customer claim HTTPS redirect does not work in mulitple version of java web start.
Posted Date : 2008-08-01 17:31:31.0

N/A

N/A

Absolutely, I confirm, Java Web Start is not able to download or even launch an already download application when there's an http proxy between client and server that sends a http redirection.

In that case we get the error below:
In the Dialog box first tab :

<HTML>
<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<BODY>
<H1>Moved Temporarily<H1>
<H4>
You are being redirected to a new location because:<P>
Redirecting to login URL to set authentication cookie.

</H4>
<HR>
</BODY>
</HTML>
                  
and in the second tab :

MissingFieldException[ Il manque le champ obligatoire suivant dans le fichier de lancement : <jnlp>]
	at com.sun.javaws.jnl.XMLFormat.parse(Unknown Source)
	at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
	at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
	at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
	at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.launch(Unknown Source)
	at com.sun.javaws.Main.launchApp(Unknown Source)
	at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
	at com.sun.javaws.Main$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)


It's clear that Java Web Start doesn't follow the 302 http redirection but instead try to parse the html page as it was a jnlp file.

The problem still exists in the latest Java 6 update 10 beta.
Because that release targets the desktop market that would be great to fix it in the final release of the customer jre.

Actually on Java 6 update 10 RC, the error seems to be slightly different :

java.lang.SecurityException: illegal URL redirect
	at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
	at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
	at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
	at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)
	at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
	at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
	at com.sun.javaws.Main.launchApp(Unknown Source)
	at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
	at com.sun.javaws.Main$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

So the problem is that Java Web Start is not allowed to follow redirection between httpURL and HTTPS URL.

Why not change this security policy ? Prompt the user and ask him if he wants to follow the redirection ?
I think this bug should be fixed and a way or another, otherwise users would not understand why their ajax applications work but their RIA java ones not.