[9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

2015-10-07 Thread Artem Smotrakov
Hello, Please review this for 9. According to [1], an HTTP client should try to use another HTTP authentication scheme if negotiate process failed for some reason, and a user didn't specify SPNEGO or Kerberos in "http.auth.preference" system property. But no fallback happens if, for example:

Re: [9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

2015-10-07 Thread Seán Coffey
Thanks for handling Artem. I'll leave the main review to someone more knowledgeable with http authentication schemes but can I suggest that your print the AuthenticationHeader.authPref string out with the "Negotiate process failed, fallback" logger message. It's a useful variable to capture.

Re: [9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

2015-10-07 Thread Wang Weijun
I will look into this. Busy on something else at the moment. Do you think this would happen in reality? There weren't a lot of fallback in HTTP auth, IMO, is that because in most cases username and password are the same for all schemes, and if one fails, we believe the pair is wrong and there i

Re: [9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

2015-10-07 Thread Artem Smotrakov
Hi Sean, Sure, it may be useful to print it out. I will update the webrev. Artem On 10/07/2015 05:28 PM, Seán Coffey wrote: Thanks for handling Artem. I'll leave the main review to someone more knowledgeable with http authentication schemes but can I suggest that your print the Authentication

Re: [9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

2015-10-07 Thread Artem Smotrakov
Hi Max, HttpURLConnection obtains credentials for HTTP authentication from Authenticator [1] implementation. Only one authenticator can be set in JVM instance. It can have built-in credentials, or do some interactions with user to get them. Theoretically, it can provide different credentials

Re: [9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

2015-10-07 Thread Artem Smotrakov
Please see updated webrev http://cr.openjdk.java.net/~asmotrak/8138953/webrev.01/ Artem On 10/07/2015 06:51 PM, Artem Smotrakov wrote: Hi Max, HttpURLConnection obtains credentials for HTTP authentication from Authenticator [1] implementation. Only one authenticator can be set in JVM instan

RFR: 5108778 Too many instances of java.lang.Boolean created in Java application(net)

2015-10-07 Thread Sebastian Sickelmann
Hello, Actually I am searching through the JBS for low hanging fruits. Right now i am looking through the openjdk-sources and try to evaluate if i can make something about JDK-5108778. Please find my webrevs for the jdk(net) repos at: http://cr.openjdk.java.net/~sebastian/5108778/net/webrev.00/