We have basic authentication enabled on Tomcat6. User is authenticated in browser and then JNLP is launched to launch application in Java Web Start. On start-up, java web start tries to download jar files from server but it is not using the same session which is already authenticated by browser. Based on forums I have tried to pass session id in JNLP by using sid property as well as be appending in URL. Environment is restricted so each and every request needs to be authenticated we cannot say to exclude requests for jar file not being authenticated. Below is my JSP creating JNLP file, can anyone please help how can we continue same session to download jars which is already authenticated by Browser.
<% response.setContentType("application/x-java-jnlp-file"); %>
<%= "<?xml version=\"1.0\" encoding=\"utf-8\"?>" %>
<!-- JNLP File for SimpleTableDemo -->
<%
String baseURL = request.getRequestURL().toString().replace(request.getRequestURI(), request.getContextPath());
%>
<jnlp codebase="<%=baseURL%>">
<information>
<title>Simple Table Demo Application</title>
<vendor>Try</vendor>
<description>SimpleTableDemo</description>
<description kind="short">An application that demonstrates a simple table.</description>
</information>
<resources>
<j2se version="1.6+" />
<property name="sid" value="<%=request.getSession().getId()%>" />
<property name="serviceHost" value="<%=request.getServerName()%>"/>
<property name="servicePort" value="<%=request.getServerPort()%>"/>
<jar href="AuthenticateJNLPJars.jar;JSESSIONID=<%=request.getSession().getId()%>" />
</resources>
<application-desc main-class="SimpleTableDemo" >
</application-desc>
</jnlp>
Notice how a new JSESSIONID is assigned in the end, which is bad. On the other hand, with no href attribute, jnlp file gets downloaded once, and jar file gets downloaded once, and JSESSIONID is preserved: 127.0.0.1 ...
Once installed and you've chosen to associate the jnlp file extension with OpenWebStart you're ready to go. If you're using OpenWebStart with a newer Java JVM, you still may not be able to load certain ancient KVM applets like the Lantronix Spider. It should be called Lantronix Dinosaur.
This means that no second tab or window needs to be opened in the browser. Even if you close the browser session that you started up EBS with, the Java session will still be active and can continue to be used. Note that this still requires that Java 8 be installed on the local PC.
End users are noticing JNLP files not being launched automatically when an analyst tries to launch the Support Automation interface from a Chrome browser. Chrome no longer supports NPAPI (technology required for Java applets).
I now have (some) answers....
I realize that this question is a year old, but since it`s the first result on google when searching for this issue I figured it was a good idea to complete it.
There is one problem with the jnlp code that you provided, but first, you have to check if adding the cookie to the url would actually work..... and that depends on your app deployment configuration.
I do not know how it is on Tomcat... I am using weblogic, and in it you have to check in weblogic.xml the following property
<session-descriptor>
<url-rewriting-enabled>true</url-rewriting-enabled>
</session-descriptor>
This means that, if available, weblogic will get the session id from the URL (using the same format that you have in your code)
If it is false, then this solution will not work and you will have to send a cookie with the session id in each request.... and if you found a way to do to that PLEASE respond.... it would help me a lot.
now, if url-rewriting-enable is true, then this approach will work once you fix the following problem in your script.
The problem is that, once java web start gets the jnlp from the browser, it will download it again from the server, so you have to make sure that you add the session id to that request also. you do that by modifiing the initial tag like this:
<jnlp spec="1.0+" codebase="<%=baseURL%>" href="<%=NAME_OF_JNLP%>;JSESSIONID=<%=SESSION_ID%>">
And that is it, the code should work...
by the way, the properties that you added:
<property name="sid" value="<%=request.getSession().getId()%>" />
<property name="serviceHost" value="<%=request.getServerName()%>"/>
<property name="servicePort" value="<%=request.getServerPort()%>"/>
are not relevant to this, you can delete them and the code will still work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With