[
https://issues.apache.org/jira/browse/HTTPCLIENT-1748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15353661#comment-15353661
]
ASF GitHub Bot commented on HTTPCLIENT-1748:
--------------------------------------------
Github user sebastiencaille commented on the issue:
https://github.com/apache/httpclient/pull/52
When the java application is run in an applet environment (and webstart,
possibly), The Authenticator delegates the call to a
com.sun.deploy.security.DeployAuthenticator . The DeployAuthenticator only
works when the url parameter of requestPasswordAuthentication is the url I want
to connect to (eg http://www.whatever.com - the jdk provides the full url, it
works with the authority part), it does NOT work if the url parameter is the
proxy url (http://myproxy:3128) - I guess the authentication is delegated to
the browser, which needs this information for security reasons (maybe to
prevent cross domain calls). Since the AuthScope only contains information
about the proxy, the information needed to call requestPasswordAuthentication
the "right" way is currently not available...
> When run in java applet, SystemDefaultCredentialsProvider fails to get
> authentication from Authenticator
> --------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1748
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1748
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5
> Environment: Windows, application running in a java applet started by
> firefox, connection to a remote server via a squid proxy with basic
> authentication
> Reporter: Sébastien Caille
> Priority: Trivial
>
> Hello,
> The java applets are deprecated, but the issue may impact other use cases.
> During a POST call made from a java applet via a proxy server with basic
> authentication, SystemDefaultCredentialsProvider.getSystemCreds(...) calls
> Authenticator.requestPasswordAuthentication, which wrongly returns "null"
> authentication.
> The java applet console shows that a NullPointerException was ignored.
> I managed to fix the issue by providing the following values to
> Authenticator.requestPasswordAuthentication (getSystemCreds is currently
> providing null for those ones ):
> prompt = authscope.getRealm()
> url = context.getAttribute(HttpClientContext.HTTP_TARGET_HOST)
> Both values are needed ( prompt == null && url != null -> dialog box asking
> for credentials, prompt != null && url == null -> crashes firefox)
> Note that when downloading the applet jar files, the java is providing values
> for all the parameters of Authenticator.requestPasswordAuthentication
> (according to a breakpoint in requestPasswordAuthentication).
> Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
