United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-4943729 : Login requires multiple proxy/server authentication

Details
Type:
Bug
Submit Date:
2003-10-25
Status:
Closed
Updated Date:
2004-07-12
Project Name:
JDK
Resolved Date:
2004-02-10
Component:
deploy
OS:
generic,windows_xp,windows_2000
Sub-Component:
plugin
CPU:
x86,generic
Priority:
P1
Resolution:
Fixed
Affected Versions:
1.4.1,1.4.2,1.4.2_01,1.4.2_03,1.4.2_04
Fixed Versions:
1.4.2_05 (05)

Related Reports
Backport:
Duplicate:
Relates:
Relates:
Relates:

Sub Tasks

Description
Initial problem:        
When server is configured as NCSA basic authentication, 
and when user accesses to the server with IE, it pops up 
a login dialog, after user provides the right login 
credentials, the response page is sent back to browser. 
If the response page contains a java applet tag  with 
codebase pointing to an archive file on the the same 
server, jre 1.4.x will popup another login dialog, 
user has to provide username/password again to dismiss it.
 
Sun's workaround:  
Sun suggests to check the remember 
the username/password check box in the first NCSA 
authentication dialog to avoid the second JVM dialog.
It works but we have security concerns:
    The NCSA basic authentication is required by our
    single sign on feature, which is applicatable to 
    customer facing application. User can access the 
    application from any machine and if the remember 
    username/password is checked, then anyone who accesses 
    that machine can also access the saved user account 
    for that application. This is definitely not an 
    accessible behavior. We would like to have a complete 
    solution to this problem.

                                    

Comments
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
1.4.2_05
generic
tiger-beta2

FIXED IN:
1.4.2_05
tiger-beta2

INTEGRATED IN:
1.4.2_05
tiger-b38
tiger-beta2

VERIFIED IN:
1.4.2_05


                                     
2004-08-28
EVALUATION

I believe I have the solution for this, but need java.net team to enhance java.net.Authenticator interface.

I am currently working with Michael McMahon from networking team to extend the interface to support the solution.

###@###.### 2003-11-13

Due to some issues in Windows wininet API, the solution currently does not work for proxy authentication.

Microsoft initially confirmed as a bug in wininet API, then changed story to behavior as "by design".

The change has been putback into tiger beta 2, should resolve multiple authentication for web server. Another bug will be open to trace proxy authentication.

###@###.### 2004-02-09
                                     
2004-02-09



Hardware and Software, Engineered to Work Together