[9] RFR 8138953: HttpURLConnection doesn't fallback to another auth scheme if negotiate process failed

Wang Weijun weijun.wang at oracle.com
Fri Oct 16 02:18:17 UTC 2015


Let's go back to the bug description:

But no fallback happens if: 

1. an HTTP server supports both Negotiate (via Kerberos) and Basic authentication schemes 
2. first, a user provides correct Kerberos credentials, and a connection is successfully established with Negotiate scheme 
3. then, a user provides wrong Kerberos credentials, but correct Basic credentials 

So, with #2, the HTTPP connection already succeeds. When will #3 happen? Visiting another page on the same server and see another 401? If this is a new connection, does HttpURLConnection still remember #2?

Sorry for asking these. I have always been afraid of HttpURLConnection and although I've made some modifications to the code, I never dare say I fully understand it, at least not today.

Thanks
Max



More information about the net-dev mailing list