Discussions
Categories
- 197K All Categories
- 2.5K Data
- 546 Big Data Appliance
- 1.9K Data Science
- 450.8K Databases
- 221.9K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 552 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 556 SQLcl
- 4K SQL Developer Data Modeler
- 187.2K SQL & PL/SQL
- 21.4K SQL Developer
- 296.4K Development
- 17 Developer Projects
- 139 Programming Languages
- 293.1K Development Tools
- 111 DevOps
- 3.1K QA/Testing
- 646.1K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 161 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 19 Java Essentials
- 162 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 205 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 475 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 175 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 233 Portuguese
Java applet authentication

860543
Member Posts: 7
I have an applet hosted in a webserver and since I installed Java 6 update 24, a window is shown asking for Network Credentials every time I open the page.
If I access it from a computer with an older Java version, it runs the applet without asking the credentials.
I'm using integrated authentication so, I don't want to ask any credentials as the user is already authenticated by the OS.
Does anyone can help me?
If I access it from a computer with an older Java version, it runs the applet without asking the credentials.
I'm using integrated authentication so, I don't want to ask any credentials as the user is already authenticated by the OS.
Does anyone can help me?
Tagged:
Answers
-
I'd check the Java bugs database. Since Oracle took over the maintenance of the JRE "security issues" take priority over backward compatibility, and each new release is a minefield. If you can find the "security hole" this fixes there may be a work around listed.
My own reaction has been, reluctantly, to tell our users to switch off automatic updates for Java. -
malcolmmc wrote:AFAIU, that had begun even before Oracle bought Sun. Otherwise I agree with the general point of your comment.
..Since Oracle took over the maintenance of the JRE "security issues" take priority over backward compatibility, and each new release is a minefield. .. -
Since the next generation plug-in, I have seen situations where there is a 'disconnection' between what the browser knows (like 'sessions') and what the plug-in knows. I would explain this by the fact that the browser and the VM are now two separate processes (plus, of course, what the others have said). Try to disable the next generation plug-in in the advanced section of the Java Control Panel. Not a proper solution, in my opinion, but let's see if this helps.
-
I tried to disabled the next generation plug-in and it doesn't ask for authentication any more. I have to find a way to solve this on the server side because I cannot control what clients have configured......
I will check on bugs database, maybe there's some information about this.
thanks! -
Were you able to find a server side fix for this? I've run accross the same thing and have not been able to find a resolution.
I just tried the latest release (update 26) and the issue remains. Disabling the next generation plug-in works for me as well, but I've got over 100 very non-technical users that are confused by this extra login prompt and really need a server side solution. -
i found the Bug listed for this issue, but they claim the fix mentioned in this thread doesn't fix the problem. yet for most if not all of us... it does:
Bug 6936012: In Microsoft Internet Explorer Java Plug-In re-challenges for authentication
________________________________________
Bug Attributes
________________________________________
Type B - Defect Fixed in Product Version
Severity See FR
Status 3-Accepted
Created 18-Mar-2010
Updated 27-Jul-2011
Product Source Sun
Related Products
Fix Request Attributes:
Fix Request # 6936012/
Target
Customer Status 3-Accepted
Severity 3-Medium
Duplicate Of
Committed Version
Fixed Version
Integrated Version
Verified Version
Last Updated 2011-07-27 00:00:00 GMT+00:00
Description:
FULL PRODUCT VERSION :
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
For various versions of Microsoft Internet Explorer (MSIE), the Java Plug-In (various versions of recent Java 6 Updates, including 18) re-challenges for authentication when an applet makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. [This web site is the source of the applet as well.] This occurs despite having checked the "Remember my password" checkbox in the browser authentication dialog.
We have had numerous customer complaints about this with MSIE 6, 7, and 8. Internally this has only been reproduced with MSIE 7 and HTTPS.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Write an applet that makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. Test the applet in various MSIE versions with HTTP and HTTPS, checking the "Remember my password" checkbox in the browser authentication dialog.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet should re-use the authentication credentials already established by the browser.
ACTUAL -
The applet re-challenges for authentication -- causing great user annoyance and frustration.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
This works fine in Firefox, but that's not acceptable to many customers.
This reportedly occurs irrespective of whether the next generation plug-in is enabled or not.
Date Modified 2010-03-18 00:00:00 GMT+00:00
Back to top
This discussion has been closed.