[
https://issues.apache.org/jira/browse/HTTPCLIENT-1748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15349715#comment-15349715
]
ASF GitHub Bot commented on HTTPCLIENT-1748:
--------------------------------------------
Github user sebastiencaille commented on the issue:
https://github.com/apache/httpclient/pull/52
Hello
At first I tried to provide the proxy's url, but the applet was always
asking for credentials.
It works fine when I provide the request URI.
Then, according to a breakpoint I put in
Authenticator.requestPasswordAuthentication, the applet plugin uses the url of
the jar files it wants to download.
I just checked the code of the openjdk... It looks like they are doing
that, too
http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/net/www/protocol/http/HttpURLConnection.java#HttpURLConnection.getHttpProxyAuthentication%28sun.net.www.protocol.http.AuthenticationHeader%29
(line 2223)
My guess is that the other parameters are sufficient to define the realm of
the auth challenge. That one is probably used to strengthen the security in
some use cases (eg to reduce the risks of cross domain calls).
By the way, it looks like providing HTTP_TARGET_HOST is sufficient to fix
my use case, but strictly speaking it should be the entire request URI (but at
the moment I don't know how to get that one)...
Sebastien
> When run in java applet, SystemDefaultCredentialsProvider fails to get
> authentication from Authenticator
> --------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1748
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1748
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5
> Environment: Windows, application running in a java applet started by
> firefox, connection to a remote server via a squid proxy with basic
> authentication
> Reporter: Sébastien Caille
> Priority: Trivial
>
> Hello,
> The java applets are deprecated, but the issue may impact other use cases.
> During a POST call made from a java applet via a proxy server with basic
> authentication, SystemDefaultCredentialsProvider.getSystemCreds(...) calls
> Authenticator.requestPasswordAuthentication, which wrongly returns "null"
> authentication.
> The java applet console shows that a NullPointerException was ignored.
> I managed to fix the issue by providing the following values to
> Authenticator.requestPasswordAuthentication (getSystemCreds is currently
> providing null for those ones ):
> prompt = authscope.getRealm()
> url = context.getAttribute(HttpClientContext.HTTP_TARGET_HOST)
> Both values are needed ( prompt == null && url != null -> dialog box asking
> for credentials, prompt != null && url == null -> crashes firefox)
> Note that when downloading the applet jar files, the java is providing values
> for all the parameters of Authenticator.requestPasswordAuthentication
> (according to a breakpoint in requestPasswordAuthentication).
> Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
