This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Webstart and directory security

 
Steve Wood
Ranch Hand
Posts: 137
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,

I'm really struggling to get this going.

Basically we have an application that uses web start. You log into the system using form based authentication in tomcat. The trouble is: web start doesn't seem to work using this authentication. It gives some error saying that the cached jnlp which internet explorer downloads temporarily, can't be found.

Basically, I'd like to have a single login. If you're logged into the website, you can use web start. If you're not, you're prompted to log in. Is this really as difficult as I think?

Any help is greatly appreciated.

Cheers,

Steve
 
Cristian Negresco
Ranch Hand
Posts: 182
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

The Form based authentication caries an authentication cookie with each browser request in order to authenticate the user to the Web container. The problem with JWS access to protected jars is that JWS doesn't have the browser cookie so that to authenticate its requests.
Anyway what I would do is:
- ask for "confidential" transport when accessing the login page. This way the username & password will not be transferred in clear text
- protect the *.jnlp files by associating them with a security constraint which maps at least to "user" and ask for "confidential" transport so that the authentication cookie will not be sent in cler
- allow public access to the jars. You could still use https if you have jws1.3 or jws1.4

If you don't feel comfortable with public access you might try to make you own transfer and authentication handler. It should work but it might ask some time.

BR,
Cristian
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic