| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2125800 | 5.0u5 | Dennis Gu | P3 | Resolved | Fixed | b02 |
A DESCRIPTION OF THE REQUEST :
When a java applet connects to a https site using HttpsURLConnection,
and that site requires a client authentication certificate, each time that a new
Https connection is needed, the java applet pops up the dialog:
"Client Authentication", "The web site you want to connect requests identification. Select the certificate to use when connecting."
Since there is no reliable way to reuse the Https connection, if a program needs
to connect to a https site multiple times, this dialog will be presented to a user multiple times. This is annoying to a user of the applet.
How offen the dialog pops up is dependent on the size of the downloaded files. Larger files trigger the dialog more often.
JUSTIFICATION :
Having to choose the client certificate to use for the same site multiple time in a single instance of running a program is annoying. This significantly detracts from the ease of use of the program.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet should ask for the client certificate once per domain per instance of the program. I can think a a few ways that this could be done:
1. Give a method to java.net.URL or some such to cache the client certificate.
2. Add a preference the Java Control Panel that allows it to automatically select a certificate.
3. Automatically cache the certificate used for a given domain for the time that java is running.
Each of these would reduce the number of times that the client program brings up the certificate select dialog. I would expect that there should be some way to see the certificate dialog only once per instance per domain.
ACTUAL -
With the test program, the client certificate dialog is brought up 10 times.
---------- BEGIN SOURCE ----------
import java.net.URL;
import java.net.URLConnection;
import java.net.HttpURLConnection;
import java.io.InputStream;
import java.applet.Applet;
import java.awt.Graphics;
public class Main extends Applet {
StringBuffer buffer;
final int count = 10;
int i = 0;
public void init() {
buffer = new StringBuffer();
addItem("initializing... ");
}
public void start() {
addItem("starting... ");
for(int i = 0; i < count; i++) {
getUrl();
}
}
public void getUrl() {
URL url;
HttpURLConnection connection;
try {
url = new URL("https://domainname.com/as");
connection = (HttpURLConnection)url.openConnection();
connection.setDoInput(true);
//connection.setUseCaches(false);
InputStream inputStream = connection.getInputStream();
byte buffer[] = new byte[64];
int len = inputStream.read(buffer);
inputStream.close();
addItem("got "+i+":"+len+" ");
i++;
} catch (Exception e) {
e.printStackTrace();
}
}
void addItem(String newWord) {
System.out.println(newWord);
buffer.append(newWord);
repaint();
}
public void paint(Graphics g) {
//Draw a Rectangle around the applet's display area.
g.drawRect(0, 0, size().width - 1, size().height - 1);
//Draw the current string inside the rectangle.
g.drawString(buffer.toString(), 5, 15);
}
}
/* requirements to demonstrate the problem:
Set up the applet.
Set up a https webserver that requires client side certificates
Put a 64K file on the webserver (smaller files will trigger the bug, but not consistently).
Point the URL in the program to the 64K file that you put on the webserver.
*/
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Methods:
1. Use a java application instead of an applet.
2. Don't use client side certificates
###@###.### 10/28/04 21:07 GMT
When a java applet connects to a https site using HttpsURLConnection,
and that site requires a client authentication certificate, each time that a new
Https connection is needed, the java applet pops up the dialog:
"Client Authentication", "The web site you want to connect requests identification. Select the certificate to use when connecting."
Since there is no reliable way to reuse the Https connection, if a program needs
to connect to a https site multiple times, this dialog will be presented to a user multiple times. This is annoying to a user of the applet.
How offen the dialog pops up is dependent on the size of the downloaded files. Larger files trigger the dialog more often.
JUSTIFICATION :
Having to choose the client certificate to use for the same site multiple time in a single instance of running a program is annoying. This significantly detracts from the ease of use of the program.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet should ask for the client certificate once per domain per instance of the program. I can think a a few ways that this could be done:
1. Give a method to java.net.URL or some such to cache the client certificate.
2. Add a preference the Java Control Panel that allows it to automatically select a certificate.
3. Automatically cache the certificate used for a given domain for the time that java is running.
Each of these would reduce the number of times that the client program brings up the certificate select dialog. I would expect that there should be some way to see the certificate dialog only once per instance per domain.
ACTUAL -
With the test program, the client certificate dialog is brought up 10 times.
---------- BEGIN SOURCE ----------
import java.net.URL;
import java.net.URLConnection;
import java.net.HttpURLConnection;
import java.io.InputStream;
import java.applet.Applet;
import java.awt.Graphics;
public class Main extends Applet {
StringBuffer buffer;
final int count = 10;
int i = 0;
public void init() {
buffer = new StringBuffer();
addItem("initializing... ");
}
public void start() {
addItem("starting... ");
for(int i = 0; i < count; i++) {
getUrl();
}
}
public void getUrl() {
URL url;
HttpURLConnection connection;
try {
url = new URL("https://domainname.com/as");
connection = (HttpURLConnection)url.openConnection();
connection.setDoInput(true);
//connection.setUseCaches(false);
InputStream inputStream = connection.getInputStream();
byte buffer[] = new byte[64];
int len = inputStream.read(buffer);
inputStream.close();
addItem("got "+i+":"+len+" ");
i++;
} catch (Exception e) {
e.printStackTrace();
}
}
void addItem(String newWord) {
System.out.println(newWord);
buffer.append(newWord);
repaint();
}
public void paint(Graphics g) {
//Draw a Rectangle around the applet's display area.
g.drawRect(0, 0, size().width - 1, size().height - 1);
//Draw the current string inside the rectangle.
g.drawString(buffer.toString(), 5, 15);
}
}
/* requirements to demonstrate the problem:
Set up the applet.
Set up a https webserver that requires client side certificates
Put a 64K file on the webserver (smaller files will trigger the bug, but not consistently).
Point the URL in the program to the 64K file that you put on the webserver.
*/
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Methods:
1. Use a java application instead of an applet.
2. Don't use client side certificates
###@###.### 10/28/04 21:07 GMT
- backported by
-
JDK-2125800 no method to automatically select client authentication certificate for applets
-
- Resolved
-
- duplicates
-
JDK-6199691 Need correct instructions for using X.509 certificates with JRE 5.0
-
- Closed
-
- relates to
-
-
- Resolved
-