JSup v6 is able to provide most of its graphics features to web clients.

= Configuration of HTML5 web server =
This features has to be licensed (or it will run only in demo mode) and must be enabled and configured via [JSup Application properties|application properties]:
 ;web.server.port:Request to start the web server with HTML5 graphics at the specified port (this property is requested to start the web server). Use a port like 433 or 8433 if TLS is enabled or 80 / 8080 otherwise.
 ;web.login.requestedSecurityGroupName:Define the security group name a [JSup users|JSup user] must belong to be able to login to JSup via web browser (default is ''web'').
 ;web.session.timeout.min:Set the timeout of unused web sessions (in minutes) before a new login is requested; default is 10080 minutes (one week).
 ;web.server.showDelayMs:Set the initial delay before the home window is displayed on a web client connection (in ms, default 2000) - can be usefully increased for slow JSup server.

= Communication security =
JSup is able to provide cryptographic communication security and server authentication via [wikipedia:Transport Layer Security].
See [#Client certificates] for certificate creation parameters corresponding to following application properties:
 ;web.server.TLS:A value of true will enable encrypted comunication between browser and JSup web server and server authentication (you must [#Provide server certificate for TLS protocol|provide server certificate]).
 ;web.server.keystore.file:Name of the keystore file (full file path or the file name only, in this case the location is application setting dir); default is <TT>tomcat.jks</TT>
 ;web.server.keystore.pass:Password of the keystore specified by web.server.keystore.file property (see [#Provide server certificate for TLS protocol|provide server certificate]); this value is required.
 ;web.server.keyAlias:The key alias within the keystore specified by web.server.keystore.file; default is <TT>JSupTomcat</TT>.
 ;web.server.keyAlias:The private key password of the web server key identified by <TT>web.server.keyPass</TT> property within the keystore specified by <TT>web.server.keystore.file</TT>
 ;web.server.maxThreads:The maximum number of threads that will serve the web server (default is 10, this property is considered only if <TT>web.server.TLS=true</TT>)
 ;web.server.TLS.fallbackPort:The port where a non SSL listening socket is opened if SSL configuration is invalid (for missing files for example) and current host is in <TT>web.server.TLS.fallbackHostList</TT> property. Usefull during improvement of an application already in production to test some changes from a web client.
 ;web.server.TLS.fallbackHostList:A comma separated list of hostnames where an invalid TLS configuration is replaced with a non SSL connection at web.server.TLS.fallbackPort

Example of properties for server security/encription:
<code>web.server.keyAlias=JSupTomcat
web.server.keyPass=changeit
web.server.keystore.file=tomcat.jks
web.server.keystore.pass=test
web.server.port=8443
web.server.TLS=true
web.server.TLS.fallbackHostList=devPC1,devPC2
web.server.TLS.fallbackPort=2080</code>

See also [Gestione di una certification autority|Certification autority management].
= Client certificates =
This application properties configure the client certification validation:
 ;web.client.auth:Set to <TT>true</TT> if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. Set to <TT>optional</TT> if you want the SSL stack to request a client certificate, but not fail if one isn't presented. A '''false''' value (which is the default) will not require a certificate chain.
 ;web.client.trustStoreFile:The name (and path if not in the application setting dir) of trust store file to use to validate client certificates (default value is <TT>tomcat-CA-certs.jks</TT>)
 ;web.client.trustStorePass:The password to access the trust store
 ;web.client.certCN_user-''<code><CommonName></code>'':associate a client certificate common name (CN) to a JSup application user name. This bind will eliminate the login request, the user will be recognized by the client certificate.
 ;web.client.crlFile:The http/https URL of CA CRL or the name (and path if not in the application setting dir) of the Certificate Revocation List (CRL) for client revoked certificate check.

Example of client certificate properties:
<code>web.client.auth=optional
web.client.certCN_user-John Smith=Smith
web.client.trustStoreFile=tomcat-CA-certs.jks
web.client.trustStorePass=changeit
web.client.crlFile=http://www.domain.com/ca/myCA-crl.pem</code>

= Custom client experience =
It's possible to set some custom CSS for specific client using a [JavaCode functions] defined as <TT>Properties getCssRulesForWebClient( Map v ) throws JException</TT> in the [JSup domains|shared domain].
This method receives a map of value the can be used to determine the type of client and define the css for his user experience if necessary.
The value in <TT>v</TT> are:

<!-- tentativo di impostare la larghezza delle colonne: ><colgroup><col style="width: 20%;"><col style="width: 15%;"><col style="width: 30%;"><col style="width: 20%;"><col style="width: 35%;"></colgroup -->
{| border=1 cellspacing=0
|-
!Property
!Type
!Description
!Example
|-
|agent
|String
|the user agent type
|MobileWebKitiPhone
|-
|certCN
|String
|the common name of the client certificate
|John Smith
|-
|clientAddress
|String
|the client address
|192.168.50.53
|-
|dpiScale
|Double
|the browser-side DPI scaling factor
|1.0
|-
|hostName
|String
|the server host name that is used by the client
|10.51.50.0:8080
|-
|locale
|java.util.Locale
|the preferred language indicated in the request header
|it_IT
|-
|screenHeight
|Integer
|the vertical resolution of the client's screen in pixel
|736
|-
|screenWidth
|Integer
|the horizontal resolution of the client's screen in pixel. This is not the width of the browser client area, but of the device screen. For a mobile device it could not match the real screen size.
|414
|-
|timeZoneName
|String
|the time zone name as reported by the client
|Europe/Rome
|-
|timeZoneOffset
|Integer
|the time zone offset as reported by the client (in minutes)
|120
|-
|urlScheme
|String
|the URL scheme used for the request
|http
|-
|userAgent
|String
|the user agent
|Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_6
like Mac OS X) AppleWebKit/605.1.15 (KHTML,
like Gecko) Version/15.6.4 Mobile/15E148
Safari/604.1
|}

The method must return a <TT>Properties</TT> object (or <TT>null</TT>), each property defines the css scope in the key and the css rules in the value.
Map keys are processed in alphabetic '''order''' and this order can be used to force the order the css rules will be defined: a prefix like "<TT> (001) </TT>" can be used in keys to force the order (the number of digit between the brackets may vary - please note the space before and after the brackets).
Special keys can be used to define some properties for the client:
 * “<TT>:bodyZoomPercent</TT>” to define a percent zoom, for example <TT>150</TT> increases the size to one and a half times. This property will also be used to scale the mouse event to match the zoomed window content.
 * “<TT>:customWidth</TT>” for WebGPanel
 * “<TT>:customHeigth</TT>” for WebGPanel
 * “<TT>:homeWindows</TT>” a '|' separated list of window names (or a singole one) to be shown as starting page(s). This permit to have a home page(s) for web clients or even a custom home page(s) for a specific web client.