You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Fernando Mato Mira (JIRA)" <ax...@ws.apache.org> on 2006/02/10 15:26:56 UTC

[jira] Commented: (AXIS-790) Unusable with Java Web Start + Authenticating Proxies

    [ http://issues.apache.org/jira/browse/AXIS-790?page=comments#action_12365898 ] 

Fernando Mato Mira commented on AXIS-790:
-----------------------------------------

BTW, this works for HTTP and HTTPS with basic proxy authentication. But with digest proxy authentication only HTTP works.
NTLM proxy authentication has not been tested yet.

> Unusable with Java Web Start + Authenticating Proxies
> -----------------------------------------------------
>
>          Key: AXIS-790
>          URL: http://issues.apache.org/jira/browse/AXIS-790
>      Project: Apache Axis
>         Type: Bug
>   Components: Basic Architecture
>     Versions: 1.1rc2
>  Environment: Operating System: Other
> Platform: Other
>     Reporter: Bruno Melloni
>     Assignee: Axis Developers Mailing List
>  Attachments: SimpleHTTPSender.java, URLConnectionHTTPSender.java
>
> This problem prevents distributing any Java Web Start clients that rely on Axis
> (or the older Apache SOAP) to the general public, where we have no control over
> what kind of HTTP proxy is at the end-user's site.
> DESCRIPTION:
> When using an http proxy that requires username/password authentication Axis
> requires that the application supply such information.  
> Java Web Start's philosophy is to handle all proxy management (and user
> prompting) itself and makes the proxy invisible when using an HttpURLConnection.
>  Because of that philosophy, it does not provide a mechanism to obtain the
> username/password.
> Using Authenticator.requestPasswordAuthentication() would provide such
> information but result in double-prompting the user for username/password.  I
> found a workaround to avoid the double-prompting, but the feature exploited will
> disappear in JDK 1.4.2 because Sun considers it a security flaw.
> If needed, there is additional detail in forum posting: "BUG: Axis + Java Web
> Start + Authenticating Proxies".  Feel free to contact me if you need further
> explanations or sample code.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira