Dalibor is correct .. although for some reason all the comments on the bug
are tagged internal only so anyone looking without being logged in as an
Oracle employee sees no reasoning at all.
I'll ping the evaluator to add some public information.
-phil.
On 6/20/2014 5:52 AM, dalibor.to...@oracle.com wrote:
JNLP is not part of OpenJDK JDK 7u Project. You may want to try Oracle forums
instead.
--
Oracle <http://www.oracle.com>
Dalibor Topic | Principal Product Manager
Phone: +494089091214<tel:+494089091214> |
Mobile:+491737185961<tel:+491737185961>
Oracle Java Platform Group
ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Geschäftsführer: Jürgen Kunz
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment
On 20.06.2014, at 14:32, Richard Kettelerij <r.kettele...@avisi.nl> wrote:
Hi,
I'm tracking issue JDK-8046211 and noticed today it was resolved as "won't
fix" without any comment. I'm curious as to why it was closed?
Our situation: We have a Java applet consisting of 4 jar files and a JNLP
file. These files are served over HTTPS from a public webserver (no
authentication required). The applet contains an up-to-date manifest with
all the entries required since the new Java security baseline. The
applet/JNLP file is accessed from a web application using Javascript
(deployJava.js). All interaction with the applet is through Javascript.
The web application itself runs on a different server and is protected
using client certificates (2-way SSL) and basic authentication.
Now until Java 7u55 everything worked fine. When loading the applet only
one popup was displayed asking the user to trust the applet (which is
properly signed) and that was all.
However since 7u55 (also 7u60) things have changed: the applet loads fine
but as soon as we call a method on the applet (though LiveConnect) the Java
VM displays a popup asking the user to select a client certificate and
thereafter asks the user to authenticate using BasicAuth.
Important note: the user doesn't actually has to select a valid certificate
or enter any credentials. If the user cancels any of the dialogs the applet
continues to function properly. Logging shows the applet is using the same
cookie as the browser so authentication against the server isn't actually
taking place. Basically the Java VM is prompting for authentication dialogs
for no good reason because the user is already authenticated with a browser
cookie.
Prior to 7u55 we didn't experience this issue (we have users with 7u40,
7u45 and 7u51). Altogether it appears we encountered JDK-8046211, which has
the characteristics of a regression issue. If you guys need any logging or
additional information I'd be happy to help.
Regards,
Richard
