Applets and Security

Now that you understand how files are transferred across the Web, you’re ready to explore how applets are transferred. On one hand, applets are just more files that are transferred like any other. On the other hand, what an applet can do is closely related to where it came from. This isn’t true of other data types such as HTML and GIF.

Where Do Applets and Classes Come from?

When a web browser sees an applet tag and decides to download and play the applet, it starts a long chain of events. Let’s say your browser sees the following applet tag:

<applet codebase="" 
        code="Animation.class" width="200" height="100">
  1. The web browser sets aside a rectangular area on the page 200 pixels wide and 100 pixels high. In most web browsers, this area has a fixed size and cannot be modified once created. The appletviewer in the JDK is a notable exception.

  2. The browser opens a connection to the server specified in the codebase parameter, using port 80 unless another port is specified in the codebase URL. If there’s no codebase parameter, then the browser connects to the same server that served the HTML page.

  3. The browser requests the .class file from the web server as it requests any other file. If a codebase is present, it is prefixed to the requested filename. Otherwise, the document base (the directory that contains the HTML page) is used. For example:

    GET /javafaq/classes/Animation.class HTTP 1.0
  4. The server responds by sending a MIME header followed ...

Get Java Network Programming, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.