Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6955280

Java Plug-in fails to remember the password for some resource

    Details

    • Subcomponent:
    • Resolved In Build:
      b02
    • CPU:
      x86
    • OS:
      windows_xp

      Backports

        Description

        J2SE Version (please include all output from java -version flag):
        6u20
         

        Does this problem occur on J2SE 1.4.x or 5.0.x or 6.0?Yes / No (pick one)
        Yes


        Operating System Configuration Information (be specific):
        Windows


        Bug Description:


        There is an issue where the "remember my password" checkbox at the browser level was
        insufficient
        to avoid being authenticated by both the browser and the Java Plug-In.
        The similar checkbox
        at the Java Plug-In level was there specifically to address the
        inability to reliably obtain
        such information from the browser.

        Some customers raise the issue that using *both* checkboxes is insufficent for them
        to avoid
        having to re-authenticate with each Java Plug-In VM (for a given
        authenticated resource).

        With some further testing it appears that the Java Plug-In fails to remember the
        password for some resources.

        Attached a simple test case as test.zip (the Java source is in TestApplet.java),
        the target
        resource and the tested configuration (protocols and browsers used).

        To use this:

           1. Unzip this into an expanded web app doc base.
           2. In the HTML files resulting from the expansion, replace "jmholle03l.ptcnet.ptc.com/PDMLinkX20" with your web site hostname/port and web app name.
           3. Expose/host/deploy this doc base via HTTP
           4. Require basic authentication (using the same realm) on
                  * servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login
                  * Note that this is a static file simulating a servlet URL. I am not using a servlet in this test so as to show that this is purely a matter of the URL involved, not the servlet.
           5. Try appletTest1.html
                  * Select the Java checkbox to remember the password.
                  * Exit the browser and try again.
                  * We see a Java authentication prompt even though the checkbox was checked the previous time. This should not occur and is the customer complaint.
           6. Try again for appletTest2.html as desired

        The really odd thing here is that Java Plug-In will remember the credentials for some
        URLs and utterly
        fails to do so for other URLs. It does not appear to be a matter of
        different reponse headers or
        any such issue -- rather purely one of the URL involved.
         
        One can require authenticated for the
        web app's test/testResource.txt resource and
        change the applet's "url" parameter to refer to it
        rather than to
        servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login and one will see that
         
        in this case the Java Plug-In manages to remember the credentials just fine.

        This is with Java 6 Update 20, but believe the customer reports are from older
        Java 6 (and/or Java 5) versions.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dgu Dennis Gu (Inactive)
                  Reporter:
                  tyao Ting-Yun Ingrid Yao (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: