JDK-4663123 : handling of password-protected content is inconsistent and inappropriate
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 1.0.1
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2000
  • CPU: x86
  • Submitted: 2002-04-04
  • Updated: 2002-04-08
  • Resolved: 2002-04-08
Related Reports
Duplicate :  
Description

Name: nt126004			Date: 04/04/2002


FULL PRODUCT VERSION :
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)

FULL OPERATING SYSTEM VERSION :
Microsoft Windows 2000 [Version 5.00.2195]

EXTRA RELEVANT SYSTEM CONFIGURATION :
Webserver - apache

A DESCRIPTION OF THE PROBLEM :
The product that I am designing requires restricted
access.  I am trying to use "basic" HTTP authentication for
this purpose.  When the cache is clear, downloading
(running) the application from a secure webserver directory
works fine.  The user is prompted for the username/password
before the app runs.

When the cache is not empty, however, the cached contents
will be launched before the user has a chance to enter the
username / password.

This is not acceptible for this application.  The user
needs a way to know that the app is up-to-date, and a
transparent mechanism for getting it to be up-to-date if it
is not.  This is the case for no-authenticated apps, and it
needs to be true for authenticated apps as well.

Preferably, the jws client would wait for the username and
password to proceed.  Ideally, this information would be
stored locally, to avoid asking the user for this
information repeatedly.
  
Please see "Expected and Actual Results" for more details.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. create a webstart app
2. install the app on a webserver
3. password-protect the folder the installation resides in
using HTTP "basic" authentication
4. attempt to run the app using the jws client

EXPECTED VERSUS ACTUAL BEHAVIOR :
Expected:

A dialog should pop up requesting the required username and
password.  The user should have the options "OK", "CANCEL",
and "RUN CACHED VERSION", with the following results: "OK" -
- attempt to download the app using the username and
password provided; "CANCEL" -- do not run the app; "RUN
CACHED" -- do not attempt to download the new version of
the app, and run the cached version instead.  No download
should proceed until this dialog has finished.

Actual:

A dialog appears with "OK" and "CANCEL" options.  If there
is a cached version of the app available, it starts
immediately, regardless of user input.  Attempting to
launch the app a second time may result in more desireable
behavior.  The app may wait for user input (entering
username & password) before launching the (new version of
the) app.


This bug can be reproduced always.

CUSTOMER WORKAROUND :
Close the application and try to launch it a second time.
(Review ID: 144312) 
======================================================================