RFR: 8270290: NTLM authentication fails if HEAD request is used
Michael McMahon
michael.x.mcmahon at oracle.com
Fri Aug 13 16:07:20 UTC 2021
Hi,
A question about this issue. Can you explain why the server/proxy is
sending a response body to a HEAD request?
My reading of the RFCs suggests this is not allowed.
Thanks,
Michael
On 12/07/2021 11:54, Alex Kasko wrote:
> On Mon, 12 Jul 2021 10:34:54 GMT, Alex Kasko <akasko at openjdk.org> wrote:
>
>> When HEAD request is used with a proxy (or a server) that requires NTLM, authentication fails when server returns large (8kb+) body along with NTLMSSP_CHALLENGE response.
>>
>> Proposed fix is to check for ongoing NTLM auth in `reset()` and consume the response body in this case.
>>
>> Alternatively the whole check for `HEAD` method in `reset()` can be dropped.
> Just for the reference, `reset()` calls during NTLM auth:
>
> server auth:
>
> https://github.com/openjdk/jdk/blob/8973867fb9568a3a527b763c9ce10cebdfb306d0/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java#L1849
>
> proxy auth with plain HTTP:
>
> https://github.com/openjdk/jdk/blob/8973867fb9568a3a527b763c9ce10cebdfb306d0/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java#L1762
>
> proxy tunnel with HTTPS:
>
> https://github.com/openjdk/jdk/blob/8973867fb9568a3a527b763c9ce10cebdfb306d0/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java#L2233
>
> -------------
>
> PR: https://git.openjdk.java.net/jdk/pull/4753
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20210813/d302cb33/attachment.htm>
More information about the net-dev
mailing list