Several things to consider.
When we make the call to checkValidAndSetUrl the conn.getResponseCode() will trigger the Authenticator if the Quickload is a secure site. Authenticator is extended by IGBAuthenticator.java and makes a call to getServerFromUrlStatic in DataProviderManager.java. The getServerFromUrlStatic attempts to find the data provider based on the url. However, we haven't added the data provider as of the time when checkValidAndSetUrl has been called. This causes IGB to select a quickload at random and saves the password info to that quickload.
One of the potential workarounds is to add the data provider first, and then make a recursive call with the isEditPanel set to true. This in theory works, as the edit panel logic can then follow the redirect and modify the data provider, but it requires the recursive call be wrapped in a Timer as we run into a concurrency issue where the data provider is not added before the call to checkValidAndSetUrl is called, which then locks IGB. However, this solution fails when the user incorrectly enters the password to the secure quickload as IGBAuthenticator brings up the password panel while checkValidAndSetUrl again locking IGB. The best solution may be to lock everything until the user has entered the password correctly or cancelled out of the password panel, which may require changes to IGBAuthenticator.java in addition to DataProviderManager.java.
An additional option would be to modify checkValidAndSetUrl so that it does not attempt to connect to secure quickloads, and instead assumes that they do not redirect. While not the best solution, it would be a very minor edge case. However, I cannot find a way to determine if a URL is secure using HttpURLConnection. Any call trips the Authenticator and then begins the problems.
An additional option would be to revert the changes to redirect Quickloads until we have updated to Java 11 or greater. Java 11 introduced HttpClient which may help us to determine if the URL requires authentication without connecting, but I am not sure. There are also additional libraries that could be imported such as Apache HttpClient.
Finally, I'm not sure why IGB does not follow redirects by default. According to this post, HttpUrlConnection should follow redirects by default. Is it possible we can force IGB to follow redirects without using checkValidAndSetUrl?
I would like to work on this with Karthik on Tuesday. If we can't figure out a working solution, I would suggest reverting the redirect commits as I would like to prioritize the release.
The issue is due to checkValidAndSetUrl method introduced in
IGBF-3103where we looked to see if the http url was being redirected to https. This required connecting to the server to see if there was a redirect, but when the server is secure it appears to be initiating the IGB authentication, but it does not appear to save the password correctly. This is why the password is asked for again when loading the data.