RFR 8005638: Less secure Authentication schemes should work when more secure schemes are not available
Chris Hegarty
chris.hegarty at oracle.com
Thu Jan 3 04:11:22 PST 2013
With compact profiles imminent, see http://openjdk.java.net/jeps/161,
more heavy weight HTTP authentication schemes, like NTLM, Kerberos,
Negotiate, may not be in the smaller profiles. In such cases the HTTP
client, HttpURLConnection, should use the most secure scheme advertised
by the server, and also supported by the running JRE. This seems to work
with Kerberos and Negotiate, but there is an issue with NTLM.
http://cr.openjdk.java.net/~chegar/8005638/webrev/
Also, a test to verify this all works as expected has been added. It
could be cleaned up somewhat when a standard way to determine the
profile has been added ( but this is not critical ).
-Chris.
More information about the net-dev
mailing list