Java applet authentication

860543

I have an applet hosted in a webserver and since I installed Java 6 update 24, a window is shown asking for Network Credentials every time I open the page.

If I access it from a computer with an older Java version, it runs the applet without asking the credentials.

I'm using integrated authentication so, I don't want to ask any credentials as the user is already authenticated by the OS.

Does anyone can help me?

452196

I'd check the Java bugs database. Since Oracle took over the maintenance of the JRE "security issues" take priority over backward compatibility, and each new release is a minefield. If you can find the "security hole" this fixes there may be a work around listed.

My own reaction has been, reluctantly, to tell our users to switch off automatic updates for Java.

793415

malcolmmc wrote:
..Since Oracle took over the maintenance of the JRE "security issues" take priority over backward compatibility, and each new release is a minefield. ..

AFAIU, that had begun even before Oracle bought Sun. Otherwise I agree with the general point of your comment.

baftos

Since the next generation plug-in, I have seen situations where there is a 'disconnection' between what the browser knows (like 'sessions') and what the plug-in knows. I would explain this by the fact that the browser and the VM are now two separate processes (plus, of course, what the others have said). Try to disable the next generation plug-in in the advanced section of the Java Control Panel. Not a proper solution, in my opinion, but let's see if this helps.

860543

I tried to disabled the next generation plug-in and it doesn't ask for authentication any more. I have to find a way to solve this on the server side because I cannot control what clients have configured......


I will check on bugs database, maybe there's some information about this.

thanks!

868917

Were you able to find a server side fix for this? I've run accross the same thing and have not been able to find a resolution.

I just tried the latest release (update 26) and the issue remains. Disabling the next generation plug-in works for me as well, but I've got over 100 very non-technical users that are confused by this extra login prompt and really need a server side solution.

erikc

i found the Bug listed for this issue, but they claim the fix mentioned in this thread doesn't fix the problem. yet for most if not all of us... it does:


Bug 6936012: In Microsoft Internet Explorer Java Plug-In re-challenges for authentication
________________________________________
Bug Attributes
________________________________________
Type B - Defect Fixed in Product Version
Severity See FR
Status 3-Accepted
Created 18-Mar-2010
Updated 27-Jul-2011
Product Source Sun
Related Products
Fix Request Attributes:
Fix Request # 6936012/
Target
Customer Status 3-Accepted
Severity 3-Medium
Duplicate Of
Committed Version
Fixed Version
Integrated Version
Verified Version
Last Updated 2011-07-27 00:00:00 GMT+00:00

Description:
FULL PRODUCT VERSION :
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
For various versions of Microsoft Internet Explorer (MSIE), the Java Plug-In (various versions of recent Java 6 Updates, including 18) re-challenges for authentication when an applet makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. [This web site is the source of the applet as well.] This occurs despite having checked the "Remember my password" checkbox in the browser authentication dialog.

We have had numerous customer complaints about this with MSIE 6, 7, and 8. Internally this has only been reproduced with MSIE 7 and HTTPS.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Write an applet that makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. Test the applet in various MSIE versions with HTTP and HTTPS, checking the "Remember my password" checkbox in the browser authentication dialog.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet should re-use the authentication credentials already established by the browser.
ACTUAL -
The applet re-challenges for authentication -- causing great user annoyance and frustration.

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
This works fine in Firefox, but that's not acceptable to many customers.

This reportedly occurs irrespective of whether the next generation plug-in is enabled or not.
Date Modified 2010-03-18 00:00:00 GMT+00:00

Back to top