Applet Authentication

Similar Messages

• Applet Authentication Scheme

  Hello,
  I have developed a small applet that uses:
    URL url = new URL(getDocumentBase(), strURL);
    AudioInputStream stream = AudioSystem.getAudioInputStream(url);to retrieve an audio clip from my webserver.
  The audio clip is protected using DIGEST authentication.
  The applet is embedded in an HTML page that also uses DIGEST authentication.
  Firefox is okay, but after changing to Java plugin 1.6.0_1, Internet Explorer + Java is popping up a second login, with the footer: "Authentication scheme: Windows Integrated".
  Firefox:
  - FF loads (HTML)Page (unprotected)
  - Page loads the applet (unprotected)
  - Page tries to load clip index (protected)
  - FF shows browser login
  - FF reissues request for clip index (assuming successful login)
  - Page tells applet to load a clip
  - Applet loads a clip using browser creds.
  IE6:
  - IE loads page (unprotected)
  - Page loads the applet(unprotected)
  - Page tries to load the clip index(protected)
  - IE shows the browser login
  - IE reissues the request for clip index(assuming successful login)
  - Page tells applet to load a clip
  - Java shows login form
  How can I tell the applet to use the browser's DIGEST authentication credentials?
  I have started diving into the docs, but haven't found anything yet.
  Thanks for any tips,
  Jamie S.

  That is properly too late.
  However, I am working on a similar problem. This is my insight. If anybody know more than I do, please let me know.
  Using the applet, the Authenticator may not work due to the new JRE. I believe if you have the property file within your machine, you may get around this problem. Other than that, I have not figured out a way to get pass this security issue. Anybody have any thought on that ?
  To get around this issue, in your case, it is Basic Authentication; so it won't be too bad. You will need to write your own http client. which mean, you will need to be able to read the response from the server and send the proper header back to the server. At least that is how I did it.
  The problem I am facing now is doing Digest Authentication. I really hate to do all kind of work to get Digest working. Only if the Authenticator work for me.
  Hope that help.

• Java applet authentication

  I have an applet hosted in a webserver and since I installed Java 6 update 24, a window is shown asking for Network Credentials every time I open the page.
  If I access it from a computer with an older Java version, it runs the applet without asking the credentials.
  I'm using integrated authentication so, I don't want to ask any credentials as the user is already authenticated by the OS.
  Does anyone can help me?

  i found the Bug listed for this issue, but they claim the fix mentioned in this thread doesn't fix the problem. yet for most if not all of us... it does:
  Bug 6936012: In Microsoft Internet Explorer Java Plug-In re-challenges for authentication     
  Bug Attributes
  Type     B - Defect     Fixed in Product Version     
  Severity     See FR          
  Status     3-Accepted          
  Created     18-Mar-2010          
  Updated     27-Jul-2011          
  Product Source     Sun          
  Related Products
  Fix Request Attributes:
  Fix Request #     6936012/
  Target     
  Customer Status     3-Accepted
  Severity     3-Medium
  Duplicate Of     
  Committed Version     
  Fixed Version     
  Integrated Version     
  Verified Version     
  Last Updated     2011-07-27 00:00:00 GMT+00:00
  Description:
  FULL PRODUCT VERSION :
  java version "1.6.0_18"
  Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
  Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)
  ADDITIONAL OS VERSION INFORMATION :
  Microsoft Windows XP [Version 5.1.2600]
  A DESCRIPTION OF THE PROBLEM :
  For various versions of Microsoft Internet Explorer (MSIE), the Java Plug-In (various versions of recent Java 6 Updates, including 18) re-challenges for authentication when an applet makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. [This web site is the source of the applet as well.] This occurs despite having checked the "Remember my password" checkbox in the browser authentication dialog.
  We have had numerous customer complaints about this with MSIE 6, 7, and 8. Internally this has only been reproduced with MSIE 7 and HTTPS.
  STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
  Write an applet that makes an HTTP(S) request for an authenticated resource from a web site and realm for which the browser session is already authenticated. Test the applet in various MSIE versions with HTTP and HTTPS, checking the "Remember my password" checkbox in the browser authentication dialog.
  EXPECTED VERSUS ACTUAL BEHAVIOR :
  EXPECTED -
  The applet should re-use the authentication credentials already established by the browser.
  ACTUAL -
  The applet re-challenges for authentication -- causing great user annoyance and frustration.
  REPRODUCIBILITY :
  This bug can be reproduced always.
  CUSTOMER SUBMITTED WORKAROUND :
  This works fine in Firefox, but that's not acceptable to many customers.
  This reportedly occurs irrespective of whether the next generation plug-in is enabled or not.
  Date Modified     2010-03-18 00:00:00 GMT+00:00
  Back to top

• Web Authentication with RSA SecureID on a Cisco Switch

  Hi,
  I've recently been looking into linking in our Cisco 2960S Gb Switch with RSA SecureID via Radius
  I've already managed to link it in for ssh access
  but I've not managed to get it working for http / web access to the switch
  I think this is because we're using "single use" tokens for maximum security with RSA SecureID
  and the web interface attempts to authenticate multiple times against the Radius part of the RSA SecureID server
  (okay on the first authentication, but each time after it's going to want a different token code)
  I was wondering if anyone knew a way around this? (if there's a way to get the switch to just authenticate once instead of multiple times against the radius server)
  For info the switch is a WS-C2960S-24TS-L with IOS 15.0(1)SE2

  Hello Chris,
  Can you test the following configuration?
  aaa group server radius webtac_grp
  server
  cache expiry 1
  cache authorization profile httpauth
  cache authentication profile httpauth
  aaa authentication login httpauth cache webtac_grp group webtac_grp
  aaa authorization exec httpauth cache webtac_grp group webtac_grp
  aaa authorization network httpauth cache webtac_grp group webtac_grp
  aaa cache profile httpauth
  all
  ip http server
  ip http authentication aaa login-authentication httpauth
  ip http authentication aaa exec-authorization httpauth
  radius-server host key ******
  I know for sure the above configuration works when using TACACS+ instead of RADIUS in order to avoid the multiple prompts due to the JAVA Applets authentication when accessing the IOS GUI. I have not tested it against RSA acting as backend Authentication server.
  NOTE: As "aaa authorization exec" is configured the RSA should be sending Attribute Service-Type with value Administrative for it to work as expected.
  If this was helpful please rate.
  Regards.

• ACE/Server redirects

  I'm looking for some guidance/thoughts on a problem I'm coming across. I have an SSL termination configuration as follows:
  Client to VIP:80 does redirect to VIP:443
  Client to VIP:8080 does redirect to VIP:8443
  Client to VIP:443 load balances to Real:80
  Client to VIP:8443 load balances to Real:8080
  On the real server I'm running apache on 80 and tomcat on 8080.
  Apache handles the main site while Tomcat handles java applets/authentication/etc.
  The problem we're encountering is when apache needs to hand off to tomcat and the reverse. What's the best way to accomplish this while maintaining the connection to the same real server. What is happening is that the ACE is re-load balancing the request to a different real.
  Thanks.

  you could use static cookies [ cookie insert ].
  Since you have 2 serverfarms, you'll get 2 different set of cookies.
  So, for each sticky group, you need to learn the cookie value associated with each rserver.
  Then for the other group, configure a static entry for each cookie value.
  Do the same for each group.
  Learning the cookie value requires the use of a sniffer. Sniff traffic going to the ACE slot. Open a connection to the vip and see which server is being used and what cookie value is returned. Delete the cookie and repeat until you get the cookie value for each server.
  This is the only idea I have right now.
  Gilles.

• How to configure JSS 4 with Firefox 21.0 to to use with HTTPS client authentication? It´s supposed that JSS allows an applet to access Mozilla user´s cert

  We are trying to use HTTPS client certificate based authentication to access a Java Applet in Firefox v21.0. We have followed the instructions as per the below two urls to enable JSS 4 -
  https://developer.mozilla.org/en-US/docs/JSS/Using_JSS<br />
  http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html<br />
  http://download.java.net/jdk8/docs/technotes/guides/deployment/deployment-guide/keystores.html
  We are using JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM in Firefox v21 but we are getting - <br />
  security: Accessing keys and certificate in Mozilla user profile: null<br />
  security: JSS is not configured
  followed by SSK handshake failure when trying to load the client certificate.
  <pre><nowiki>javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
  at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
  at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
  at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
  at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
  at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
  at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
  at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
  at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
  at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
  at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
  at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
  at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)</nowiki></pre>
  The client cert based authentication is working when using IE v8 and IE v9 with the same JRE version (JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM)
  Any help to resolve this issue will be very much appreciated.

  Thank you for your response.
  Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet.

• Java Applet Constantly Asks for Authentication

  With have a ADF application on Weblogic 10 that has occasional access to a Java applet. The Java applet is loaded whenever it's needed and not loaded whenever it isn't in a facet. The applet is currently in the public_html/applet folder.
  When we set the SSL configuration to requiring a client certificate, when the Java applet loads, it'll constantly ask for a client certificate even though the user already presented the client when hitting the website:
  Request Authentication Identification required. Please select certificate to be used for authentication.
  This is annoying to users and the Java Applet doesn't need authentication. Is there any way we can disable the authentication or remove the prompt?
  Here's the embedded applet code:
  <applet height="1" width="1" code="applet.Applet.class"archive="/app/applet/SApplet.jar" /><param name="permissions" value="all-permissions"/></applet>
  Things I've already tried:
  1) Setting the Applet up on HTTP instead of HTTPS; I get a warning about mixed content and still get the authentication pop-up.
  2) Created a minimal applet that only types out "HELLO WORLD" in the console, still get the authentication pop-up
  Here's the console window:
  Java Plug-in 1.6.0_35
  Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
  User home directory = C:\Users\mfan
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
  security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
  security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
  security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
  security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
  security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
  security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
  basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
  basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
  network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]
  network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
  network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
  security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
  security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
  security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
  security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Loading certificates from Internet Explorer ROOT certificate store
  security: Loaded certificates from Internet Explorer ROOT certificate store
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment session certificate store
  security: Checking if SSL certificate is in Deployment permanent certificate store
  security: KeyUsage does not allow digital signatures
  (and here's where the prompt comes up).

  Actually, setting the archive to http://URL works fine. No more request authentications come up.

• Displaying java applet using webseal authentication

  Hi all,
  i'm facing a problem about displaying Java applet using Webseal junction for accessing  an application Server based on Websphere.
  I've defined a webseal ACL on accessing a http url that contains link to Java applet: after webseal authentication, the homepage is loaded; in the home page are presented links to java applet, but when I try to load these applets, it seems not working.
  If I load the same applets without Webseal authentication, it seems working.
  Is there any sort of configuration to make for applet regarding Webseal?
  Thanks in advance
  Danilo

  Hi all,
  i'm facing a problem about displaying Java applet using Webseal junction for accessing  an application Server based on Websphere.
  I've defined a webseal ACL on accessing a http url that contains link to Java applet: after webseal authentication, the homepage is loaded; in the home page are presented links to java applet, but when I try to load these applets, it seems not working.
  If I load the same applets without Webseal authentication, it seems working.
  Is there any sort of configuration to make for applet regarding Webseal?
  Thanks in advance
  Danilo

• Applet re-required user authentication on webapp realm

  I have developed a webapp restricted to known users via BASIC authentication realm. one of these html pages contains an APPLET which is loaded correctly,
  but then asks the user for userid and password again (i have to enter the same username password as i logged onto the webapp before).
  I assume this comes because the applet is located within the restricted webapp context - is there any chance to turn off the duplicate authentication via applet??????

  Think java version 1.4.0 could do some authentication but did not share it with
  the browser. A later version should share auth with the browser, meaning if
  the browser authenticates then so does the jre. They also share the session
  so forms auth would work as well.
  Try to open the java control panel General -> network -> network settings -> use browser settings

• Is Proxy Authenticated or not in Applet

  <p>
  Hi Everyone,
  </p>
  <p>
  I need to show proxy details to the user in an applet and I got the proxy host and port by using the JDK API and I need to check is the proxy is authenticated or not and I used the below code in the applet
  </p>
  <p>
  public boolean checkHttpAuthentication() {
  </p>
  <p>
  logger.info("Start of detecting proxy authentication settings");
  HttpURLConnection urlConnection = null;
  </p>
  <p>
  try {
  </p>
  <p>
  String host = SiteSurveyAppletConstants.HTTP_PROXY_DETECT_URL;
  </p>
  <p>
  URL url = new URL(host);
  </p>
  <p>
  urlConnection = (HttpURLConnection) url.openConnection();
  </p>
  <p>
  urlConnection.setDoInput(true);
  </p>
  <p>
  urlConnection.setDoOutput(true);
  </p>
  <p>
  urlConnection.setUseCaches(false);
  </p>
  <p>
  int statusCode = urlConnection.getResponseCode();
  </p>
  <p>
  logger.info("statusCode : " + statusCode);
  </p>
  <p>
  if(statusCode == HTTPStatusCodes.SC_PROXY_AUTHENTICATION_REQUIRED) {
  </p>
  <p>
  isProxyAuthenticated = true;
  </p>
  <p>
  </p>
  <p>
  } catch (Exception e) {
  </p>
  <p>
  System.out.print("Error occured while sending data to the server\n" + e);
  </p>
  <p>
  </p>
  <p>
  logger.info("End of detecting proxy authentication settings");
  </p>
  <p>
  return isProxyAuthenticated;
  </p>
  <p>
  </p>
  <p>
  When I access the applet a dialog box (Firefox browser dialog box) is prompting to enter the user credential and applet is loaded into the browser after entering the user credentials, but if you see the code in above snippet, it's not returning me the 407 status code, it's returning me the 200.
  </p>
  <p>
  In my application applet will first fetch the proxy settings and will do some processing (connecting to the server) and will load into the browser. So for connecting to the server I need to know whether the proxy is authenticated or not. If it is authenticated then I need to open a dialog box asking the user to enter the credentials and will use those credentials for connecting back to the server
  </p>
  <p>
  Can anyone help me what is causing the problem
  </p>
  <p>
  Thanks
  </p>

  Hi,
  MINUS does two full table scans & removes matches after whereas NOT IN does a full table scan of table 1 then for each row it searches through table two...assuming you have two proper tables e.g.:
  TABLE1: 20,000 rows in 1000 blocks
  TABLE2: 10,000 rows in 500 blocks
  Reads required for minus:
  Full scan of TABLE1 = 1000 blocks
  +
  Full scan of Table2 = 500 blocks
  = 1500 reads
  Reads required for NOT IN:
  Full scan of TABLE1 = 1000 blocks
  20,000 lookups in TABLE2 = 20,000 x (depth of index on TABLE2)
  = 21,000 at least
  So a lot more work is done with NOT IN. Taken from here. Note the gets:
  SQL> select count(*) from
    2  ( select object_id from t1
    3    minus
    4    select object_id from t2
    5  )
    6  /
    COUNT(*)
         171
  Statistics
            0  recursive calls
           24  db block gets
          136  consistent gets
           64  physical reads
            0  redo size
          380  bytes sent via SQL*Net to client
          518  bytes received via SQL*Net from client
            4  SQL*Net roundtrips to/from client
            3  sorts (memory)
            0  sorts (disk)
            1  rows processed
  SQL> select count(*) from
    2  ( select object_id from t1
    3    where object_id not in
    4    ( select object_id from t2
    5    )
    6  )
    7  /
    COUNT(*)
         171
  Statistics
            0  recursive calls
           12  db block gets
        84406  consistent gets
            0  physical reads
            0  redo size
          405  bytes sent via SQL*Net to client
          541  bytes received via SQL*Net from client
            4  SQL*Net roundtrips to/from client
            1  sorts (memory)
            0  sorts (disk)
            1  rows processedMike

• XMII Applet and Authentication

  Hi,
  I have a webpage which has an applet embeded on it. I can access this webpage via a browser from the local xmii server and the applet displays correctly. Whenever I try to access it from a remote client I am getting an "Authentication Required" message where the applet should be. The rest of the page is displayed normally. Can anyone help with this.
  In the java console I am getting the following exception:
  ERROR - Error Loading Resource File for Applet_: access denied (java.util.PropertyPermission http.strictPostRedirect read)
  Authenticator::Authentication error is Authentication Required
  Thanks,
  Mahwish

  Hi Mahwish,
  I am assuming that you are using an htm or html for you web page extension.  Try changing the extension to irpt to force you to log into xMII prior to loading the page.  You could also use the URL
  http://<server name>/Illuminator/PortalLogin.jsp?target=/dir/page.htm
  To force htm or html pages to authenticate please see note 930312
  Regards,
  Jamie Cawley

• ClassNotFound error when loading applet from a NTLM authenticated  site

  Hi,
  I wrote a Java applet and put it into a JAR file and signed the JAR file. It works fine if the user doesn't need to be authenticated. However, when I place the same JAR to a site that uses NTLM (NT challenging) authentication. The applet failed to load and returns ClassNotFound exception. Does anyone know why?
  The following is the complete error message:
  java.io.IOException: Server returned HTTP response code: 401 for URL: http://unibox.MySite.com/fileupload/FileUpload.jar
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:697)
       at sun.plugin.net.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:369)
       at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:1139)
       at sun.plugin.net.protocol.http.HttpURLConnection.checkCookieHeader(HttpURLConnection.java:330)
       at sun.plugin.net.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:367)
       at sun.plugin.net.protocol.http.HttpUtils.followRedirects(HttpUtils.java:39)
       at sun.plugin.cache.CachedJarLoader.download(CachedJarLoader.java:311)
       at sun.plugin.cache.CachedJarLoader.load(CachedJarLoader.java:131)
       at sun.plugin.cache.JarCache.get(JarCache.java:177)
       at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(CachedJarURLConnection.java:71)
       at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(CachedJarURLConnection.java:56)
       at sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:498)
       at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:459)
       at sun.misc.URLClassPath$2.run(URLClassPath.java:255)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.misc.URLClassPath.getLoader(URLClassPath.java:244)
       at sun.misc.URLClassPath.getLoader(URLClassPath.java:221)
       at sun.misc.URLClassPath.getResource(URLClassPath.java:134)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
       at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:132)
       at sun.plugin.security.PluginClassLoader.findClass(PluginClassLoader.java:189)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
       at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:112)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
       at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:473)
       at sun.applet.AppletPanel.createApplet(AppletPanel.java:548)
       at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1621)
       at sun.applet.AppletPanel.runLoader(AppletPanel.java:477)
       at sun.applet.AppletPanel.run(AppletPanel.java:290)
       at java.lang.Thread.run(Thread.java:536)
  load: class FileUpload.class not found.
  java.lang.ClassNotFoundException: FileUpload.class
       at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:151)
       at sun.plugin.security.PluginClassLoader.findClass(PluginClassLoader.java:189)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
       at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:112)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
       at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:478)
       at sun.applet.AppletPanel.createApplet(AppletPanel.java:548)
       at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1621)
       at sun.applet.AppletPanel.runLoader(AppletPanel.java:477)
       at sun.applet.AppletPanel.run(AppletPanel.java:290)
       at java.lang.Thread.run(Thread.java:536)
  Caused by: java.io.IOException: open HTTP connection failed.
       at sun.applet.AppletClassLoader.getBytes(AppletClassLoader.java:224)
       at sun.applet.AppletClassLoader.access$100(AppletClassLoader.java:40)
       at sun.applet.AppletClassLoader$1.run(AppletClassLoader.java:141)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:138)
       ... 10 more

  It appears that the latest jvm plugins use java to get the archive files instead of using the browser to download the archive files.
  In addition sun does not support NTLM authentication, because of this the latest jvms are unable to download the jar file containing the applet.
  I have been working on finding a way to replace suns http Handler, but have had no luck with setting the java.protocol.handler.pkgs for the plugin and having it retain the setting.
  I have achieved partial results using the appletviewer with -J-Djava.protocol.handler=com.nogoop
  you might try taking a look at http://www.nogoop.com

• SSL authentication in Applet, the next step?

  Hi,
  In the following code:
       private RssReader rssReader;
       private void createFeed() {
            rssReader = new RssReader("https://{username}:{password}@{domain}/mymon/index.php?{anaction}=rss.showrss&server_id=&ident=&statusnr=2&block=7&wwwauth=1");
            System.out.println ("TlsModel.createFeed; rssReader created");
            rssReader.readRSSFeed();
            System.out.println ("TlsModel.createFeed; read Feed");
       }I got the following error:
  TlsModel.createFeed; rssReader created
  IOException java.io.IOException: Server returned HTTP response code: 401 for URL: https://{username}:{password}@{domain}/mymon/index.php?{anaction}=rss.showrss&server_id=&ident=&statusnr=2&block=7&wwwauth=1
  -1
  TlsModel.createFeed; read FeedWe configured the feeder to allow "username" to read the feed. But still the 401 server response. What would you suggest I don now?
  TIA,
  Abel
  Edited by: Abel on Jan 18, 2008 8:36 AM
  Changed title

  I have been reading the 'JSSE Reference Guide for Java SE 6' document (http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html).
  What I can't seem to wrap my head around is what I need to do in a client (the Applet mentioned in the previous post) to authenticate. I know it should be possible, as there is a getNeedClientAuth() (Returns true if the socket will require client authentication) method in javax.net.ssl.SSLSocket.
  So, through what hoop do I need to jump through to be able to authenticate a user in the Applet?
  Background:
  I want to read the contents of a RSS Feed coming from a https page. The user of the Applet needs to authenticate him/herself using his/her username and password.

• How to configure the applet  use Kerberos authentication

  Hi all:
  I know few about the java or applet security and hope someone can help me.
  I have a MS IIS Web server named win2003stdbase1 and it use Kerberos authentication, and the
  web server host a jar file.The client machine has jdk1.5 installed.When the client visit a html page which contains a java applet,the jre starts the applet and a dialog "Password Needed -Networking" popups.Then we input the right user name and the password,but the dialog popup again.The dialog display these message:
  Server:     win2003stdbase1/192.168.0.43
  Scheme:     ntlm
  UserName:
  Password:
  Domain:
  I suspect that the applet use the ntlm authentcation method which different from the web server,and I want it to use Kerberos authentication.How can I achieve this?
  Any suggestion or idear will be appreciated.Thanks.

  Are there anyone can help on this? It is a urgent issue. Also if I did not explain it clearly, please let me know.Thanks.

• Does Authentication  block to run applet

  Hi everybody.
  To provide active directory authentication we put tehse lines.
  My web-application.xml like this
  <security-role-assignment>
  <role-name>admin</role-name>
  <principal-name>BOLM000</principal-name>
  </security-role-assignment>
  web.xml like this
  <security-constraint>
  <display-name>Constraint-0</display-name>
  <web-resource-collection>
  <web-resource-name>Constraint-0</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  <security-role>
  <role-name>admin</role-name>
  </security-role>
  It works perfectly.
  We have an signed applet which calls iexplorer.exe from firefox. It works perfectly too.But When We add this applet on an application which runs with it gives us " class not found.." error.
  When whe comment these lines -cancel authentication- applet works well.
  Do you have any idea about this problem?

  press F1