Win a copy of AWS Security this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger

Basic Authentication: Second authentication is required when page has an applet

Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using Basic authentication for a web site. I have an applet embedded in one of my web pages. The problem is that when I access the page with the applet, I am presented with the authentication dialog box again.
The first time I access the site, the client sends the following unauthenticated header to the server,
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; windows 98)
Connection: Keep-Alive
The server then requires authentication and sends a request for 'Basic Authentication'
This leads to a dialog box with a user and password field.
(The box contains a field which reads 'Realm: myWeb Server')
If the correct user and password are supplied, then the server recieves to additional lines for further requests in the header.
Accept: */*
Authorization: Basic Zdsdf......
Access is then granted to all pages with the Mozilla user agent.
When I goto the page containing the java applet, the client sends
Accept-Language: en-us
User-Agent: Java1.3.0
Accept: text/html, ....
with no authentication field.
This causes the server to request authentication for this new user agent.
An authentication dialog is then presented in the client, but now, instead of having a 'Realm' field, it has a field which reads 'Resource: myWeb Server'

For completeness, the tag for the java applet in the web page follows.
(OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" width="640" height="480" id="filemanager"
(PARAM NAME="codebase" VALUE="/filemanager")
(PARAM NAME="code" VALUE="FileManager.class")
(PARAM NAME="type" VALUE="application/x-java-applet;version=1.2.2")
(param name="MAYSCRIPT" value="true")
(param name="name" value="filemanager")
(param name="scriptable" value="true")
(EMBED type="application/x-java-applet;version=1.2.2" width="640" height="480" MAYSCRIPT=true name=filemanager scriptable=true
code="FileManager.class" codebase="/filemanager")
No JDK 1.3 for APPLET!!!

As I am relatively new to web programming, so I may be missing something obvious. I was wondering if
1) There is a way to prevent this second authentication request?
2) If not, is there a way to direct the failed second login to a web page? Right now, if I enter the incorrect user/password pair at the second authentication dialog, it just hangs.
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have a similar problem:
when i try to load my basic-user-authentication-protected html page with an applet embedded netscape6.1 (or rather the 1.3JVM) prompts for a user/password again and fails to load the applet or just fails w/o showing any further dialog box.
when i remove the protection or when using any other browser everything works fine.
did you find any solution for your problem that might help me?
daniel distelrath
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Jeff Weinheimer:

1) There is a way to prevent this second authentication request?


You already got your problem solved,i guess.
Chris McGuirk describes a kind of workaround to prevent from a second dialog box
- you might think about a "default pair of user/pass" since the html page including the applet is already protected.
And i got the java plug-in 1.3.1 and now it works - not automatically like with other browsers than netscape6.1 though: have to enter user+pass.
Seriously? That's what you're going with? I prefer this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
    Bookmark Topic Watch Topic
  • New Topic