Java – after the authentication needs window pops up 7u21 and is updated
I've been working on a project for the past six months For this project, I have a GlassFish server instance in which web services are deployed On the client side, I use javafx2 2. It uses basic authentication to make rest requests with Jersey (XML request / response, no JSON)
When the user starts the program (JWs / JNLP), he usually only needs to enter his credentials in the login window and press the login button to start working Due to 7u21, for some reason (possibly due to the security change of 7u21), I got an additional Java "authentication required" pop-up window
In order to ensure that it has nothing to do with the compatibility between Java versions, I updated the server and 7u21, so:
>Client: update Java from 7u17 to 7u21 > server: update Java from 7u09 to 7u21, adjust GlassFish asenv The. Bat file uses the new JDK
If I click the Cancel button in the "verification required" window displayed above, the program will start, but it will not run stably when executing the request:
java.io.IOException: stream is closed file:/D:/NetBeansProjects/MIT_20130516/CL_KenoM/dist/CL_KenoM.jar!/GUI/cow/ListCow.fxml at com.sun.jersey.api.client.ClientResponse.close(ClientResponse.java:615) at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:570) at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:535) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:696) at com.sun.jersey.api.client.WebResource.access$300(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:512) at DA.CowsClient.getCowsByUserId(CowsClient.java:96) at GUI.cow.ListCowController.initialize(ListCowController.java:728) at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2152) at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2028) at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2744) at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2723) at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2709) at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2696) at Classes.Context.showContentPane(Context.java:186) at GUI.user.ListUserController.openAddData(ListUserController.java:389) at GUI.user.ListUserController.access$100(ListUserController.java:55) at GUI.user.ListUserController$8.handle(ListUserController.java:657) at GUI.user.ListUserController$8.handle(ListUserController.java:652) at com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(CompositeEventHandler.java:69) at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:217) at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:170) at com.sun.javafx.event.CompositeEventDispatcher.dispatchBubblingEvent(CompositeEventDispatcher.java:38) at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:37) at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92) at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:35) at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92) at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:35) at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92) at com.sun.javafx.event.EventUtil.fireEventImpl(EventUtil.java:53) at com.sun.javafx.event.EventUtil.fireEvent(EventUtil.java:33) at javafx.event.Event.fireEvent(Event.java:171) at javafx.scene.Scene$ClickGenerator.postProcess(Scene.java:3117) at javafx.scene.Scene$ClickGenerator.access$8600(Scene.java:3055) at javafx.scene.Scene$MouseHandler.process(Scene.java:3337) at javafx.scene.Scene$MouseHandler.process(Scene.java:3168) at javafx.scene.Scene$MouseHandler.access$1900(Scene.java:3123) at javafx.scene.Scene.impl_processMouseEvent(Scene.java:1563) at javafx.scene.Scene$ScenePeerListener.mouseEvent(Scene.java:2265) at com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(GlassViewEventHandler.java:250) at com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(GlassViewEventHandler.java:173) at java.security.AccessController.doPrivileged(Native Method) at com.sun.javafx.tk.quantum.GlassViewEventHandler.handleMouseEvent(GlassViewEventHandler.java:292) at com.sun.glass.ui.View.handleMouseEvent(View.java:528) at com.sun.glass.ui.View.notifyMouse(View.java:922) at com.sun.glass.ui.win.WinApplication._runLoop(Native Method) at com.sun.glass.ui.win.WinApplication.access$100(WinApplication.java:29) at com.sun.glass.ui.win.WinApplication$3$1.run(WinApplication.java:73) at java.lang.Thread.run(UnkNown Source) com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: stream is closed
This error occurs when the get method is used (no put or delete test is used). In this case, it is the getcowsbyuserid() method:
public List<Cows> getCowsByUserId(int id) throws UniformInterfaceException {
WebResource resource = webResource;
resource = resource.path(java.text.messageformat.format("cows/user/{0}",String.valueOf(id))); //this is line 96
List<Cows> list = resource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML).get(new GenericType<List<Cows>>() { });
return list;
}
Interestingly, when I pass NetBeans or Jar file instead of When JNLP starts the program, everything works as expected (no additional authentication pop-up, no errors)... So this has to do something with Java webstart, I guess?
Editor May 28, 2013:
I did further research by comparing the Java console trace / debug logs from 7u17 and 7u21 I noticed the following in the 7u21 log:
security: Trust for: http://<url>/lib/jersey-core-1.17.jar has ended: Thu Jan 01 01:00:00 CET 1970 security: Validate the certificate chain using CertPath API security: SHA-256 finger print: <bunch of chars> security: The certificate hasnt been expired,no need to check timestamping info security: The CRL support is disabled security: The OCSP support is disabled security: This OCSP End Entity validation is disabled security: Start comparing to jurisdiction list with this certificate basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms security: JAVAWS AppPolicy Permission requested for: http://<url>/lib/jersey-core-1.17.jar
The first line is not displayed in the 7u17 log, so what must it do to sign the jar? It shows the same thing for multiple jar files When building a project, everything is signed with a keystore written by yourself. Is this a big problem? Does this mean that JNLP works only if it is signed with a certificate created by a reliable Ca (not free)?
Edit 04 June 2013:
I bought a code signing certificate from globalsign and installed it on my machine Convert the PFX certificate file to Java key store (JKS) and use it to sign my jar (in NetBeans) After verifying the jar, it seems that there is no more However, I updated the file on the network server and started the program through the JNLP file, but it is still the same behavior Time to despair!
Edit 06 June 2013:
OK, let's start with a different approach As a test, I tried to get XML data using HTTP urlconnection () instead of Jersey:
When using 7u21 HTTP get request, I get the same "verification required" window With 7u17 it, I got an XML response No one knows it may be wrong? What might this have to do because I use basic authentication? Could this be server related? May this be related to JNLP files? More answers I search this question, I have more questions to look at:)
Solution
My answer to the follow up question should also answer this question
In short: Java Web Start caches HTTP responses by default in JDK7. You must set client requests and Jersey rest service responses to "no cache, no store"