CODEWITHSUNDEEP
javaauthenticationapplet
griZZZly8
griZZZly8

Reputation: 694

Applet loading authentication

I have a web site running on IIS 7.5 with integrated Windows authentication. In /Content folder (with anonymous access) there is an applet - MyApplet.jar. When using this applet, Java shows "Authentication required" popup (and this popup does not remember my password even if I check "remember" check-box).

Is there any way to remove this window?

This is Java console before loading applet:

network: Cache entry not found [url: http://192.168.10.136/Web/Examination.mvc/Details/PatientEHR/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration, version: null]
network: Connecting http://192.168.10.136/Web/Examination.mvc/Details/PatientEHR/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration with proxy=DIRECT
network: Connecting http://192.168.10.136:80/ with proxy=DIRECT
network: Connecting http://192.168.10.136/Web/Examination.mvc/Details/PatientEHR/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration with cookie "JCP-store=HDImageStore; JCP-key=Inf_WOPass"
network: Firewall authentication: site=/192.168.10.136:80, protocol=http, prompt=, scheme=ntlm

Upvotes: 2

Views: 7697

Answers (2)

Anthony
Anthony

Reputation: 1333

I looks like your Applet is doing some XML parsing. If so, what is happening is that Java is looking for a XML parser (with getClass().getResource(...)) and as the path of your applet, it will perform a HTTP request to your server.

To prevent it you may want to define the XML parser in the init method of your applet with

 Class.forName("com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl");
 System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl");

Since Java6u10 you also have the option to remove the path of your Applet from the classpath (but not the Applet) with 

<APPLET ...>
    <PARAM name="codebase_lookup" value="false">
</APPLET>

Anthony

Upvotes: 2

Sheepy
Sheepy

Reputation: 18005

From my limited experience and research this has more to do with client-side java bridge rather then server-side. You can try to disable next-generation plugins on client machine to see whether it helps.

Windows: Control Panel > Java > Advanced tab > Java Plug-in > (uncheck) Enable the next generation...

If that doesn't work, or it is not feasible to modify client settings, as a workaround you can exclude the applets from authentication. The applet can call javascript to communicate with server which is carried out by the browser, thus avoiding the dreaded java authentication dialog. As long as your business logic is on the server with proper checking and authentication (they should) it shouldn't post a security risk.

Upvotes: 0

Related Questions