How is Java typically invoked from HTML? And Java Permissions question...

[Aaron J. Margosis]

I'm not a Java programmer, but I'm trying to solve some application
compatibility issues with locked down security settings on Windows.

My question: How do different Java-delivery tools invoke client-side Java
in their HTML? Is the <APPLET> tag the way they usually go, or do they use
another mechanism? E.g., invoking it as an ActiveX via <OBJECT>? Through
some kind of scripted invocation? Some other tag? One specific: what does
Oracle Application Server / Oracle Forms do?

The reason for the question is that in locked down configurations on
Windows, the Internet Explorer setting for "Java Permissions" (settable via
Group Policy) is set to "Disable Java", which comes into play only when the
<APPLET> tag is used. So in app-compat testing, I've seen the "Java
Permissions" setting completely block some Java apps from even loading,
while in other cases they do run. I'm trying to gain insight into the
specific causes that would cause one result or the other.

Follow-on question: The Internet Explorer "Java Permissions" setting can be
set to "Disable Java", "High safety", "Medium safety", or "Low safety". Do
any versions of Java other than the now-extinct Microsoft JVM look at those
settings at all? That is, if the "High safety" setting is chosen, does it
actually restrict what Java applets can actually do? Or do all the Java
implementations out there have their own authorization mechanism that
doesn't look at the Windows/IE setting?

Thanks.

(And my apologies if I cross-posted too broadly -- I don't know which
newsgroups provide the best responses.)

-- Aaron

 

[Roedy Green]

Is the <APPLET> tag the way they usually go, or do they use
another mechanism?

<applet works fine. The other variations are so complicated and silly
you need automation to generate them. You can't maintain them
manually.

The only advantage of the others is you they will install Java if it
is not there. You can get the same effect with a separate button, once
per page, whose intent is clearer.

See http://mindprod.com/jgloss/applet.html

 

[Wayne]

<applet works fine. The other variations are so complicated and silly
you need automation to generate them. You can't maintain them
manually.

The only advantage of the others is you they will install Java if it
is not there. You can get the same effect with a separate button, once
per page, whose intent is clearer.

See http://mindprod.com/jgloss/applet.html

Note the APPLET tag was removed from the HTML standard. It's
not in the current HTML 5 draft either. The official method
is to use the OBJECT tags, nested as in this example for JavaSE 1.4:

<!-- Simple OBJECT tag, works with modern mozilla and other browsers: -->
<object classid="java:Foo.class" height="200" width="300">
<!-- More complex OBJECT tag, works with some older browsers,
and includes support to download the plug-in if missing/old: -->
<object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
width="300" height="200"
codebase="http://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab#Version=1,4,0,0"
standby="Loading Applet...">
<param name="code" value="Foo.class">
</object>
</object>

Not all of these attributes are standard. Also using param tags this way
limits their use for real applet parameters.

I believe it was MS that insisted on the removal of the applet tag from HTML 4.
What I find interesting is that MS IIS servers will parse all html files it serves,
and refuse to serve any with nested object tags (support for which is required in
the HTML standard)! Apparently MS doesn't want to support standard HTML that
can run the same from any server or user agent.

At one point MS removed support for the applet tag from IE, but at that point
you couldn't run applets unless you uses JavaScript to generate appropriate
object tags for your system. Sun provides a tool, htmlconverter, that replaces
applet tags in html files with the appropriate 20 lines or so of JavaScript.
Using htmlconverter or object tags with support for checking JRE version and
downloading the latest may require updating your html files every time Sun
releases a newer JRE.

However today all browsers seem to support the applet tag correctly, and that
is the recommended solution. If HTML compliance is an issue for your organization
you should use applect tags for development and htmlconverter for production.

Why HTML 5 draft won't include the applet tag is a mystery to me. (I see
they did add back the embed tag.) Every user agent I know of supports it
the same way, and support for alternatives such as nested object tags
is not universal. *sigh*

(Maybe using Java Web Start is a better option when possible as an alternative
to applets.)

-Wayne

 

[Stefano Brocchi]

another mechanism? E.g., invoking it as an ActiveX via <OBJECT>?

In fact there is a bit of confusion about this. The applet tag has
been
deprecated, so w3c recommends the <object> tag. Anyway, the specifics
of
<object> are not too clear, so sun recommends the applet tag
(see http://java.sun.com/docs/books/tutorial/deployment/applet/applettag.html).
I too would use the applet tag, to be sure it works. Anyway, once the
browser
understands the applet or object tag, the invocation of the applet
is the same

About explorer's limitations about Java, it is quite hard to
understand
what limitations mean, as having a JVM that allows control on its
operations, a Java applet should always be safe for execution. For
example,
by default firefox always executes Java without even prompting. I
don't think
other JVM will stop a non-dangerous applet.

If you want your applet to run with fewer limitations and to have
more chances on explorer, you may also want to obtain a digital
signature
for it.

So long,
Stefano

 

[Andrew Thompson]

Sub: How is Java typically invoked from HTML?

WebStart is becoming the most prominent and
reliable way to launch Java apps.
(Waits for any number of people to jump in to
'dispute the numbers'..)

I'm not a Java programmer,

Do you deploy these applets? There are any
number of horrid deployment gotcha's with
applets, depending on the HTML, the exact Java
version, and the micro-version of the browser.

Trust no words to the effect 'applets work
fine these days' assurances. This is wrong.
It always has been, and always will be.

(Some of the more recent problems range from
the security environment surrounding Java applets
in IE on Vista, to FF reloading the applet on
'scroll up' in the web page..)

..but I'm trying to solve some application
compatibility issues with locked down security settings on Windows.

Your best bet is to deploy the applets using
web start. There are still things to trip up
the process. But they are fewer and generally
less problematic.

(And my apologies if I cross-posted too broadly -- I don't know which
newsgroups provide the best responses.)

I dropped the F-U to c.l.j.dev - Google refuses
to post to it, and will set the follow-ups to
c.l.j.p. only, since I've never heard of the
first 'dev' group, and softwaretools is very slow.

 

[Roedy Green]

My question: How do different Java-delivery tools invoke client-side Java
in their HTML? Is the <APPLET> tag the way they usually go, or do they use
another mechanism? E.g., invoking it as an ActiveX via <OBJECT>

the <object> tag is obscenely complicated. It is part of Microsoft's
plan to screw Java. Boycott it. It has only one saving grace: it will
auto download a JVM if it is missing. You can do that more simply
with a button.

 

[Roedy Green]

My question: How do different Java-delivery tools invoke client-side Java
in their HTML? Is the <APPLET> tag the way they usually go, or do they use
another mechanism? E.g., invoking it as an ActiveX via <OBJECT>

see http://mindprod.com/jgloss/applet.html#OBJECT

 

[Richard Maher]

Hi Aaron,

Here's another example: -
http://manson.vistech.net/t3$examples/cornucopiae.html

The Applet doesn't actually take up any real-estate on the html page but
pops up a couple of dialogue boxes to handle user authentication. To see it
in action click on: -
http://manson.vistech.net/t3$examples/demo_client_web.html

Password: TIER3_DEMO
Username: QUEUE

All of the HTML/JavaScipt/Java code can be found at: -
http://manson.vistech.net/t3$examples/

In particular: -
http://manson.vistech.net/t3$examples/cornucopiae.java

HTH

Cheers Richard Maher