On 03/01/2013 12:11, Chris Hegarty wrote:
With compact profiles imminent, see http://openjdk.java.net/jeps/161,
more heavy weight HTTP authentication schemes, like NTLM, Kerberos,
Negotiate, may not be in the smaller profiles. In such cases the HTTP
client, HttpURLConnection, should use the most secure scheme
advertised by the server, and also supported by the running JRE. This
seems to work with Kerberos and Negotiate, but there is an issue with
NTLM.
http://cr.openjdk.java.net/~chegar/8005638/webrev/
Also, a test to verify this all works as expected has been added. It
could be cleaned up somewhat when a standard way to determine the
profile has been added ( but this is not critical ).
-Chris.
Thanks for fixing AuthenticationHeader.
I'm not sure about the test though, it uses the http server API so it's
not going to compile/run on the smaller profile.
We have one test for this area that I just pushed to the jdk8/profiles
forest, that might be useful to cover this scenario:
http://hg.openjdk.java.net/jdk8/profiles/jdk/raw-file/tip/test/sun/net/www/protocol/http/NoNTLM.java
-Alan.
