Java Web Start keeps asking to authenticate

Question

I developed a Java Web Start app that lies on a web server based on HTTP security. Once I log in to the web-page for launching my Java Web Start application, the app is aski

Answer 1

Probably because the User-Agent HTTP request header is not the same.

When you browse to your Web Start page, your browser sends a request to the HTTP server with User-Agent: whatever browser you are using

When the JRE requests the JARs to be downloaded from the HTTP server, it sends a request with User-Agent: whatever java version you are using

From the perspective of the HTTP server, these are 2 distinct clients and therefore you are prompted twice for credentials.

Answer 2

No. You must authenticate to the server to access the application, and you must authenticate to the client to allow <all-permissions/>. Accepting the proffered certificate in the manner provided by your client's operating system should preclude repeated requests for credentials. For reference, this example is signed but requires no <security>.