I developed a Java Web Start app that lies on a web server based on HTTP security. Once I log in to the web-page for launching my Java Web Start application, the app is aski
Probably because the User-Agent HTTP request header is not the same.
When you browse to your Web Start page, your browser sends a request to the HTTP server with User-Agent: whatever browser you are using
When the JRE requests the JARs to be downloaded from the HTTP server, it sends a request with User-Agent: whatever java version you are using
From the perspective of the HTTP server, these are 2 distinct clients and therefore you are prompted twice for credentials.
No. You must authenticate to the server to access the application, and you must authenticate to the client to allow <all-permissions/>
. Accepting the proffered certificate in the manner provided by your client's operating system should preclude repeated requests for credentials. For reference, this example is signed but requires no <security>
.