On 07/08/2012 09:26, Hussein Shafie wrote: > On 08/06/2012 04:35 PM, Camille Bégnis wrote: >> >> we embed XXE as an applet, and all resources are secured thanks to HTTP >> authentication. >> So this is what our user goes through: >> 1) Web application authentication to connect to our Web interface >> 2) when clicking on the link to our applet, java asks for authentication >> to access the JNLP >> INFO: 2012-08-06 14:18:46 127.0.0.1 - 127.0.0.1 9002 GET >> /workspaces/NeoDoc/xxe/applet/xxe.jnlp t=1344255523473 401 424 0 1 >> http://localhost:9002 Mozilla/4.0 (Linux 3.3.6-desktop-2.mga2) >> Java/1.7.0_05 - >> 3) when opening the file through webdav, XXE asks for a third >> authentication. >> >> We already succeeded in removing the latter, > > My guess is that you have used the "-auth" command-line option for 3).
Yes indeed, thanks to your help. >> do you see any mean to remove the second? >> > > I'm sorry but we have no experience in removing 2), as this is not > directly related to our product. > > May be I'm naive but I wonder why you don't simply serve xxe.jnlp and > all the signed jars from an area of your HTTP server where access is > not controlled. Well, we are reluctant to offer XXE for free to the world... Does anyone on this list has another solution to propose? Though that's an option for a server behind a firewall. Best regards, Camille. -- XMLmind XML Editor Support List [email protected] http://www.xmlmind.com/mailman/listinfo/xmleditor-support
