Java Plug-in and Applet Architecture

These documentation pages are no longer current. They remain available for archival purposes. Please visit for the most up-to-date documentation.

Java Rich Internet Applications Guide > Applet Developer's Guide > Java Plug-in and Applet Architecture

This document describes how the Java Plug-in controls the execution of applets and interactions between applets and the browser.

The following topics are covered:


Java Runtime Environment

With the Java Plug-in, applets are not run in the JVM inside the browser. Instead, they are executed in a separate process. The same JVM process can be shared between multiple applets, or applets may be placed into different processes depending on whether the existing JVMs match the applet requirements and have enough resources to execute the applet. An applet can request specific version of JRE to be used and can specify what options need to be passed to the JVM. An applet can also request to be executed in the separate JVM.

Java Plug-in running applets on different JRE versions

The browser and the applet can still communicate with one another, however. Existing APIs have been re-engineered to use process sockets, so things continue to work as they did before, only better. This architecture provides a number of benefits:

With that architecture, a new JRE can be launched whenever it is needed. But an applet will run in an existing JRE as long as:

  1. The JRE version required by the applet matches an existing JRE, and
  2. The JRE's launch parameters satisfy the applet's requirements


Java Runtime Environment Version Selection

On all platforms, the Java Plug-in locates JREs to use from the entries listed in the Java Control Panel ("Java" tab, "View" button). The available JREs in this list are encoded in the file whose location is platform-dependent. On the Windows platform, it is generally located in C:\Users\[username]\AppData\LocalLow\Sun\Java\Deployment. On Solaris, Linux, and Mac OS X platforms, it is generally located in ~/.java/deployment/

On Windows platforms, both the Java Control Panel and the Java Plug-in will automatically detect the installed JREs and add them to the available set. On Solaris, Linux, and Mac OS X platforms, auto-detection of installed JREs is not supported. The Java Runtime Environment Settings dialog, which is accessed by clicking View in the Java tab of the Java Control Panel, may be used to manually add JREs to the known list for the Java Plug-in.

By default, the Java Plug-in will execute all applets in the latest JRE version named in this list. It will only execute an applet on an earlier JRE version if explicitly requested.

When considering a request to launch an applet on a specific JRE version (for example, a particular update release like "1.5.0_11"):

  1. The list of available JREs is consulted. If there is an exact match of the version string, that JRE version is selected. Otherwise, if there are one or more installed JREs in the same family, the latest version is selected. Otherwise, the latest available JRE on the machine is selected.
  2. The selected JRE version is compared against the security baseline for the family. (See Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer for more information.) If it is equal to or more recent than that version, no further prompting is done and the applet is launched.
  3. Otherwise, the code for the applet is downloaded in a JVM instance of the selected JRE version. If the applet is signed and the user accepts the security dialog for the applet (or the code source has already been trusted), no further prompting is done and the applet is launched.
  4. Otherwise, we are dealing with an unsigned applet on an "older" JRE version. A dialog box is presented indicating that this applet is requesting to run on top of an older JRE release, and asks the user whether he or she wants to allow it to. If the user clicks "yes", the applet is launched. If the user clicks "no", the applet is re-launched on top of the latest available JRE version.

When considering a request to launch an applet on a particular family, the most recent JRE from that family will be selected and the above steps starting from (2) will be followed.

When considering a request to launch an applet on a particular family or any later family, the latest available JRE will be used to launch the applet.

Thread Considerations

A web browser's JavaScript interpreter engine is single thread. The Java Plug-in is capable of managing multiple threads. The Java Plug-in creates a separate worker thread for every applet. Applets themselves may be multi-threaded. Applets making JavaScript to Java calls and vice versa should be designed with the thread related issues in mind.

The following picture shows the thread interactions between the JavaScript Interpreter, Java Plug-in and an applet (i.e. Java).

JavaScript Interpreter, Java Plug-in and Applet Thread Interactions

When the JavaScript interpreter is idle, the Java Plug-in executes a JavaScript to Java call on the per applet worker thread (JavaScript Interpreter Not Busy scenario).

When a Java to Javascript call is in progress and a JavaScript to Java call is made, the latter is executed on the same thread that made the Java to JavaScript call (Round Trip scenario).

When a thread is executing a Java to JavaScript call, another thread wanting to do the same will be blocked till the first thread has received its result and is done (JavaScript Interpreter Busy scenario)

In order to avoid thread related issues especially when multiple applets are running simultaneously, keep both Java to JavaScript and JavaScript to Java calls short and avoid round trips, if possible.

Classloader Cache and Interaction between Applets

Normally, if two applets have the same codebase and archive parameters, they will be loaded by the same class loader instance. This behavior is required for backward compatibility, and is relied on by several real-world applications. The result is that multiple applets on the same web page may access each others' static variables at the Java language level, effectively allowing the multiple applets to be written as though they comprised a single application.

While this feature enables certain kinds of applications to be conveniently written, it has certain drawbacks. It interferes with termination of applets, in particular when multiple instances of the same applet are active. It makes the programming model for applets more complex, since it is under specified exactly when the static fields of an applet will be re-initialized, and when they will be maintained from run to run of the same applet. It causes imprecise behavior of certain user interface operations within the Java Plug-in due to the inability to identify exactly which applet initiated a particular request.

For this reason, the Java Plug-in provides a way to opt out of the use of the classloader cache on an applet by applet basis.

Applet Garbage Collection

Garbage collection occurs on an applet instance immediately after the destroy method finishes. The garbage collection applies to all memory acquired by the applet, except for static variables. Statics are preserved in the classloader cache, along with the classes themselves, for as long as the class loader is present.

So when does the class loader go away? That behavior is not specified. It's up to the implementation of the Java virtual machine and its interactions with the operating system. You can expect it be retained for as long as possible, but to be discarded when the memory is needed for other purposes.

Applet Privileges

All applets should be signed with a certificate from a recognized certificate authority. The user must agree to run an applet and having a valid certificate provides the user with some assurance that the applet is safe to run. An applet runs in a secure sandbox that prevents it from interacting with the users system, unless authorized. To obtain that authorization, the applet must request permissions when it is launched and the user must agree to run the applet. Permissions are needed to:

The basic applet security model is an all or nothing proposition. An applet with permissions has full access to the user's system. Without permissions, the applet has virtually no access at all.

Deployment of applets using JNLP allows them to avail a more fine-grained security model (similar to Java Web Start applications), that gives them controlled access to a user's system, under control of the user. (For example, the ability to save or open a file selected by the user and the ability to print.)

Proxy Configuration

See Proxy Configuration for details.


See Security for details.


Copyright © 1993, 2020, Oracle and/or its affiliates. All rights reserved.