Bug ID: JDK-4943729 Login requires multiple proxy/server authentication

Type: Bug
Component: deploy
Sub-Component: plugin
Affected Version:
1.4.1,1.4.2,1.4.2_01,1.4.2_03,1.4.2_04 1.4.1,1.4.2,1.4.2_01,1.4.2_03,1.4.2_04

Priority: P1
Status: Closed
Resolution: Fixed
OS: generic,windows_2000,windows_xp
CPU: generic,x86

Submitted: 2003-10-25
Updated: 2004-07-12
Resolved: 2004-02-10

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other
1.4.2_05 05Fixed

Initial problem:        
When server is configured as NCSA basic authentication, 
and when user accesses to the server with IE, it pops up 
a login dialog, after user provides the right login 
credentials, the response page is sent back to browser. 
If the response page contains a java applet tag  with 
codebase pointing to an archive file on the the same 
server, jre 1.4.x will popup another login dialog, 
user has to provide username/password again to dismiss it.
 
Sun's workaround:  
Sun suggests to check the remember 
the username/password check box in the first NCSA 
authentication dialog to avoid the second JVM dialog.
It works but we have security concerns:
    The NCSA basic authentication is required by our
    single sign on feature, which is applicatable to 
    customer facing application. User can access the 
    application from any machine and if the remember 
    username/password is checked, then anyone who accesses 
    that machine can also access the saved user account 
    for that application. This is definitely not an 
    accessible behavior. We would like to have a complete 
    solution to this problem.

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.2_05 generic tiger-beta2 FIXED IN: 1.4.2_05 tiger-beta2 INTEGRATED IN: 1.4.2_05 tiger-b38 tiger-beta2 VERIFIED IN: 1.4.2_05

28-08-2004

EVALUATION I believe I have the solution for this, but need java.net team to enhance java.net.Authenticator interface. I am currently working with Michael McMahon from networking team to extend the interface to support the solution. ###@###.### 2003-11-13 Due to some issues in Windows wininet API, the solution currently does not work for proxy authentication. Microsoft initially confirmed as a bug in wininet API, then changed story to behavior as "by design". The change has been putback into tiger beta 2, should resolve multiple authentication for web server. Another bug will be open to trace proxy authentication. ###@###.### 2004-02-09

09-02-2004

Duplicate :	JDK-4909838 - Java plug-in shouldn't create a new http connection to download applet
Relates :	JDK-4518282 - RFE: Avoid multiple proxy/server authentication
Relates :	JDK-4656979 - User must authenticate twice with java plug-in 1.4.0
Relates :	JDK-4721560 - REF: Avoid multiple proxy/server authentication - Netscape