You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Fernando Mato Mira (JIRA)" <ax...@ws.apache.org> on 2006/02/10 15:26:56 UTC
[jira] Commented: (AXIS-790) Unusable with Java Web Start +
Authenticating Proxies
[ http://issues.apache.org/jira/browse/AXIS-790?page=comments#action_12365898 ]
Fernando Mato Mira commented on AXIS-790:
-----------------------------------------
BTW, this works for HTTP and HTTPS with basic proxy authentication. But with digest proxy authentication only HTTP works.
NTLM proxy authentication has not been tested yet.
> Unusable with Java Web Start + Authenticating Proxies
> -----------------------------------------------------
>
> Key: AXIS-790
> URL: http://issues.apache.org/jira/browse/AXIS-790
> Project: Apache Axis
> Type: Bug
> Components: Basic Architecture
> Versions: 1.1rc2
> Environment: Operating System: Other
> Platform: Other
> Reporter: Bruno Melloni
> Assignee: Axis Developers Mailing List
> Attachments: SimpleHTTPSender.java, URLConnectionHTTPSender.java
>
> This problem prevents distributing any Java Web Start clients that rely on Axis
> (or the older Apache SOAP) to the general public, where we have no control over
> what kind of HTTP proxy is at the end-user's site.
> DESCRIPTION:
> When using an http proxy that requires username/password authentication Axis
> requires that the application supply such information.
> Java Web Start's philosophy is to handle all proxy management (and user
> prompting) itself and makes the proxy invisible when using an HttpURLConnection.
> Because of that philosophy, it does not provide a mechanism to obtain the
> username/password.
> Using Authenticator.requestPasswordAuthentication() would provide such
> information but result in double-prompting the user for username/password. I
> found a workaround to avoid the double-prompting, but the feature exploited will
> disappear in JDK 1.4.2 because Sun considers it a security flaw.
> If needed, there is additional detail in forum posting: "BUG: Axis + Java Web
> Start + Authenticating Proxies". Feel free to contact me if you need further
> explanations or sample code.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira