Using Java Web Start and Axis together is a great idea. But there is a design flaw that prevents using the combination in professional-quality internet-aware applications. Any solutions or workarounds would be greatly welcome.
Description: 1) Problem occurs only when working with a proxy, and when the proxy requires username/password authentication. Things work fine in all other situations. 2) I am aware that Axis obtains proxy host and port information from the system properties http.proxyHost and http.proxyPort. Not a problem, since Java Web Start uses proxyHost and proxyPort and it is a simple matter to copy the values. 3) Java Web Start brings up a proxy login dialog box before the application starts up (since it needs to check/retrieve the latest version of the code). It assumes that the application will rely on HttpURLConnection and therefore inherit the DefaultAuthenticator (from Java Web Start). 4) Java Web Start provides no mechanism to extract the username and password from the initial proxy login. Sun appears to want things to remain this way. Therefore using Call.setUsername() and Call.setPassword does not really help. 5) It is possible to call Authenticator.requestPasswordAuthentication() to bring up a popup login for the proxy username and password. The problem is that we can justify to the user the application login as a business necessity, and the initial proxy login as Sun's unfriendly and lame implementation of Java Web Start, but it is impossible to justify a second proxy login. We have found a temporary workaround by (a) Using a raw socket (not an HttpURLConnection in order to bypass Java Web Start) to query the proxy for its proxy prompt, and (b) Supplying the host, port and prompt to requestPasswordAuthentication(). If the values match the ones used by the initial proxy login, a second login screen is not displayed but the PasswordAuthentication object is returned with the username and password. Unfortunately, Sun considers this behavior a security bug and plans to block it in the upcoming JRE 1.4.2. Note, this problem also happens when using the older Apache SOAP. Can someone suggest a solution to this problem? Bruno
