How to protect an URL on a server which contains jnlp and jar files

Document ID : KB000053791
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

There are currently two ways to access the jnlp file:

  1. Using web browser; which launches the JVM to download the JAR files

  2. Using DOS or bash command by a script

In the first method, the authentication via form or basic schema auth works; but once the JVM is launched the download of the JAR files does not
work.

In the second method, the authentication is not made since the jnlp file is called by a script.

Solution

Java Web Start is not able to accept cookies. So any application that is accessed by Java Web Start must be running on an agent that does NOT have "RequireCookies" parameter set to YES.

Another option is to make the Java Web Start able to work with cookies. Then there is no need to turn off "RequireCookies" parameter on the web agents which are accessed by Java Web Start.

Sun provides documentation regarding cookie support for Java Web Start; for example:
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/cookie_support.html

Another solution would be to use SiteMinder Secure Proxy Server with cookieless sessions.