Hi Sean,

Sure, it may be useful to print it out. I will update the webrev.

Artem

On 10/07/2015 05:28 PM, Seán Coffey wrote:
Thanks for handling Artem. I'll leave the main review to someone more knowledgeable with http authentication schemes but can I suggest that your print the AuthenticationHeader.authPref string out with the "Negotiate process failed, fallback" logger message. It's a useful variable to capture.
Regards,
Sean.
On 07/10/2015 12:19, Artem Smotrakov wrote:
Hello,

Please review this for 9.

According to [1], an HTTP client should try to use another HTTP authentication scheme if negotiate process failed for some reason, and a user didn't specify SPNEGO or Kerberos in "http.auth.preference" system property. But no fallback happens if, for example: - an HTTP server supports both Negotiate (via Kerberos) and Basic authentication schemes - first, a user provides correct Kerberos credentials, and a connection is successfully established with Negotiate scheme - then, a user provides wrong Kerberos credentials, but correct Basic credentials

This fix updates HttpURLConnection to try another authentication scheme negotiate process failed, and SPNEGO and Kerberos schemes are not preferred. The fix may be shorter, for example:

if ( serverAuthentication != null || inNegotiate && !"negotiate".equals(AuthenticationHeader.authPref)) {

, but I thought that some logging might be helpful.

Also added a test which checks this and a couple of other scenarios work fine.

Bug: https://bugs.openjdk.java.net/browse/JDK-8138953
Webrev: http://cr.openjdk.java.net/~asmotrak/8138953/webrev.00/

[1] https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-auth.html

Artem


Reply via email to