You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by bu...@apache.org on 2003/04/03 16:09:58 UTC
DO NOT REPLY [Bug 18657] New: -
Unusable with Java Web Start + Authenticating Proxies
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18657>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18657
Unusable with Java Web Start + Authenticating Proxies
Summary: Unusable with Java Web Start + Authenticating Proxies
Product: Axis
Version: 1.1rc2
Platform: Other
OS/Version: Other
Status: NEW
Severity: Critical
Priority: Other
Component: Basic Architecture
AssignedTo: axis-dev@ws.apache.org
ReportedBy: bruno.melloni@nokia.com
This problem prevents distributing any Java Web Start clients that rely on Axis
(or the older Apache SOAP) to the general public, where we have no control over
what kind of HTTP proxy is at the end-user's site.
DESCRIPTION:
When using an http proxy that requires username/password authentication Axis
requires that the application supply such information.
Java Web Start's philosophy is to handle all proxy management (and user
prompting) itself and makes the proxy invisible when using an HttpURLConnection.
Because of that philosophy, it does not provide a mechanism to obtain the
username/password.
Using Authenticator.requestPasswordAuthentication() would provide such
information but result in double-prompting the user for username/password. I
found a workaround to avoid the double-prompting, but the feature exploited will
disappear in JDK 1.4.2 because Sun considers it a security flaw.
If needed, there is additional detail in forum posting: "BUG: Axis + Java Web
Start + Authenticating Proxies". Feel free to contact me if you need further
explanations or sample code.