Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8208299

Provide a way to clear NegotiateAuthentication cache

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: 8u172
    • Fix Version/s: None
    • Component/s: security-libs

      Description

      I'm using a JavaFX WebView that targets an URL that returns a 401 with the negotiate header. Thus we try to generate a kerberos ticket.

      But since the allowtgtsessionkey is set to 0. We are unable to generate it ( see JDK-6722928).
      Nevertheless, there is a fallback on my BasicAuthenticator in order to provide credentials to generate the kerberos ticket.

      But if the credentials are wrong, the NegotiateAuthentication class puts the returned value into its "supported" hashmap.
      So the user quits the authentication process, and retries. The user wants to retry the Negotiate phase with Kerberos in order to provide the right credentials. But this snippet in NegotiateAuthentication prevents the system to retry, the cache value is retrieved :

      String hostname = hci.host;
              hostname = hostname.toLowerCase();
              if (supported.containsKey(hostname)) {
                  return supported.get(hostname);
              }

      We should have an API allowing the develop per to clear this cache in order to force the system to retry Negotiate authentication through Kerberos.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              shadzic Samir Hadzic
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: