Trail: Deployment
Lesson: Java Applets
Section: Doing More With Applets
What Applets Can and Cannot Do
Home Page > Deployment > Java Applets

What Applets Can and Cannot Do

Java applets are loaded on a client when the user visits a page containing an applet. The security model behind Java applets has been designed with the goal of protecting the user from malicious applets.

Applets that are not signed using a security certificate are considered to be untrusted and referred to as unsigned applets. When running on a client, unsigned applets operate within a security sandbox that allows only a set of safe operations.

Applets can be signed using a security certificate to indicate that they come from a trusted source. Signed applets operate outside the security sandbox and have extensive capabilities to access the client. A signed applet will run outside the security sandbox only if the user accepts the applet's security certificate. If the user refuses to accept the certificate, the applet will run within the security sandbox similar to an unsigned applet.

With recent improvements to the Java Plug-in software, unsigned applets launched using Java Network Launch Protocol (JNLP) can safely access the client with the user's permission. It is recommended that you launch your applet using JNLP to leverage expanded capabilities and improve user experience. See Deploying an Applet for step by step instructions on applet deployment.

In this, topic we will discuss the security restrictions and capabilities of applets.

Unsigned Applets

Unsigned applets can perform the following operations:

Unsigned applets cannot perform the following operations:

Signed Applets

Signed applets do not have the security restrictions that are imposed on unsigned applets and can run outside the security sandbox.

Note:  JavaScript code is treated like unsigned code. When a signed applet is accessed from JavaScript code in an HTML page, the applet is executed within the security sandbox. This implies that the signed applet essentially behaves likes an unsigned applet.

See Security in Rich Internet Applications for information on how to work with signed and unsigned code.

Additional Information

For more information about applet security dialog boxes, see Exploring Security Warning Functionality (article on

Problems with the examples? Try Compiling and Running the Examples: FAQs.
Complaints? Compliments? Suggestions? Give us your feedback.

Previous page: Network Client Applet Example
Next page: Solving Common Applet Problems - all specs in one place