Our Client is one of the largest US-based building energy efficiency businesses, owned by one of the world’s biggest energy companies.
Several hundred buildings’ energy systems are managed by legacy hardware systems with control dashboards that run on Java Applets, served over unencrypted HTTP. These systems can only be accessed by our Client’s technicians, as well as by their clients, using legacy browsers, such as Internet Explorer, with a local client installation of Java 8. Furthermore, communication with these systems is insecure and unencrypted, exposing potential security vulnerabilities.
This is causing major operational issues and forcing the IT department to maintain legacy client systems, as these applications are mission-critical. To solve this issue, they have deployed the CheerpJ technology.
Unique technical challenges
The CheerpJ technology is typically used as either an ahead-of-time conversion step, integrated into a custom HTML page or as a browser extension for the on-the-fly conversion of Java Applets on unmodified HTML pages.
In this project, our Client requirements specified that access was to be possible from any unmodified browser, ruling out the use of a browser extension. Since the dashboard application in question is hosted on proprietary hardware, it was also impossible to customise the HTML page hosting the Applet, making it impossible to use the standard ahead-of-time approach.
To resolve this issue, we developed a custom reverse proxy server, which is used to inject the CheerpJ runtime on each HTML page that hosts a Java Applet. Similarly to the CheerpJ browser extension, this performs an on-the-fly conversion of the Applet into HTML5, providing access from modern browsers.
In addition, this reverse proxy was configured to automatically upgrade the whole client machine to HTTPS communication with the building management systems.
The Result
The client now uses CheerpJ as part of its internal systems to allow access to all these Java Applets via modern browsers.
This was possible, even with the applets being served by unmodifiable embedded hardware, thanks to a custom-made reverse proxy server. The server, by injecting CheerpJ into the page, converts each Applet to HTML5/JavaScript/WebAssembly on the fly, without access to the source code.
After integrating CheerpJ into their architecture, our Client can now provide their system dashboards in HTML5, dropping internal requirements for legacy browsers and Java installations. Furthermore, the reverse proxy allowed for a company-wide upgrade to HTTPS.