jprocter at compbio.dundee.ac.uk
Mon Jan 9 16:25:55 GMT 2012
On 09/01/2012 13:48, ASMR (Anders Sønderberg Mortensen) wrote:
> I am trying to run the latest version of the Jalview applet in a single-sign-on (SSO) environment using Kerberos authentication. I have setup my Apache web server to use kerberos authentication when a user accesses the directory, where these files are located:
> -rw-r--r-- 1 root root 436094 2012-01-06 15:06 jalviewApplet.jar
> -rw-r--r-- 1 root root 623 2012-01-06 15:09 jalviewtest.aln
> -rw-r--r-- 1 root root 448 2012-01-06 15:28 jalviewtest.html
> The user can load the html file and the applet just fine with SSO, but when the applet tries to access the .aln file a new login prompt is displayed by the applet. Is there any chance that the applet can reuse the kerberos authentication session so the user does not need to provide credentials again?
I'm pretty sure there is a way of doing this, but I'm not familiar
enough with the JAAS architecture to know the solution without some
I've opened a bug here: http://issues.jalview.org/browse/JAL-1038
What I think is going on is as follows:
1. JalviewLite is being launched with a properly configured security
context provided by the browser
2. It's trying to use a generic URL data retrieval method
(URL.openStream()) to retrieve data from the server.
=> Instead of reusing the existing context, Java seems to be wanting to
create a new security context for the connection.
Could you confirm this is happening by sending me the output from the
java console when you put in an incorrect password ? (it would be even
better if you were using unobfuscated debug version of jalviewLite at
http://www.jalview.org/examples/debug/jalviewApplet.jar - so the line
numbers make sense).
ps. One other thing: you might be able to get around the problem simply
by adding the data you are loading into the applet to its classpath. If
you make a zip containing the data, and add it to the 'archive' tag like
'jalviewApplet.jar,mydata.zip', the applet should then load the data
from mydata.zip. You'll be able to see that happening in the debug
output on the console.
More information about the Jalview-discuss