users@glassfish.java.net

Re: Webstart Application Client Authentication

From: <glassfish_at_javadesktop.org>
Date: Sun, 18 Mar 2007 05:49:57 PST

Sorry for not responding sooner.

There may be some small help on this.

First, a little bit of background information...

From the stack trace, it would seem that your client uses annotations to refer to server-side elements (like an EJB, perhaps). In this case, the authentication - and therefore the request for the user to enter a username and password - occurs early on because the injection handling runs before your app client code is actually started.

In the Java Web Start case we did not provide good enough error handling if something went wrong after the ACC was launched but before control was transferred to your client. (See Issue 2297.) That is when the authentication happens if you use annotations to refer to protected resources.

Shortly - this week I hope - I plan to check in some changes to address Issue 2297 that will display a dialog box that contains the error message and stack trace if an error occurs in this situation. At least that way end users will know that something has gone wrong, rather than the client failing silently.

The need for a better solution to the incorrect login problem is noted in Issue 2310 which is currently marked as an enhancement request for the security area. You may want to add yourself to the interest list for that issue and, if you want to, add some comments to the issue.

I agree completely that it is annoying for end users to have to restart the client in this case. Unfortunately, it looks as if that is the only alternative right now.

I also agree that the footprint of the ACC on the client system is much too large. One of the things I really want to do in GlassFish V3 is to dramatically shrink the size of the ACC. At least once all those JARs are downloaded the first time for any app client they are cached and reused for future launches of that client or others from the same server. But that first launch is very painful. If your end-users see the JARs being downloaded every time they launch the app client then something is not working correctly. Of course, they will be downloaded again if you install a new build of GlassFish, just as any revised file is updated during a Java Web Start launch.

I'm glad that you find the automatic support for Java Web Start useful. Our original plan was to get a relatively simple implementation out there and see what other requests users had, so feedback like this is really important.

- Tim
[Message sent by forum member 'tjquinn' (tjquinn)]

http://forums.java.net/jive/thread.jspa?messageID=208620
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.