JDK-4857110 : NTLM authentication must be transparent for users
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 1.4.1,1.4.2
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_8,windows_2000,windows_xp
  • CPU: x86,sparc
  • Submitted: 2003-05-01
  • Updated: 2003-09-19
  • Resolved: 2003-08-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2_02 02Fixed
Related Reports
Duplicate :  
Description
Name: nt126004			Date: 05/01/2003


FULL PRODUCT VERSION :
JDK 1.4.2-beta


FULL OS VERSION :
Microsoft Windows 2000 [Version 5.00.2195]

A DESCRIPTION OF THE PROBLEM :
The bug 4423881 has been finally fixed in JDK 1.4.2
http://developer.java.sun.com/developer/bugParade/bugs/4423881.html

However, the way it's fixed in JDK1.4.2 is not a fix but rather a workaround.
Users are asked to enter NT account information in order to use Plugin-based applets while they really don't have to while browsing regular pages and applets running in the native Microsoft JVM.

JRE has to support NTLM transparently for users. Security context should be taken from the current process and serialized via SSPI.




REPRODUCIBILITY :
This bug can be reproduced always.
(Review ID: 185108) 
======================================================================

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.2_02 tiger FIXED IN: 1.4.2_02 tiger INTEGRATED IN: 1.4.2_02 tiger tiger-b22
28-09-2004

EVALUATION commit this bug to 1.4.2_02 ###@###.### 2003-06-06 1.4.2_02 will be available before end of 2003. ###@###.### 2003-06-09 The fix to this bug involves extracting the current logged in users credentials from the OS when an NTLM challenge from a server or proxy occurs. This username/password is used (without prompting the user ie. not calling the applications Authenticator). If this attempt fails (such as if the account is not recognised) then it falls back to the old mechanism, which involves callng the Authenticator so that the user can type in a different username/password. This bug has been fixed as described above in: 1.4.2_02 ==> to be released before end of 2003 and 1.5.0 ==> to be released in 2004 ###@###.### 2003-07-23
23-07-2003

SUGGESTED FIX http://jpsesvr.sfbay.sun.com:8080/ctetools/html/ViewDetail.jsp?index=726 ###@###.### 2003-07-16
16-07-2003