Duplicate :
|
|
Duplicate :
|
|
Relates :
|
Name: gm110360 Date: 03/22/2002 FULL PRODUCT VERSION : Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92) Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode) FULL OPERATING SYSTEM VERSION : Microsoft Windows XP [Version 5.1.2600] EXTRA RELEVANT SYSTEM CONFIGURATION : Internet Explorer 6.0 A DESCRIPTION OF THE PROBLEM : It is usually desirable when one has a password protected website to keep the jar or class files for applets in the password protected area so those without access can't obtain them and/or analyze them. This used to work just fine for me. The user would log on to the site and the applets would all load with no problem. The newest version of the plug-in (included with jre 1.4.0) now asks the user to re-authenticate with the server. This plainly sucks. Furthermore is not expected or desirable, so therefore I call it a bug. I have a website that uses Swing applets, and part of the design spec was that users only have to authenticate once. My guess of what is going on is that the web browser used to download the class files but now the plug-in does. My suggestion to you guys is either change it back or find a way to obtain the credentials from the web browser. Basic authentication is a standard authentication method and should therefore be fully supported. REGRESSION. Last worked in version 1.3.1 STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Place an html file invoking the java plug-in and the associated class or jar files on a webserver, all in an area that requires basic authentication to access from the web. Access the page, and you will be prompted once by the web browser for authentication and again by the plug-in. EXPECTED VERSUS ACTUAL BEHAVIOR : One expects to only need to log on to a website once per session, but if the site uses the java plug-in and basic authentication that is not the case. This bug can be reproduced always. CUSTOMER WORKAROUND : Use earlier version of the plug-in. If the page is generated dynamically by the server you could try to contruct a URL pointing to the source code in the applet invocation with the user's username and password; i.e. in this form "http://<username><password>@<servername><path to jar file>". but I haven't tested this. You can also use a different method of authentication that is truly session-based. (Review ID: 143637) ====================================================================== Name: gm110360 Date: 03/22/2002 FULL PRODUCT VERSION : java version "1.4.0" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92) Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode) ---------- Java(TM) Plug-in: Version 1.4.0 Using JRE version 1.4.0 Java HotSpot(TM) Client VM User home directory = C:\Documents and Settings\joen Proxy Configuration: No proxy FULL OPERATING SYSTEM VERSION : Microsoft Windows 2000 [Version 5.00.2195] EXTRA RELEVANT SYSTEM CONFIGURATION : Netscape 6.2.1 and Internet Explorer 5.5 A DESCRIPTION OF THE PROBLEM : Our site is protected by https and basic authentication. When our applet is started the login from the browser is not remembered and the user has to login again. The behaivoir is new for 1.4. This is totally unacceptable for our users and makes the new version unusable. The applet that we are using is cached and signed. REGRESSION. Last worked in version 1.3 STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : 1. Login on a site protected by basic authentication and https 2. Start a cached signed applet from the site 3. Watch the login dialog that appears EXPECTED VERSUS ACTUAL BEHAVIOR : We would expect the javaplugin to use the login that has already been entered in the browser. This bug can be reproduced always. CUSTOMER WORKAROUND : None that I have found, this is a showstopper! (Review ID: 144346) ======================================================================
|