in action click on: -
    http://manson.vistech.net/t3$examples/demo_client_web.html

    Password: TIER3_DEMO
    Username: QUEUE

    All of the HTML/JavaScipt/Java code can be found at: -
    http://manson.vistech.net/t3$examples/

    In particular: -
    http://manson.vistech.net/t3$examples/cornucopiae.java

    HTH

    Cheers Richard Maher

    "Aaron J. Margosis" <> wrote in message
    news:...
    > I'm not a Java programmer, but I'm trying to solve some application
    > compatibility issues with locked down security settings on Windows.
    >
    > My question: How do different Java-delivery tools invoke client-side Java
    > in their HTML? Is the <APPLET> tag the way they usually go, or do they

    use
    > another mechanism? E.g., invoking it as an ActiveX via <OBJECT>? Through
    > some kind of scripted invocation? Some other tag? One specific: what

    does
    > Oracle Application Server / Oracle Forms do?
    >
    > The reason for the question is that in locked down configurations on
    > Windows, the Internet Explorer setting for "Java Permissions" (settable

    via
    > Group Policy) is set to "Disable Java", which comes into play only when

    the
    > <APPLET> tag is used. So in app-compat testing, I've seen the "Java
    > Permissions" setting completely block some Java apps from even loading,
    > while in other cases they do run. I'm trying to gain insight into the
    > specific causes that would cause one result or the other.
    >
    > Follow-on question: The Internet Explorer "Java Permissions" setting can

    be
    > set to "Disable Java", "High safety", "Medium safety", or "Low safety".

    Do
    > any versions of Java other than the now-extinct Microsoft JVM look at

    those
    > settings at all? That is, if the "High safety" setting is chosen, does it
    > actually restrict what Java applets can actually do? Or do all the Java
    > implementations out there have their own authorization mechanism that
    > doesn't look at the Windows/IE setting?
    >
    > Thanks.
    >
    > (And my apologies if I cross-posted too broadly -- I don't know which
    > newsgroups provide the best responses.)
    >
    > -- Aaron
    >
    Richard Maher, Feb 12, 2008
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Allen
    Replies:
    0
    Views:
    426
    Scott Allen
    Jul 13, 2004
  2. Replies:
    0
    Views:
    363
  3. Michael
    Replies:
    4
    Views:
    711
    Andrew Thompson
    Nov 10, 2004
  4. Curt K
    Replies:
    0
    Views:
    555
    Curt K
    Nov 3, 2006
  5. Nick Keighley
    Replies:
    5
    Views:
    370
    Ian Collins
    Mar 22, 2007
Loading...

Share This Page