[ http://issues.apache.org/jira/browse/AXIS-790?page=comments#action_12365898 ]
Fernando Mato Mira commented on AXIS-790: ----------------------------------------- BTW, this works for HTTP and HTTPS with basic proxy authentication. But with digest proxy authentication only HTTP works. NTLM proxy authentication has not been tested yet. > Unusable with Java Web Start + Authenticating Proxies > ----------------------------------------------------- > > Key: AXIS-790 > URL: http://issues.apache.org/jira/browse/AXIS-790 > Project: Apache Axis > Type: Bug > Components: Basic Architecture > Versions: 1.1rc2 > Environment: Operating System: Other > Platform: Other > Reporter: Bruno Melloni > Assignee: Axis Developers Mailing List > Attachments: SimpleHTTPSender.java, URLConnectionHTTPSender.java > > This problem prevents distributing any Java Web Start clients that rely on > Axis > (or the older Apache SOAP) to the general public, where we have no control > over > what kind of HTTP proxy is at the end-user's site. > DESCRIPTION: > When using an http proxy that requires username/password authentication Axis > requires that the application supply such information. > Java Web Start's philosophy is to handle all proxy management (and user > prompting) itself and makes the proxy invisible when using an > HttpURLConnection. > Because of that philosophy, it does not provide a mechanism to obtain the > username/password. > Using Authenticator.requestPasswordAuthentication() would provide such > information but result in double-prompting the user for username/password. I > found a workaround to avoid the double-prompting, but the feature exploited > will > disappear in JDK 1.4.2 because Sun considers it a security flaw. > If needed, there is additional detail in forum posting: "BUG: Axis + Java Web > Start + Authenticating Proxies". Feel free to contact me if you need further > explanations or sample code. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
