Message-Id: <3.0.5.32.19990901143227.009665f0@surfer>
Date: Wed, 01 Sep 1999 14:32:27 -0400
To: java-security@java.sun.com
From: Jeff Fitzgerald <fitzgera@universal.ca>
Subject: applets and .htaccess files
folks:
i recently set a demo on apache for some of our potential customers. since
they had some sensitive data, i used an .htaccess file to restrict the
access to the directory containing the .jar file.
when you click on the link to go to the page with the applet, the browser
prompts you for a login and password. then, once you get through, the
browser starts to download the .jar file. but, once the .jar file starts to
come down, a java dialog appears prompting the user for a login and password.
at first i thought that this was nothing more than a minor inconvenience.
the problem is that any time the applet returns to get something else from
the server, like the java help i was planning on leaving there, another
java dialog appears prompting for a user name and password, only the second
time it locks up the browser.
i know the browser is caching the user name and password, but i'm not sure
how to pass that information on to the applet, so that it doesn't prompt
for the same login and password.
i tried placing the .jar file in a directory outside of the restricted
access, but that didn't work. i've poked around the javadoc, and thought i
could get around the problem by passing null to
java.net.Authenticator.setDefault(). that didn't work either.
any suggestions would be appreciated. thanks in advance.
***********************************
Jeff Fitzgerald, B.A., M.A.
Tech Writer, Universal Systems Ltd.
E-mail: fitzgera@universal.ca
"I does good words."
***********************************