hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1748) When run in java applet, SystemDefaultCredentialsProvider fails to get authentication from Authenticator
Date Sat, 25 Jun 2016 16:46:37 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15349715#comment-15349715
] 

ASF GitHub Bot commented on HTTPCLIENT-1748:
--------------------------------------------

Github user sebastiencaille commented on the issue:

    https://github.com/apache/httpclient/pull/52
  
    Hello
    
    At first I tried to provide the proxy's url, but the applet was always asking for credentials.
    It works fine when I provide the request URI.
    Then, according to a breakpoint I put in Authenticator.requestPasswordAuthentication,
the applet plugin uses the url of the jar files it wants to download.
    
    I just checked the code of the openjdk... It looks like they are doing that, too 
    http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/net/www/protocol/http/HttpURLConnection.java#HttpURLConnection.getHttpProxyAuthentication%28sun.net.www.protocol.http.AuthenticationHeader%29
(line 2223)
    
    My guess is that the other parameters are sufficient to define the realm of the auth challenge.
That one is probably used to strengthen the security in some use cases (eg to reduce the risks
of cross domain calls).
    
    By the way, it looks like providing HTTP_TARGET_HOST is sufficient to fix my use case,
but strictly speaking it should be the entire request URI (but at the moment I don't know
how to get that one)...
    
    Sebastien



> When run in java applet, SystemDefaultCredentialsProvider fails to get authentication
from Authenticator
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1748
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1748
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5
>         Environment: Windows, application running in a java applet started by firefox,
connection to a remote server via a squid proxy with basic authentication
>            Reporter: S├ębastien Caille
>            Priority: Trivial
>
> Hello,
> The java applets are deprecated, but the issue may impact other use cases.
> During a POST call made from a java applet via a proxy server with basic authentication,
SystemDefaultCredentialsProvider.getSystemCreds(...) calls Authenticator.requestPasswordAuthentication,
which wrongly returns "null" authentication.
> The java applet console shows that a NullPointerException was ignored.
> I managed to fix the issue by providing the following values to Authenticator.requestPasswordAuthentication
(getSystemCreds is currently providing null for those ones ):
>   prompt = authscope.getRealm()
>   url = context.getAttribute(HttpClientContext.HTTP_TARGET_HOST)
> Both values are needed ( prompt == null && url != null -> dialog box asking
for credentials, prompt != null && url == null -> crashes firefox)
> Note that when downloading the applet jar files, the java is providing values for all
the parameters of Authenticator.requestPasswordAuthentication (according to a breakpoint in
requestPasswordAuthentication).
> Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message