JDK-6955280 : Java Plug-in fails to remember the password for some resource
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 6u18,6u20
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2010-05-24
  • Updated: 2010-10-11
  • Resolved: 2010-10-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u23 b02Fixed 7Fixed
Related Reports
Duplicate :  
JDK-6933092 - re-authenticate java Plugin when runing MS IE
Relates :  
JDK-7006861 - RFE: credential expiration to be a preference one can adjust via Java Control panel
Description
������J2SE Version (please include all output from java -version flag):
6u20
 

Does this problem occur on J2SE 1.4.x or 5.0.x or 6.0?Yes / No (pick one)
Yes


Operating System Configuration Information (be specific):
Windows


Bug Description:


There is an issue where the "remember my password" checkbox at the browser level was
insufficient 
to avoid being authenticated by both the browser and the Java Plug-In.
The similar checkbox 
at the Java Plug-In level was there specifically to address the
inability to reliably obtain 
such information from the browser.

Some customers raise the issue that using *both* checkboxes is insufficent for them
to avoid 
having to re-authenticate with each Java Plug-In VM (for a given
authenticated resource).

With some further testing it appears that the Java Plug-In fails to remember the
password for some resources.

Attached a simple test case as test.zip (the Java source is in TestApplet.java), 
the target 
resource and the tested configuration (protocols and browsers used).  

To use this:

   1. Unzip this into an expanded web app doc base.
   2. In the HTML files resulting from the expansion, replace "jmholle03l.ptcnet.ptc.com/PDMLinkX20" with your web site hostname/port and web app name.
   3. Expose/host/deploy this doc base via HTTP
   4. Require basic authentication (using the same realm) on
          * servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login
          * Note that this is a static file simulating a servlet URL.  I am not using a servlet in this test so as to show that this is purely a matter of the URL involved, not the servlet.
   5. Try appletTest1.html
          * Select the Java checkbox to remember the password.
          * Exit the browser and try again.
          * We see a Java authentication prompt even though the checkbox was checked the previous time.  This should not occur and is the customer complaint.
   6. Try again for appletTest2.html as desired

The really odd thing here is that Java Plug-In will remember the credentials for some
URLs and utterly 
fails to do so for other URLs.  It does not appear to be a matter of
different reponse headers or 
any such issue -- rather purely one of the URL involved.
 
One can require authenticated for the 
web app's test/testResource.txt resource and
change the applet's "url" parameter to refer to it 
rather than to
servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login and one will see that
 
in this case the Java Plug-In manages to remember the credentials just fine.

This is with Java 6 Update 20, but believe the customer reports are from older 
Java 6 (and/or Java 5) versions.
Comments
EVALUATION I have host the test applet on my own https webserver with BasicAuthentication is on: https://129.148.174.126/httpsSecurity/BasicSecurity/6955280/test/appletTest1.html https://129.148.174.126/httpsSecurity/BasicSecurity/6955280/test/appletTest2.html Both above testcase work fine when checkbox is checked.
25-05-2010