You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Fernando Mato Mira (JIRA)" <ax...@ws.apache.org> on 2006/02/10 15:13:56 UTC
[jira] Updated: (AXIS-790) Unusable with Java Web Start +
Authenticating Proxies
[ http://issues.apache.org/jira/browse/AXIS-790?page=all ]
Fernando Mato Mira updated AXIS-790:
------------------------------------
Attachment: URLConnectionHTTPSender.java
The previously attached HTTPSender.java was only a proof of concept. It only handled SOAP responses.
I have fleshed out a bit more by adapting code from HTTPSender.java
Now it supports:
- Basic authentication
- Cookies
- More response codes
I have tested it and it works well so far.
> Unusable with Java Web Start + Authenticating Proxies
> -----------------------------------------------------
>
> Key: AXIS-790
> URL: http://issues.apache.org/jira/browse/AXIS-790
> Project: Apache Axis
> Type: Bug
> Components: Basic Architecture
> Versions: 1.1rc2
> Environment: Operating System: Other
> Platform: Other
> Reporter: Bruno Melloni
> Assignee: Axis Developers Mailing List
> Attachments: SimpleHTTPSender.java, URLConnectionHTTPSender.java
>
> This problem prevents distributing any Java Web Start clients that rely on Axis
> (or the older Apache SOAP) to the general public, where we have no control over
> what kind of HTTP proxy is at the end-user's site.
> DESCRIPTION:
> When using an http proxy that requires username/password authentication Axis
> requires that the application supply such information.
> Java Web Start's philosophy is to handle all proxy management (and user
> prompting) itself and makes the proxy invisible when using an HttpURLConnection.
> Because of that philosophy, it does not provide a mechanism to obtain the
> username/password.
> Using Authenticator.requestPasswordAuthentication() would provide such
> information but result in double-prompting the user for username/password. I
> found a workaround to avoid the double-prompting, but the feature exploited will
> disappear in JDK 1.4.2 because Sun considers it a security flaw.
> If needed, there is additional detail in forum posting: "BUG: Axis + Java Web
> Start + Authenticating Proxies". Feel free to contact me if you need further
> explanations or sample code.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira