JDK-8046211 : Authentication Required prompts when SSL is used
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 7u55,8,9
  • Priority: P3
  • Status: Closed
  • Resolution: Incomplete
  • OS: windows_7
  • CPU: x86
  • Submitted: 2014-06-03
  • Updated: 2015-06-22
  • Resolved: 2014-07-14
Related Reports
Relates :  
JDK-8129936 - Extra HTTP call fired from the Java plugin
Description
FULL PRODUCT VERSION :
1.7.0_55

ADDITIONAL OS VERSION INFORMATION :
Windows 7

EXTRA RELEVANT SYSTEM CONFIGURATION :
Tomcat configured with SSL

A DESCRIPTION OF THE PROBLEM :
While opening JNLP applications from SSL configured tomcat server.
Java web start asking for Authentication Required.
Cancel also proceeds further, But it is causing inconvenience to users
If you choose remember password it will not pop up next time
But user don't want to save password details in Java runtime.


REGRESSION.  Last worked in version 7u51

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Configure tomcat with SSL
Open a JNLP client from a browser
The Java web start pops up with Authentication Required dialog.


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
As browser already authenticated the web application
Java runtime should not ask for authentication again.

ACTUAL -
Java runtime asking from authentication "Authentication Required"


REPRODUCIBILITY :
This bug can be reproduced always.
Comments
No response was received from the submitter. As there is not enough information in this report to make headway it is being closed. If this issue is seen, please open a new report with all necessary information. This report ID can be referenced.
14-07-2014
Mail has been sent to the submitter (Richard Kettelerij), asking for reproducible test case to proceed further.
24-06-2014
Justification for closing as Won't Fix: When running Java Web Start app, we try to get login\passwd from IE storage using com.sun.deploy.security.WIExplorerBrowserAuthenticator class(that calls native methods to find stored password). That's a very old code. As far as I understand this can work for IE6 and lower, because from IE7 and above, the passwords are stored in an unrecoverable way, so we should not be able to import them. According that, I suppose we should close it as "Won't Fix" (as we had same behavior for old versions also). If you can reproduce that case when we re-use browser password for new IE and 7u51 - please reopen the bug and add detailed description how to configure jre(deployment.properties), Tomcat, IE.
20-06-2014