[9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed
Wang Weijun
weijun.wang at oracle.com
Fri Oct 16 02:18:17 UTC 2015
Let's go back to the bug description:
But no fallback happens if:
1. an HTTP server supports both Negotiate (via Kerberos) and Basic authentication schemes
2. first, a user provides correct Kerberos credentials, and a connection is successfully established with Negotiate scheme
3. then, a user provides wrong Kerberos credentials, but correct Basic credentials
So, with #2, the HTTPP connection already succeeds. When will #3 happen? Visiting another page on the same server and see another 401? If this is a new connection, does HttpURLConnection still remember #2?
Sorry for asking these. I have always been afraid of HttpURLConnection and although I've made some modifications to the code, I never dare say I fully understand it, at least not today.
Thanks
Max
More information about the net-dev
mailing list