Java deprecated: Oracle buries the Java Browser Plug-in
Java icon. Programming language image via Shutterstock
The Java Browser Plug-in will soon be a thing of the past. As Dalibor Topic announced on Oracle’s Java Platform blog, the plug-in is to be marked at “deprecated” in the upcoming JDK 9 already. Is this the end of Java in browser applications?
Yes and no.
One thing is certain – Oracle will no longer maintain the Java Browser Plug-in with which Java Applets have been operated since the beginning of Java. The farewell announced by Oracle suggests that use of the plug-in in the next Java version (JDK 9 announced for the beginning of 2017) will no longer be recommended. After that, the technology would be removed from the official Oracle JDK and JRE in, as it is called, “a future Java SE release.”
This decision was justified with the announcement of various browser providers stating that support for standard-based plug-ins like Flash, Silverlight and even Java would be cancelled. Already in October 2015, Oracle’s Donald Smith commented the move made by Mozilla to no longer offer any support for NPAPI (basis of the Java Browser plug-in) in the Firefox browser with advice to switch to plug-in-free technologies like Java Web Start.
Topic now proposes the same migration strategy: If you are still using Java Applets based on a browser plug-in, you should look around for alternatives to continue to run Java-based applications in browsers:
Developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology.
Read also: The features Project Jigsaw brings to Java 9
A farewell without pain
Of course, this step does not come as a surprise. The Java plug-in which in the past had been regularly responsible for security gaps in browser-based Java applications was already blocked or removed from the standard plug-in set of Firefox in 2013. Oracle itself had been increasingly hiding the plug-in behind security warnings and otherwise had to also deal with the negative publicity in mainstream media caused by the frequent security gaps. The fact that the server-side application of Java was rarely affected by the “spectacular Zero Day Exploits” had been at best mentioned in the margin in popular reports.
Hardly anybody will mourn the loss of the plug-in. Chrome said goodbye to Java in April 2015, Firefox in October 2015, Microsoft Edge plans for no Java from the very start. Whoever cries in protest now has not recognized the sign of the times. Oracle has been consistently ridding itself of a burden which brings the company no commercial benefit and in addition is nearly impossible to master technically. Therefore, Java could disappear from questionable lists of the least secure IT programs in the foreseeable future. So much the better!
If you are still using Applets, you have a realistic time horizon to switch to different technologies – like what the German Elster Tax program had acknowledged in 2013. JDK 9 will come in 2017, a following release 2 years later at the earliest, however, the practice of shifting Java releases may even play into the hands of a changeover strategy. In addition, Oracle seems to have not yet decided when exactly the Java plug-in would be banished from JDK – so far, talk was only of a “later release.”
Be that as it may – a Migration Guide (PDF) by Oracle should help in the switch from Java Applets to plug-in-free Java technologies. The fact that many providers may during refactoring reorient their applications to other technologies – HTML5 is the keyword here – is a completely different kettle of fish.