Return-Path: Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 1863 invoked by uid 500); 3 Apr 2003 14:08:09 -0000 Mailing-List: contact axis-dev-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-dev@ws.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list axis-dev@ws.apache.org Received: (qmail 1854 invoked from network); 3 Apr 2003 14:08:09 -0000 Date: 3 Apr 2003 14:09:58 -0000 Message-ID: <20030403140958.21101.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: axis-dev@ws.apache.org Cc: Subject: DO NOT REPLY [Bug 18657] New: - Unusable with Java Web Start + Authenticating Proxies X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18657 Unusable with Java Web Start + Authenticating Proxies Summary: Unusable with Java Web Start + Authenticating Proxies Product: Axis Version: 1.1rc2 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: Basic Architecture AssignedTo: axis-dev@ws.apache.org ReportedBy: bruno.melloni@nokia.com This problem prevents distributing any Java Web Start clients that rely on Axis (or the older Apache SOAP) to the general public, where we have no control over what kind of HTTP proxy is at the end-user's site. DESCRIPTION: When using an http proxy that requires username/password authentication Axis requires that the application supply such information. Java Web Start's philosophy is to handle all proxy management (and user prompting) itself and makes the proxy invisible when using an HttpURLConnection. Because of that philosophy, it does not provide a mechanism to obtain the username/password. Using Authenticator.requestPasswordAuthentication() would provide such information but result in double-prompting the user for username/password. I found a workaround to avoid the double-prompting, but the feature exploited will disappear in JDK 1.4.2 because Sun considers it a security flaw. If needed, there is additional detail in forum posting: "BUG: Axis + Java Web Start + Authenticating Proxies". Feel free to contact me if you need further explanations or sample code.