-
Bug
-
Resolution: Cannot Reproduce
-
P2
-
None
-
6
-
x86
-
windows_xp
Scenario:
Using IE browser or Mozilla firefox with a manual proxy setting pointing to a
ISA proxy server on port 8080. The ISA proxy server has either Basic
authentication OR, integrated windows authentication enabled.
Problem:
If using Sun JVM 5.0 or Mustang, any applet originated request via the URLconnection
fails. It fails with the following exception
Requesting URL: https://mars.entrust.com/TruePassSampleApp/servlets/AppletDownloadServlet/entrusttruepassapplet-epf.jarjar
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Initialized
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Roaming EPF applet started
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Authenticate User
[EntrustTruePassApplet/8.0] [ERROR] Couldn't create user: Error authenticating user
java.io.IOException: access denied (java.net.SocketPermission wottvmwareisa2k.ds.entrust.com:8080 connect,resolve)
at com.entrust.o.a.a(Unknown Source)
at com.entrust.o.c.read(Unknown Source)
at java.io.DataInputStream.readInt(Unknown Source)
at com.entrust.o.e.m(Unknown Source)
at com.entrust.o.e.i(Unknown Source)
at com.entrust.l.EntrustRoamingUser.b(Unknown Source)
at com.entrust.l.EntrustRoamingUser.a(Unknown Source)
at com.entrust.c.wb.b(Unknown Source)
at com.entrust.c.wb.c(Unknown Source)
at com.entrust.i.s.run(Unknown Source)
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Stopped
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Destroyed
Steps to reproduce:
A- ISA proxy server and turn on proxy authentication. [Note: if do it with Apache
configured as proxy, there is no problem. The problem happens only with ISA
proxy server with proxy authentication turned on]
B- Modify the browser proxy settings to point to the above proxy server
C- Have a test applet, that sends requests using URLConnection , to a servlet/or
any resource on a webserver behind the proxy server.
Workaround:
A - disabling the authentication in the ISA proxy server worked.
B - Modifying the java policy file permission java.net.SocketPermission
"*:8080", "connect,accept,resolve"
C- Modifying the JVM settings on client to not "inherit browser settings"
and explictily set it to the ISA proxy
D- Flip back to 1.4.2 JVM or MS JVM with IE.
Clearly non of the workarounds above are feasible especially if the users are working
in environment not in our control. i.e doing their banking from their office behind
a ISA proxy.
Same fix need to be backported to JVM 5.0 update releases.
Attach stack trace. but they are seeing different behaviour when tracing is turned on.
With tracing turned on when go to the page where the applet is served, you will
get a Windows Integreated auth dialog [Sun JVM pops it , and not the browser], and
after entering the proxy auth credentials, you will see a huge stack trace dump
going on for a while, and the applet fails to initialize.
However without tracing on, the applet does initializae, but will get the error in
the attached TPAppletDebugging.txt , when send a request to the server from the applet.
Using IE browser or Mozilla firefox with a manual proxy setting pointing to a
ISA proxy server on port 8080. The ISA proxy server has either Basic
authentication OR, integrated windows authentication enabled.
Problem:
If using Sun JVM 5.0 or Mustang, any applet originated request via the URLconnection
fails. It fails with the following exception
Requesting URL: https://mars.entrust.com/TruePassSampleApp/servlets/AppletDownloadServlet/entrusttruepassapplet-epf.jarjar
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Initialized
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Roaming EPF applet started
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Authenticate User
[EntrustTruePassApplet/8.0] [ERROR] Couldn't create user: Error authenticating user
java.io.IOException: access denied (java.net.SocketPermission wottvmwareisa2k.ds.entrust.com:8080 connect,resolve)
at com.entrust.o.a.a(Unknown Source)
at com.entrust.o.c.read(Unknown Source)
at java.io.DataInputStream.readInt(Unknown Source)
at com.entrust.o.e.m(Unknown Source)
at com.entrust.o.e.i(Unknown Source)
at com.entrust.l.EntrustRoamingUser.b(Unknown Source)
at com.entrust.l.EntrustRoamingUser.a(Unknown Source)
at com.entrust.c.wb.b(Unknown Source)
at com.entrust.c.wb.c(Unknown Source)
at com.entrust.i.s.run(Unknown Source)
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Stopped
[EntrustTruePassApplet/8.0] [INFORMATIONAL] Destroyed
Steps to reproduce:
A- ISA proxy server and turn on proxy authentication. [Note: if do it with Apache
configured as proxy, there is no problem. The problem happens only with ISA
proxy server with proxy authentication turned on]
B- Modify the browser proxy settings to point to the above proxy server
C- Have a test applet, that sends requests using URLConnection , to a servlet/or
any resource on a webserver behind the proxy server.
Workaround:
A - disabling the authentication in the ISA proxy server worked.
B - Modifying the java policy file permission java.net.SocketPermission
"*:8080", "connect,accept,resolve"
C- Modifying the JVM settings on client to not "inherit browser settings"
and explictily set it to the ISA proxy
D- Flip back to 1.4.2 JVM or MS JVM with IE.
Clearly non of the workarounds above are feasible especially if the users are working
in environment not in our control. i.e doing their banking from their office behind
a ISA proxy.
Same fix need to be backported to JVM 5.0 update releases.
Attach stack trace. but they are seeing different behaviour when tracing is turned on.
With tracing turned on when go to the page where the applet is served, you will
get a Windows Integreated auth dialog [Sun JVM pops it , and not the browser], and
after entering the proxy auth credentials, you will see a huge stack trace dump
going on for a while, and the applet fails to initialize.
However without tracing on, the applet does initializae, but will get the error in
the attached TPAppletDebugging.txt , when send a request to the server from the applet.