Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8175206

SPNEGO auth cache should be consistent with other schemes

    Details

    • Type: Bug
    • Status: Open
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: 9
    • Fix Version/s: tbd
    • Component/s: core-libs
    • Labels:
    • Subcomponent:
    • CPU:
      generic
    • OS:
      generic

      Description

      HttpURLConnection maintains a cache with auth info for different HTTP auth schemes (for example, Kerberos and NTLM).

      Please consider the following scenario:
      1. Negotiate/Kerberos HTTP auth scheme is preferred (you can set it with "http.auth.preference" system property
      2. SPNEGO cache is enabled
      3. We have an HTTP server which supports Kerberos auth (there should be a KDC server as well)
      4 Java client connects to the HTTP server with correct username/password using Kerberos auth, successful connection is expected
      5. Java client connects to the HTTP server again (in the same JVM) with wrong username/password, and successful connection should be expected again because HttpURLConnection should have cached auth info at step #4

      But the connection on step #5 fails.

      Looks like SPNEGO cache doesn't work, or at least it doesn't look to be consistent with other schemes. For example, the scenario above works fine if NTLM auth scheme is used.

        Attachments

          Activity

            People

            • Assignee:
              weijun Weijun Wang
              Reporter:
              asmotrak Artem Smotrakov
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: