Java Applet as a Facebook App

This post was written by Brandon on June 5, 2009
Posted Under: Java,PHP

I recently received an email asking how I figured out how to pass information from the Facebook API to a Java Applet.

In the email, the man wanted to be able to access the users Facebook images so they can edit them within the applet. The way the Facebook API is setup, you can not pass a url that is direct to the .jpg/.gif/whatever format it may be in. Because of this, images can not be passed. I know there is a Java Facebook API connector, but I have not figured out how to use it. The unofficial Facebook Java API can be found here:
I have taken a brief look at it, but haven't given it enough patience to actually figure out how to work with it. Through the use of that, you SHOULD be able to access images.

I will continue this tutorial going on how to pass your applet simple data such as their name and Facebook ID.

Now lets start, make sure in the Canvas settings of your Facebook app you are using FBML, not iFrame!

We will first set up the Java side. The way I did it was simply use PHP on the Facebook page to read your first name, last name and Facebook profile ID, then build the html with that into the applets parameters. I know this way is not very safe, as anybody with basic knowledge can pass the Facebook name and ID of anybody. The reason I did not care so much about this was because it was a simple joke game I made based on scores, it wasn't very important if other people made scores for others.

Continue in the full article for the rest:

Your init function should be similar to this:

  public void init() {
    firstname   = getParameter("firstname");
    lastname   = getParameter("lastname");
    facebookid   = getParameter("facebookid");
    facebookidmd5   = getParameter("facebookidmd5");
    if (firstname.equals("") && lastname.equals("") && facebookid.equals("")){
      nameError = true;
      nameError = false;

Basically, firstname,lastname,facebookid and facebookidmd5 are all strings previously declared. nameError is a boolean and it is used somewhere else in my program, mainly to ensure that my game doesnt try to send scores along with a empty name. facebookidmd5 was my basic way of checking validity, but your own encryption function should be made because anybody that knows it is md5 can easily remake it. The PHP script that passes these parameters calculates the md5 for the Facebook ID and the Java applte does the same, and compares them.

Simply searching google for a Java function to make an MD5 hash is not enough as it will not include the first 0, if any, while PHP does. Here are my modifications of the script and my own function to ensure the first 0 is added.

  public static String makeMd5(String strtomd5) {
    String md5str = null;
    try {
      MessageDigest md5 = MessageDigest.getInstance("MD5");
      BigInteger hash = new BigInteger(1, md5.digest());
      md5str = hash.toString(16);
    } catch (NoSuchAlgorithmException nsae) {
    return md5str;
  public static String processMd5(String strtomd5){
    String tempmd5 = makeMd5(strtomd5);
    if (tempmd5.length() < 32){
      tempmd5 = "0"+tempmd5;
    return tempmd5;

Then, back in the init function, you can simply do this:

newidmd5 = processMd5(facebookid);
if (!newidmd5.equals(facebookidmd5)){
//it dosnt equal
nameError = true;
nameError = false;

Or you can even use a different boolean, that way you can alert the user that there was an encryption/decryption problem.

Now that we have the applet setup, lets make the two PHP scripts used to get the Facebook data and running the applet.
Note: From this point on, I am already assuming you downloaded the Facebook API PHP files and have them all in a folder. The scripts we are about to work on must be in the same folder.
Here is the index.php file I am using. It is what shows up on the main page of your Facebook app.

I am going to try using a program to colour code all this so it is easier to read.

require_once 'facebook.php';
$template_bundle_id = 209259015007;
$appapikey = 'PLACE YOUR API KEY HERE';
//Note, the above two can be found on the page for your app in the Developer application
$facebook = new Facebook($appapikey, $appsecret);
$user_id = $facebook->require_login(); //user_id stores the Facebook id of the user. The value of your own can be found if you go to your profile page and look in the URL.

$facebookid2 = $user_id;

echo "<p>Welcome to my app!";

$facebookmd52 = md5($facebookid2);
$user_details=$facebook->api_client->users_getInfo($user_id, array('last_name','first_name')); $data['first_name']=$user_details[0]['first_name']; $data['last_name']=$user_details[0]['last_name'];
$firstname2 = $data['first_name']; //getting the data
$lastname2 = $data['last_name'];
//the 2 is at the end of the file because there seems to be conflict amung the files that are using the same variable names

$facebookidmd5 = md5($facebookid2);//Encrypted to md5 to be passed to the app. The java applet verifies this.

//Load the dynamic app below!
echo '<fb:iframe src="',$firstname2,'&lastname=',$lastname2,'&facebookid=',$facebookid2,'&facebookidmd5=',$facebookidmd5,'" frameborder="0" scrolling="no" width = "500" height = "500"></fb:iframe>';

Ohh wow, I like that. I will use that more often.

And here is the file for loading the app. Call this app.php. If you rename this, be sure to also rename it in the index.php file!

//Preventing XSS and SQL injection attacks! Read the post about this here:
$firstname= $_GET['firstname'];
$firstname = stripslashes($firstname);
$firstname= htmlentities($firstname);

$lastname = $_GET['lastname'];
$lastname = stripslashes($lastname);
$lastname= htmlentities($lastname);

$facebookid = $_GET['facebookid'];
$facebookid = stripslashes($facebookid);
$facebookid= htmlentities($facebookid);
$facebookidmd5 = $_GET['facebookidmd5'];
$facebookidmd5= stripslashes($facebookidmd5);
$facebookidmd5= htmlentities($facebookidmd5);

echo '<center><applet code = "javaapplet.class" width = "500" height = "500">';

echo'<PARAM NAME="firstname"    VALUE="',$firstname,'">';
echo'<PARAM NAME="lastname"    VALUE="',$lastname,'">';
echo'<PARAM NAME="facebookid"    VALUE="',$facebookid,'">';
echo'<PARAM NAME="facebookidmd5"    VALUE="',$facebookidmd5,'">';
echo '</applet></center>';

Point your canvas page to the index.php file you host, setup the API key and the appsecret and your on your way!

I only have a week left of school, after I can look further into the Java developer API and see what more can be done!

Ask any questions below, or contact me through the contact tab!

Reader Comments

Bonjour, je voudrai juste une petite piste svp, j’ai mon applet java qui tourne et qui est integrer dans un epage html, comment l’intergrer dans facebook , merci

Written By Jerome on December 10th, 2009 @ 7:47 am

Add a Comment

required, use real name
required, will not be published
optional, your blog address

Previose Post: