United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6450654 JNLP app download hangs when BASIC authenticating through HTTPS tunnel.
JDK-6450654 : JNLP app download hangs when BASIC authenticating through HTTPS tunnel.

Details
Type:
Bug
Submit Date:
2006-07-19
Status:
Resolved
Updated Date:
2010-04-04
Project Name:
JDK
Resolved Date:
2006-08-23
Component:
deploy
OS:
windows_2000
Sub-Component:
webstart
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:

Related Reports
Duplicate:

Sub Tasks

Description
FULL PRODUCT VERSION :
Java WebStart is  from Java 6.0 beta b59g. JNLP app runs on installed JRE Java 1.4.2_03.

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows 2000 [Version 5.00.2195]

A DESCRIPTION OF THE PROBLEM :
When a JNLP URL is protected by basic authentication and the URL is an HTTPS URL, WebStart hangs when trying to launch the application. Stack trace below.

This worked in Java 1.4.2 WebStart and Java 1.5 WebStart.

WebStart log shows a stack trace:

<?xml version="1.0" encoding="windows-1252" standalone="no"?>
<!DOCTYPE log SYSTEM "logger.dtd">
<log>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681843</millis>
  <sequence>0</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>java.lang.NoSuchMethodError: java.lang.String.contains(Ljava/lang/CharSequence;)Z
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>1</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.security.CredentialInfo.setUserName(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>2</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.ui.UIFactory$4.execute(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>3</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.javaws.ui.JavawsSysRun.delegate(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>4</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.util.DeploySysRun.execute(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>5</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.util.DeploySysRun$1.run(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>6</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at java.security.AccessController.doPrivileged(Native Method)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>7</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.util.DeploySysRun.executePrivileged(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>8</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.ui.UIFactory.showPasswordDialog(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>9</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.security.DeployAuthenticator.openDialog(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>10</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.deploy.security.DeployAuthenticator.getPasswordAuthentication(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>11</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at com.sun.javaws.JAuthenticator.getPasswordAuthentication(Unknown Source)
</message>
</record>
<record>
  <date>2006-06-12T12:34:41</date>
  <millis>1150133681859</millis>
  <sequence>12</sequence>
  <logger>com.sun.deploy</logger>
  <level>FINE</level>
  <class>com.sun.deploy.util.LoggerTraceListener</class>
  <method>print</method>
  <thread>10</thread>
  <message>	at java.net.Authenticator.requestPasswordAuthentication(Unknown Source)

...

Squid log shows that a connection to the proxy was made by WebStart before the BASIC Auth dialog is popped up.

131.124.0.31 - - [12/Jun/2006:12:23:45 -0500] "CONNECT foo.bar.com:443 HTTP/1.1" 200 4621 TCP_MISS:DIRECT [Accept-Encoding: gzip\r\nUser-Agent: JNLP/6.0 javaws/1.6.0-beta (beta-b59g) Java/1.4.2_03\r\nUA-Java-Version: 1.4.2_03\r\nHost: cmac2.verizon.com\r\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n] []

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
In the browser, we click on the JNLP link. The link is an HTTPS URL, and the URL is protected by basic authentication. Java WebStart correctly puts up the basic authentication dialog. However, when we enter the user ID and password, the dialog just goes away and the JAR files are not downloaded. See the stack trace above.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expect application to launch.
ACTUAL -
Application download dialog does not come up. The application fails to launch.

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
None found yet.

Release Regression From : 5.0
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

Release Regression From : 5.0
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

                                    

Comments
EVALUATION

We have a testcase applet running on basic authentication server through HTTPS tunnel, it works fine with Mustang b59b and Mustang beta2.

I would like to run your testcase on:
https://cmac2.verizon.com/jnlp/enterprise.jnlp

Please provide username and password so that I can access it.

I noticed you are using old JRE 1.4.2_03 within Mustang Java webstart, can you reproduce the bug if using the latest JRE inside Mustang Java webstart?
                                     
2006-07-20
EVALUATION

I can reproduce the exact same set of exceptions trying to run the most simple application with 1.4.2 jre using our Basic Authenticating server.

try: http://dispensable.east/BasicSecurity/hello/hello.jnlp
                                     
2006-08-11
EVALUATION

This bug will be fixed in Mustang B97. This is due a new feature added in Mustang for avoid mulit-password dialog box popup for basic authentication, it use one new API in JSSE which only available in JRE 5 and later. If you are using JWS in Mustang but old JRE 1.4.2, the API isn't exist and will failed.
                                     
2006-08-17



Hardware and Software, Engineered to Work Together