axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18657] New: - Unusable with Java Web Start + Authenticating Proxies
Date Thu, 03 Apr 2003 14:09:58 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18657>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18657

Unusable with Java Web Start + Authenticating Proxies

           Summary: Unusable with Java Web Start + Authenticating Proxies
           Product: Axis
           Version: 1.1rc2
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: Basic Architecture
        AssignedTo: axis-dev@ws.apache.org
        ReportedBy: bruno.melloni@nokia.com


This problem prevents distributing any Java Web Start clients that rely on Axis
(or the older Apache SOAP) to the general public, where we have no control over
what kind of HTTP proxy is at the end-user's site.

DESCRIPTION:

When using an http proxy that requires username/password authentication Axis
requires that the application supply such information.  

Java Web Start's philosophy is to handle all proxy management (and user
prompting) itself and makes the proxy invisible when using an HttpURLConnection.
 Because of that philosophy, it does not provide a mechanism to obtain the
username/password.

Using Authenticator.requestPasswordAuthentication() would provide such
information but result in double-prompting the user for username/password.  I
found a workaround to avoid the double-prompting, but the feature exploited will
disappear in JDK 1.4.2 because Sun considers it a security flaw.

If needed, there is additional detail in forum posting: "BUG: Axis + Java Web
Start + Authenticating Proxies".  Feel free to contact me if you need further
explanations or sample code.

Mime
View raw message