RFR: 8270290: NTLM authentication fails if HEAD request is used [v2]
Michael McMahon
michaelm at openjdk.java.net
Thu Sep 30 14:32:27 UTC 2021
On Wed, 25 Aug 2021 14:21:59 GMT, Alex Kasko <akasko at openjdk.org> wrote:
>> When HEAD request is used with a proxy (or a server) that requires NTLM, authentication fails when server returns large (8kb+) body along with NTLMSSP_CHALLENGE response.
>>
>> Proposed fix is to check for ongoing NTLM auth in `reset()` and consume the response body in this case.
>>
>> Alternatively the whole check for `HEAD` method in `reset()` can be dropped.
>
> Alex Kasko has updated the pull request incrementally with one additional commit since the last revision:
>
> fix direct server and plain http proxy auth that became inadvertently broken
I guess the response body is to the intermediate NTLM SSP request rather than the HEAD as such. The change looks fine to me.
-------------
Marked as reviewed by michaelm (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/4753
More information about the net-dev
mailing list