search cancel

How to protect an URL on a server which contains jnlp and jar files


Article ID: 53791


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



There are currently two ways to access the jnlp file:

  1. Using web browser; which launches the JVM to download the JAR files

  2. Using DOS or bash command by a script

In the first method, the authentication via form or basic schema auth works; but once the JVM is launched the download of the JAR files does not

In the second method, the authentication is not made since the jnlp file is called by a script.


Java Web Start is not able to accept cookies. So any application that is accessed by Java Web Start must be running on an agent that does NOT have "RequireCookies" parameter set to YES.

Another option is to make the Java Web Start able to work with cookies. Then there is no need to turn off "RequireCookies" parameter on the web agents which are accessed by Java Web Start.

Sun provides documentation regarding cookie support for Java Web Start; for example:

Another solution would be to use SiteMinder Secure Proxy Server with cookieless sessions.


Component: SMAPC