FULL PRODUCT VERSION :
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
For various versions of Microsoft Internet Explorer (MSIE), the Java Plug-In (various versions of recent Java 6 Updates, including 18) re-challenges for authentication when an applet makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. [This web site is the source of the applet as well.] This occurs despite having checked the "Remember my password" checkbox in the browser authentication dialog.
We have had numerous customer complaints about this with MSIE 6, 7, and 8. Internally this has only been reproduced with MSIE 7 and HTTPS.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Write an applet that makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. Test the applet in various MSIE versions with HTTP and HTTPS, checking the "Remember my password" checkbox in the browser authentication dialog.
EXPECTED VERSUS ACTUAL BEHAVIOR :
The applet should re-use the authentication credentials already established by the browser.
The applet re-challenges for authentication -- causing great user annoyance and frustration.
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
This works fine in Firefox, but that's not acceptable to many customers.
This reportedly occurs irrespective of whether the next generation plug-in is enabled or not.