Java小程序与基于IE形式的认证适用于Chrome失败 [英] Java Applet with form based authentication works on IE fails on Chrome

问题描述

的设置如下：
Web应用程序（EAR文件）中打包的Java Applet组件，使用基于表单的身份验证被部署到WebSphere 8。
工作站是使用Java 1.7.0_45。

The setup is as follows: Web Application (EAR file) packaging a Java Applet component and using form based authentication is deployed to WebSphere 8. Workstation is using Java 1.7.0_45.

在验证的登录表单之后，从IE11连接时，WebSphere返回包含一个Applet标记的HTML页面。该Applet JAR文件，然后从WebSphere正确下载和小程序将启动。

When connecting from IE11 after authenticating the login form, WebSphere returns an Html page containing an Applet tag. The Applet Jar file is then downloaded correctly from WebSphere and the Applet is launched.

在使用Chrome但是，如果身份验证令牌丢失Applet的JAR文件的下载失败。

When using Chrome however the download of the Applet Jar file fails as if the authentication token was lost.

下面是从Java插件跟踪文件的节选：

Here is an excerpt from the Java Plugin trace file:

IE11（好）

network: Connecting http://myserver:9088/MOBILE/jam.jar with proxy=DIRECT
network: Connecting http://myserver:9088/ with proxy=DIRECT
network: Connecting http://myserver:9088/MOBILE/jam.jar with cookie "LtpaToken2=..."
network: Downloading resource: http://myserver:9088/MOBILE/jam.jar
    Content-Length: 632,160
    Content-Encoding: null

铬（坏）

    network: Connecting http://myserver:9088/MOBILE/jam.jar with proxy=DIRECT
    network: Connecting http://myserver:9088/ with proxy=DIRECT
    network: Server http://myserver:9088/MOBILE/jam.jar requesting to set-cookie with "WASReqURL=http://myserver:9088/MOBILE/jam.jar; Path=/; HttpOnly"
    network: Cache entry not found [url: http://myserver:9088/MOBILE/adminLogin.html, version: null]
    network: Connecting http://myserver:9088/MOBILE/adminLogin.html with proxy=DIRECT
    network: Connecting http://myserver:9088/ with proxy=DIRECT
    network: Downloading resource: http://myserver:9088/MOBILE/adminLogin.html
        Content-Length: 1,187
        Content-Encoding: null
    java.io.IOException: Invalid jar file
        at com.sun.deploy.net.HttpDownloadHelper.download(Unknown Source)

请注意IE11如何发送LtpaToken2令牌的cookie，而浏览器显示请求设置的cookie的消息。

Note how IE11 sends the LtpaToken2 token cookie while Chrome displays the "requesting to set-cookie with" message.

任何建议都欢迎。

推荐答案

其实这是周围的其他方式; - ）

Actually it is the other way around ;-)

IE (bad)
Chrome (good)

由于WebSphere拥有的HttpOnly标志<一个href=\"http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.websphere.ex$p$pss.doc/info/exp/ae/csec_sec_hardening.html\"相对=nofollow>默认激活（使用谷歌翻译，没找到英文的）铬行为正确。 IE浏览器会忽略该标志，仍然发送的cookie，从而违反了规范。如果你想允许Java小程序（S）应该被允许访问cookies，您必须禁用的HttpOnly在你的的WebSphere设置（全局），或在您的<一个href=\"http://stackoverflow.com/questions/9193112/secure-and-httponly-flags-for-session-cookie-websphere-7\">webapplication （局部）。

Since websphere has the HttpOnly flag activated by default (use google translate, didn't find the english one) chrome behaves correctly. IE just ignores that flag and still sends the cookie and thus violating the spec. If you want to allow that java applet(s) should be allowed to access cookies you must disable the HttpOnly setting in your websphere settings (globally) or in your webapplication (locally).

这篇关于Java小程序与基于IE形式的认证适用于Chrome失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！