RFR: 8372731: Detailed authentication failure messages
Daniel Fuchs
dfuchs at openjdk.org
Mon Dec 8 16:25:30 UTC 2025
On Tue, 2 Dec 2025 11:39:23 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>
> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>
> This PR adds the original exception as the cause of the "Authentication failure" exception.
>
> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>
> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
Since more than NTLM authentication has been improved, should we test the other authentications too?
test/jdk/sun/net/www/protocol/http/NTLMFailTest.java line 77:
> 75: HttpURLConnection uc = (HttpURLConnection) url.openConnection();
> 76: uc.setRequestMethod("HEAD");
> 77: uc.getInputStream().readAllBytes();
IIUC we're expecting this line to always throw IOException.
Should we throw an assertion error just after line 77 in case the expected IO is not thrown?
-------------
PR Review: https://git.openjdk.org/jdk/pull/28601#pullrequestreview-3552908556
PR Review Comment: https://git.openjdk.org/jdk/pull/28601#discussion_r2599262750
More information about the net-dev
mailing list