Forum Stats

  • 3,839,990 Users
  • 2,262,557 Discussions
  • 7,901,118 Comments

Discussions

Java applet authentication

860543
860543 Member Posts: 7
edited Aug 17, 2011 10:42PM in Java Programming
I have an applet hosted in a webserver and since I installed Java 6 update 24, a window is shown asking for Network Credentials every time I open the page.

If I access it from a computer with an older Java version, it runs the applet without asking the credentials.

I'm using integrated authentication so, I don't want to ask any credentials as the user is already authenticated by the OS.

Does anyone can help me?

Answers

  • 452196
    452196 Member Posts: 348
    I'd check the Java bugs database. Since Oracle took over the maintenance of the JRE "security issues" take priority over backward compatibility, and each new release is a minefield. If you can find the "security hole" this fixes there may be a work around listed.

    My own reaction has been, reluctantly, to tell our users to switch off automatic updates for Java.
  • 793415
    793415 Member Posts: 7,279 Bronze Badge
    malcolmmc wrote:
    ..Since Oracle took over the maintenance of the JRE "security issues" take priority over backward compatibility, and each new release is a minefield. ..
    AFAIU, that had begun even before Oracle bought Sun. Otherwise I agree with the general point of your comment.
  • baftos
    baftos Member Posts: 3,431
    Since the next generation plug-in, I have seen situations where there is a 'disconnection' between what the browser knows (like 'sessions') and what the plug-in knows. I would explain this by the fact that the browser and the VM are now two separate processes (plus, of course, what the others have said). Try to disable the next generation plug-in in the advanced section of the Java Control Panel. Not a proper solution, in my opinion, but let's see if this helps.
  • 860543
    860543 Member Posts: 7
    I tried to disabled the next generation plug-in and it doesn't ask for authentication any more. I have to find a way to solve this on the server side because I cannot control what clients have configured......


    I will check on bugs database, maybe there's some information about this.

    thanks!
  • 868917
    868917 Member Posts: 2
    edited Jun 14, 2011 8:49PM
    Were you able to find a server side fix for this? I've run accross the same thing and have not been able to find a resolution.

    I just tried the latest release (update 26) and the issue remains. Disabling the next generation plug-in works for me as well, but I've got over 100 very non-technical users that are confused by this extra login prompt and really need a server side solution.
  • erikc
    erikc Member Posts: 1
    i found the Bug listed for this issue, but they claim the fix mentioned in this thread doesn't fix the problem. yet for most if not all of us... it does:


    Bug 6936012: In Microsoft Internet Explorer Java Plug-In re-challenges for authentication
    ________________________________________
    Bug Attributes
    ________________________________________
    Type B - Defect Fixed in Product Version
    Severity See FR
    Status 3-Accepted
    Created 18-Mar-2010
    Updated 27-Jul-2011
    Product Source Sun
    Related Products
    Fix Request Attributes:
    Fix Request # 6936012/
    Target
    Customer Status 3-Accepted
    Severity 3-Medium
    Duplicate Of
    Committed Version
    Fixed Version
    Integrated Version
    Verified Version
    Last Updated 2011-07-27 00:00:00 GMT+00:00

    Description:
    FULL PRODUCT VERSION :
    java version "1.6.0_18"
    Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
    Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)

    ADDITIONAL OS VERSION INFORMATION :
    Microsoft Windows XP [Version 5.1.2600]

    A DESCRIPTION OF THE PROBLEM :
    For various versions of Microsoft Internet Explorer (MSIE), the Java Plug-In (various versions of recent Java 6 Updates, including 18) re-challenges for authentication when an applet makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. [This web site is the source of the applet as well.] This occurs despite having checked the "Remember my password" checkbox in the browser authentication dialog.

    We have had numerous customer complaints about this with MSIE 6, 7, and 8. Internally this has only been reproduced with MSIE 7 and HTTPS.

    STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
    Write an applet that makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. Test the applet in various MSIE versions with HTTP and HTTPS, checking the "Remember my password" checkbox in the browser authentication dialog.

    EXPECTED VERSUS ACTUAL BEHAVIOR :
    EXPECTED -
    The applet should re-use the authentication credentials already established by the browser.
    ACTUAL -
    The applet re-challenges for authentication -- causing great user annoyance and frustration.

    REPRODUCIBILITY :
    This bug can be reproduced always.

    CUSTOMER SUBMITTED WORKAROUND :
    This works fine in Firefox, but that's not acceptable to many customers.

    This reportedly occurs irrespective of whether the next generation plug-in is enabled or not.
    Date Modified 2010-03-18 00:00:00 GMT+00:00

    Back to top
This discussion has been closed.