[7u60] Request for phase 2 approval for CR 8028351: JWS doesn't get authenticated when using kerberos auth proxy
Seán Coffey
sean.coffey at oracle.com
Thu Dec 5 02:10:08 PST 2013
Thanks for following up Weijun. It helps to have this information for
record purposes. Approved.
regards,
Sean.
On 05/12/2013 09:50, Weijun Wang wrote:
> Hi All
>
> This is a request to backport a jdk8 fix into jdk7u60.
>
> 8028351: JWS doesn't get authenticated when using kerberos auth proxy
>
> https://bugs.openjdk.java.net/browse/JDK-8028351
>
> The bug is about a useless but harmful Kerberos login when no password
> was given to a username, which could lead to account blocking. Several
> customers have reported either on the web or directly to us.
>
> The fix is already included in jdk8 as:
>
> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e1bc55ddf1ad
>
> The review thread was
>
>
> http://mail.openjdk.java.net/pipermail/security-dev/2013-November/009730.html
>
>
> The fix for 7uX is at
>
> http://cr.openjdk.java.net/~weijun/8028351/7u/webrev.00/
>
> which is almost identical to the fix for jdk8 except for a tiny
> difference in the test.
>
> The fix is low-risk, and isolated. New regression test added. Existing
> tests also run fine.
>
> Thanks
> Weijun
More information about the jdk7u-dev
mailing list