These documentation pages are no longer current. They remain available for archival purposes. Please visithttps://docs.oracle.com/javase for the most up-to-date documentation.

Applet Developer's Guide > JavaPlug-in and Applet Architecture

Contents

• Architecture
  • Java RuntimeEnvironment
  • Java RuntimeEnvironment Version Selection
  • ThreadConsiderations
  • Classloader Cacheand Interaction between Applets
  • Applet GarbageCollection
  • AppletPrivileges
  • ProxyConfiguration
  • Security
• Best Practices forApplet Development

This document describes how the next-generation Java Plug-in,introduced in the Java SE 6 update 10 release, controls theexecution of applets and interactions between applets and thebrowser.

Architecture

Java Runtime Environment

With the next-generation Java Plug-in, the JRE no longer runsinside the browser. Instead, the JRE runs in a separateprocess. By default, all applets run in the same JRE instance.However, applets can now specify the JRE version they require torun on. More than one JRE instance will be launched when differentversions of the JRE are needed, or when the applet requires moreresources than any currently extant instance can supply.

The browser and the applet can still communicate with oneanother, however. Existing APIs have been re-engineered to useprocess sockets, so things continue to work as they didbefore--only better. This architecture provides a number ofbenefits:

• Applets that require different versions of the JRE can runsimultaneously. 
• Applets can specify JRE start-up parameters such as heap size.(A new applet uses an existing JRE if it's requirements are asubset of an existing JRE, otherwise, a new JRE instance islaunched.) 
• The message-passing interfaces are written in Java, so they runon all supported platforms, in the same way, socross-browser compatibility is enhanced.

With that architecture, a new JRE can be launched whenever it isneeded. But an applet will run in an existing JRE as long as:

1. The JRE version required by the applet matches anexisting JRE, and
2. The JRE's launch parameters satisfy the applet'srequirements

Note:

• If two applets each require a large amount of memory, theymight both run in the same JRE, causing one of them to run out ofmemory. But that's only a concern when you have multiple appletsrunning simultaneously.
   
• The Java browser plugin finds available JREs by inspecting theJava Control Panel.

Java RuntimeEnvironment Version Selection

On all platforms, the new Java Plug-in locates JREs to use fromthe entries listed in the Java Control Panel ("Java" tab, "View"button under "Java Applet Runtime Settings"). The available JREs inthis list are encoded in thedeployment.propertiesfile whose location is platform-dependent. On the Windows platform,it is generally located inC:\Documents andSettings\[username]\Application Data\Sun\Java\Deployment. OnUnix platforms, it is generally located in~/.java/deployment/deployment.properties.

On Windows platforms, both the Java Control Panel and the newJava Plug-in will automatically detect the installed JREs and addthem to the available set. On Unix platforms, auto-detection ofinstalled JREs is not supported. The Java Applet Runtime Settingsdialog in the Java Control Panel may be used to manually add JREsto the known list for the new Java Plug-in.

By default the new Java Plug-in will execute all applets in thelatest JRE version named in this list. It will only execute anapplet on an earlier JRE version if explicitly requested.

When considering a request to launch an applet on a specific JREversion (for example, a particular update release like"1.5.0_11"):

1. The list of available JREs is consulted. If there is an exactmatch of the version string, that JRE version is selected.Otherwise, if there are one or more installed JREs in the samefamily, the latest version is selected. Otherwise, the latestavailable JRE on the machine is selected.
2. The selected JRE version is compared against thesecuritybaseline for the family. If it is equal to or more recent thanthat version, no further prompting is done and the applet islaunched.
3. Otherwise, the code for the applet is downloaded in a JVMinstance of the selected JRE version. If the applet is signed andthe user accepts the security dialog for the applet (or the codesource has already been trusted), no further prompting is done andthe applet is launched.
4. Otherwise, we are dealing with an unsigned applet on an "older"JRE version. A dialog box is presented indicating that this appletis requesting to run on top of an older JRE release, and asks theuser whether he or she wants to allow it to. If the user clicks"yes", the applet is launched. If the user clicks "no", the appletis re-launched on top of the latest available JRE version.

When considering a request to launch an applet on a particularfamily, the most recent JRE from that family will be selected andthe above steps starting from (2) will be followed.

When considering a request to launch an applet on a particularfamily or any later family, the latest available JRE will be usedto launch the applet.

ThreadConsiderations

A web browser's JavaScript interpreter engine is single thread.The Java Plug-in is capable of managing multiple threads. The JavaPlug-in creates a separate worker thread for every applet. Appletsthemselves may be multi-threaded. Applets making JavaScript to Javacalls and vice versa, should be designed with the thread relatedissues in mind.

The following picture shows the thread interactions between theJavaScript Interpreter, Java Plug-in and an applet (i.e. Java).

When the JavaScript interpreter is idle, the Java Plug-inexecutes a JavaScript to Java call on the per applet worker thread(JavaScript Interpreter Not Busy scenario).

When a Java to Javascript call is in progress and a JavaScriptto Java call is made, the latter is executed on the same threadthat made the Java to JavaScript call (Round Trip scenario).

When a thread is executing a Java to JavaScript call, anotherthread wanting to do the same will be blocked till the first threadhas received its result and is done (JavaScript Interpreter Busyscenario)

In order to avoid thread related issues especially when multipleapplets are running simultaneously, keep both Java to JavaScriptand JavaScript to Java calls short and avoid round trips, ifpossible.

Classloader Cache andInteraction between Applets

Normally, if two applets have the samecodebase andarchive parameters, they will be loaded by the sameclass loader instance. This behavior is required for backwardcompatibility, and is relied on by several real-world applications.The result is that multiple applets on the same web page may accesseach others' static variables at the Java language level,effectively allowing the multiple applets to be written as thoughthey comprised a single application.

While this feature enables certain kinds of applications to beconveniently written, it has certain drawbacks. It interferes withtermination of applets, in particular when multiple instances ofthe same applet are active. It makes the programming model forapplets more complex, since it is under specified exactly when thestatic fields of an applet will be re-initialized, and when theywill be maintained from run to run of the same applet. It causesimprecise behavior of certain user interface operations within theJava Plug-in due to the inability to identify exactly which appletinitiated a particular request.

For this reason, the new Java Plug-in provides a way to opt outof the use of theclassloader cache onan applet by applet basis.

Applet Garbage Collection

Garbage collection occurs on an applet instance immediatelyafter thedestroy method finishes. The garbagecollection applies to all memory acquired by the applet,exceptfor static variables . Statics are preserved in the classloadercache, along with the classes themselves, for as long as the classloader is present.

So when does the class loader go away? That behavior is notspecified. It's up to the implementation of the Java virtualmachine and its interactions with the operating system. You canexpect it be retained for as long as possible, but to be discardedwhen the memory is needed for other purposes.

Applet Privileges

An applet runs in a secure sandbox that prevents it frominteracting with the users system, unless authorized. To obtainthat authorization, the applet can provide asecuritycertificate that the user must accept. A security certificateis needed to:

• Print
• Access the file system
• Access browser cookies
• Access other system resources

The basic applet security model is an all or nothingproposition. If you get a security certificate, you can give theapplet full access to the user's system. Without it, the applet hasvirtually no access at all.

Deployment of applets using JNLP allows them to avail a morefine-grained security model (similar to Java Web Startapplications), that gives them controlled access to a user'ssystem, under control of the user. (For example, the ability tosave or open a file selected by the user and the ability toprint.)

Proxy Configuration

SeeProxy Configuration in Java Deployment Guide fordetails.

Security

SeeSecurity in Java Deployment Guide fordetails.

Contact Us