JDK-4909838 : Java plug-in shouldn't create a new http connection to download applet
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 1.4.1,1.4.2
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2003-08-20
  • Updated: 2003-12-25
  • Resolved: 2003-12-25
Related Reports
Duplicate :  
Description

Name: gm110360			Date: 08/20/2003


A DESCRIPTION OF THE REQUEST :
When you open a web page in your browser that runs an applet using the java plug-in, the plug-in creates a new http connection in order to download the class files etc. causing multiple and serious problems:

1. If you are using a proxy, the plug-in prompts for user and password.
2. If you access the web page using https with client authentication it JUST DOESN'T WORK.

With plug-in versions 1.3 and previous class files were downloaded using the browser's connection and everything worked fine (no matter http, https, or https with client certificate authentication).

Many people are finding this problem (all developers using the java plug-in) and workarounds like loading the client certificate in a keystore are just not an option for many applications.

What me and many other people are asking for is MAKE IT WORK AS IT DID BEFORE. If you want to make the plug-in capable of downloading classfiles through a new connection make it OPTIONAL and CONFIGURABLE.

Downloading classfiles through e new connection may me useful in some situations but for the vast majority of us it is just a NIGHTMARE.

JUSTIFICATION :
With current version of the plug-in nobody will ever be able to use applets in a web server using https with client authentication.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Applets should download the applet's class files using the browser's connection (no matter http, https or https with client authentication). Just as it did in previous versions of the plug-in and transparent for the user.

Using a new connection might be an option that can be activated through control panel.
ACTUAL -
Java plug-in creates a new connection in order to download an Applet's class files. In many situations this causes the inconvenience of re-entering user and password (proxy) and if https with client certificate authentication is used it just doest work.



---------- BEGIN SOURCE ----------
Any applet causes this problem, actual source code is not relevant.
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
  To my knowldge there are no workarounds.
(Incident Review ID: 185369) 
======================================================================

Comments
EVALUATION We aren't using Browser's connnection to download the applet's class file starting with JRE 1.4. This won't be changed in the near future. At the same time, the client authentication with https connection will be supported by JSSE api in JRE 1.4. We provide a keystore for client authentication in JRE 1.5 ###@###.### 2003-09-16 Please also see 4943729. Starting in Java 1.4, the Java Plug-in depends on the JSSE (Java Secure Socket Extension) library for security. This library is more full featured and provides a higher level of security than our supported web browsers, and is more adaptable to current market needs. Java Plug-in will not be reverting to the browser support for security reasons. However, we are working aggressively to resolve the root cause of this bug and several related issues. The resolution is non-trivial and requires changes in the browser and support from Microsoft. We consider this bug to be one of our highest priorities. We will be closing this as a duplicate of 4943729, which we are tracking for the current release. ###@###.### 2003-12-25
25-12-2003