Java applets are loaded on a client when the user visits a page containing an applet. The security model behind Java applets has been designed with the goal of protecting the user from malicious applets.
Applets are either sandbox applets or privileged applets. Sandbox applets are run in a security sandbox that allows only a set of safe operations. Privileged applets can run outside the security sandbox and have extensive capabilities to access the client.
Applets that are not signed are restricted to the security sandbox, and run only if the user accepts the applet. Applets that are signed by a certificate from a recognized certificate authority can either run only in the sandbox, or can request permission to run outside the sandbox. In either case, the user must accept the applet's security certificate, otherwise the applet is blocked from running.
It is recommended that you launch your applet using Java Network Launch Protocol (JNLP) to leverage expanded capabilities and improve user experience. See Deploying an Applet for step by step instructions on applet deployment.
It is recommended that you deploy your applets to a web server, even for testing. To run applets locally, add the applets to the exception site list, which is managed from the Security tab of the Java Control Panel.
In this topic we will discuss the security restrictions and capabilities of applets.
Sandbox applets are restricted to the security sandbox and can perform the following operations:
showDocument
method of the java.applet.AppletContext
class.CLASSPATH
) have none of the restrictions that applets loaded over the network do.Sandbox applets cannot perform the following operations:
Privileged applets do not have the security restrictions that are imposed on sandbox applets and can run outside the security sandbox.
See Security in Rich Internet Applications for information on how to work with applets.
For more information about applet security dialog boxes, see Exploring Security Warning Functionality (article on oracle.com/technetwork)