JDK-4943729 : Login requires multiple proxy/server authentication
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version:
    1.4.1,1.4.2,1.4.2_01,1.4.2_03,1.4.2_04 1.4.1,1.4.2,1.4.2_01,1.4.2_03,1.4.2_04
  • Priority: P1
  • Status: Closed
  • Resolution: Fixed
  • OS: generic,windows_2000,windows_xp
  • CPU: generic,x86
  • Submitted: 2003-10-25
  • Updated: 2004-07-12
  • Resolved: 2004-02-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
1.4.2_05 05Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
Relates :  
Initial problem:        
When server is configured as NCSA basic authentication, 
and when user accesses to the server with IE, it pops up 
a login dialog, after user provides the right login 
credentials, the response page is sent back to browser. 
If the response page contains a java applet tag  with 
codebase pointing to an archive file on the the same 
server, jre 1.4.x will popup another login dialog, 
user has to provide username/password again to dismiss it.
Sun's workaround:  
Sun suggests to check the remember 
the username/password check box in the first NCSA 
authentication dialog to avoid the second JVM dialog.
It works but we have security concerns:
    The NCSA basic authentication is required by our
    single sign on feature, which is applicatable to 
    customer facing application. User can access the 
    application from any machine and if the remember 
    username/password is checked, then anyone who accesses 
    that machine can also access the saved user account 
    for that application. This is definitely not an 
    accessible behavior. We would like to have a complete 
    solution to this problem.

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.2_05 generic tiger-beta2 FIXED IN: 1.4.2_05 tiger-beta2 INTEGRATED IN: 1.4.2_05 tiger-b38 tiger-beta2 VERIFIED IN: 1.4.2_05

EVALUATION I believe I have the solution for this, but need java.net team to enhance java.net.Authenticator interface. I am currently working with Michael McMahon from networking team to extend the interface to support the solution. ###@###.### 2003-11-13 Due to some issues in Windows wininet API, the solution currently does not work for proxy authentication. Microsoft initially confirmed as a bug in wininet API, then changed story to behavior as "by design". The change has been putback into tiger beta 2, should resolve multiple authentication for web server. Another bug will be open to trace proxy authentication. ###@###.### 2004-02-09