On 03/01/2013 12:50, Alan Bateman wrote:
On 03/01/2013 12:11, Chris Hegarty wrote:
With compact profiles imminent, see http://openjdk.java.net/jeps/161,
more heavy weight HTTP authentication schemes, like NTLM, Kerberos,
Negotiate, may not be in the smaller profiles. In such cases the HTTP
client, HttpURLConnection, should use the most secure scheme
advertised by the server, and also supported by the running JRE. This
seems to work with Kerberos and Negotiate, but there is an issue with
NTLM.
http://cr.openjdk.java.net/~chegar/8005638/webrev/
Also, a test to verify this all works as expected has been added. It
could be cleaned up somewhat when a standard way to determine the
profile has been added ( but this is not critical ).
-Chris.
Thanks for fixing AuthenticationHeader.
I'm not sure about the test though, it uses the http server API so it's
not going to compile/run on the smaller profile.
D'oh, I should have guessed.
We have one test for this area that I just pushed to the jdk8/profiles
forest, that might be useful to cover this scenario:
http://hg.openjdk.java.net/jdk8/profiles/jdk/raw-file/tip/test/sun/net/www/protocol/http/NoNTLM.java
Your test looks fine.
We can either leave out a test initially, and push the source change
only. Or I can pull in your test to jdk8 now. I'm ok either way, just
let me know.
-Chris
-Alan.
