All geek questions in one place

Applet Download Authentication

I have a website running on IIS 7.5 with integrated Windows authentication. In the /Content folder (with anonymous access) there is an applet - MyApplet.jar . When using this applet, Java shows the Authentication popup (and this popup does not remember my password, even if I check the Remember box).

Is there any way to remove this window?

This is the Java console before loading the applet:

 network: Cache entry not found [url: http://192.168.10.136/Web/Examination.mvc/Details/PatientEHR/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration, version: null] network: Connecting http://192.168.10.136/Web/Examination.mvc/Details/PatientEHR/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration with proxy=DIRECT network: Connecting http://192.168.10.136:80/ with proxy=DIRECT network: Connecting http://192.168.10.136/Web/Examination.mvc/Details/PatientEHR/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration with cookie "JCP-store=HDImageStore; JCP-key=Inf_WOPass" network: Firewall authentication: site=/192.168.10.136:80, protocol=http, prompt=, scheme=ntlm
+2
source share
2 answers

It looks like your Applet is doing XML parsing. If so, then what happens is that Java is looking for an XML parser (with getClass (). GetResource (...)), and as the path of your applet it will execute an HTTP request to your server.

To prevent this, you can define the XML parser in the init method of your applet with

  Class.forName("com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl"); System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl");

Since Java6u10 you also have the option to remove the path of your applet from the class path (but not the applet) with

 <APPLET ...> <PARAM name="codebase_lookup" value="false"> </APPLET>

Anthony

+2
source

From my limited experience and research, this has more to do with the client-side Java bridge, rather than the server. You can try disabling the next generation plugins on the client machine to see if it helps.

Windows: Control Panel> Java> Advanced tab> Java Plug-in> (uncheck) Enable the next generation ...

If this does not work or it is not possible to change client settings, you can exclude applets from authentication as a workaround. An applet can call javascript to communicate with a server that is executed by the browser, thereby avoiding the dreaded Java authentication dialog. As long as your business logic is on the server with proper verification and authentication (they should), it should not publish a security risk.

0
source

Source: https://habr.com/ru/post/1439265/

More articles:


All Articles