Hi Jim and others, Thanks for the prompt reply - I appreciate it! Your description of what is happening sounds correct. The Java console output is listed below with the debug .jar. It appears to be using basic authentication scheme which is not what I execpted. We have already been talking about getting around with the problem by putting the .aln file in a place accessible to everybody, but we are not too happy about doing it that way.
Thanks - --Anders basic: Starting applet teardown Applet panel0 stop(). Applet panel0 destroy(). basic: Finished applet teardown basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@fc1dce basic: Plugin2ClassLoader.addURL parent called for http://davinci/kerb_test/jalview/jalviewApplet.jar basic: Applet loaded. basic: Applet resized and added to parent container basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 169575 us, pluginInit dt 454179971 us, TotalTime: 454349546 us Applet context is 'class sun.plugin2.applet.Plugin2Manager$AppletContextImpl' Applet has Javascript callback support. JalviewLite Version 2.7 Build Date : 27 September 2011 basic: Applet initialized basic: Removed progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@fc1dce basic: Applet made visible basic: Starting applet basic: completed perf rollup basic: Applet started basic: Told clients applet is started security: Accessing keys and certificate in Mozilla user profile: null Clear classloader cache ... completed. basic: Starting applet teardown Applet panel1 stop(). Applet panel1 destroy(). basic: Finished applet teardown basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@b408b0 basic: Plugin2ClassLoader.addURL parent called for http://davinci/kerb_test/jalview/jalviewApplet.jar network: Cache entry found [url: http://davinci/kerb_test/jalview/jalviewApplet.jar, version: null] prevalidated=false/0 network: Connecting http://davinci/kerb_test/jalview/jalviewApplet.jar with proxy=DIRECT network: Connecting http://davinci:80/ with proxy=DIRECT network: Firewall authentication: site=davinci/172.19.1.52:80, protocol=http, prompt=Bioweb login, scheme=basic network: Connecting http://davinci/kerb_test/jalview/jalviewApplet.jar with proxy=DIRECT network: Connecting http://davinci:80/ with proxy=DIRECT network: Firewall authentication: site=davinci/172.19.1.52:80, protocol=http, prompt=Bioweb login, scheme=basic -----Original Message----- From: Jim Procter [mailto:[email protected]] On Behalf Of Jim Procter Sent: 9. januar 2012 17:26 To: ASMR (Anders Sønderberg Mortensen) Cc: [email protected] Subject: Re: [Jalview-discuss] Kerberos Hello Anders. On 09/01/2012 13:48, ASMR (Anders Sønderberg Mortensen) wrote: > I am trying to run the latest version of the Jalview applet in a > single-sign-on (SSO) environment using Kerberos authentication. I have setup > my Apache web server to use kerberos authentication when a user accesses the > directory, where these files are located: > > -rw-r--r-- 1 root root 436094 2012-01-06 15:06 jalviewApplet.jar > -rw-r--r-- 1 root root 623 2012-01-06 15:09 jalviewtest.aln > -rw-r--r-- 1 root root 448 2012-01-06 15:28 jalviewtest.html > > The user can load the html file and the applet just fine with SSO, but when > the applet tries to access the .aln file a new login prompt is displayed by > the applet. Is there any chance that the applet can reuse the kerberos > authentication session so the user does not need to provide credentials again? I'm pretty sure there is a way of doing this, but I'm not familiar enough with the JAAS architecture to know the solution without some digging around. I've opened a bug here: http://issues.jalview.org/browse/JAL-1038 What I think is going on is as follows: 1. JalviewLite is being launched with a properly configured security context provided by the browser 2. It's trying to use a generic URL data retrieval method (URL.openStream()) to retrieve data from the server. => Instead of reusing the existing context, Java seems to be wanting to create a new security context for the connection. Could you confirm this is happening by sending me the output from the java console when you put in an incorrect password ? (it would be even better if you were using unobfuscated debug version of jalviewLite at http://www.jalview.org/examples/debug/jalviewApplet.jar - so the line numbers make sense). Jim. ps. One other thing: you might be able to get around the problem simply by adding the data you are loading into the applet to its classpath. If you make a zip containing the data, and add it to the 'archive' tag like 'jalviewApplet.jar,mydata.zip', the applet should then load the data from mydata.zip. You'll be able to see that happening in the debug output on the console. _______________________________________________ Jalview-discuss mailing list [email protected] http://www.compbio.dundee.ac.uk/mailman/listinfo/jalview-discuss
