DX NetOps

Hello Johan,

The oneclick.jnlp is now auth protected due to security concerns that were raised around this. This has fallen in to the security tightening
    and vulnerability fixes that are taking place. This is mentioned in the Spectrum 10.4.3 (20.2.7) features and enhancements.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-3/release-information/features-and-enhancements.html#concept.dita_74630ff8e83cd59592f994d76127c7a97e847997_FixedVulnerabilities

    -   Added security-constraint to restrict the user to download the JNLP file without login

Original Message:
Sent: 04-13-2021 10:51 AM
From: Johan Hedlund
Subject: Accessing oneclick.jnlp now requires authentication, why?


After upgrading to 10.4.3 I noticed that all prior desktop shortcuts to launch Spectrum didn't work anymore.
Turns out that from 10.4.3 the oneclick.jnlp java webstart file is now auth protected, so javaws will throw an exception due to not being able to access it.

This is also stated here JNLP Exception: Server returned HTTP response code: 401 When Launching the OneClick Console From a Shortcut

However it's only the oneclick.jnlp file that is auth protected, all the jar-files listed in the JNLP are accessible without auth.

What are the reasoning behind this change that probably breaks a lot of shortcuts for organizations?

It also breaks prior technotes as this https://knowledge.broadcom.com/external/article/113032/how-to-create-desktop-icon-for-launching.html

Is it possible to exempt the oneclick.jnlp from auth protection?