RFR: 8372731: Detailed authentication failure messages
Daniel Jeliński
djelinski at openjdk.org
Mon Dec 8 17:31:37 UTC 2025
On Mon, 8 Dec 2025 16:23:00 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Currently the HttpUrlConnection throws a generic "Authentication failure" exception when authentication fails locally.
>>
>> The authentication may fail for various reasons like: incorrect server challenge message, unavailable encryption/digest algorithms, encoding errors etc. The detailed failure information should be available to the user. Without it, the exception is next to impossible to diagnose, see [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example.
>>
>> This PR adds the original exception as the cause of the "Authentication failure" exception.
>>
>> The detailed exception messages are enabled by the "hostInfo" and "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that "hostInfoExclSocket" is enabled by default.
>>
>> Added a new test to verify that the exception details are present when jdk.includeInExceptions includes hostInfoExclSocket (default), and absent otherwise. Existing tier1-3 tests continue to pass.
>
> Since more than NTLM authentication has been improved, should we test the other authentications too?
Thanks @dfuch for the review.
NTLM was the only authentication scheme where testing this was reasonably easy:
- Basic doesn't throw exceptions,
- Digest always suppresses the exceptions and relays the 401/407 response to the user,
- I couldn't find any Kerberos / Negotiate tests I could adapt.
I'll add the suggested assertion.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/28601#issuecomment-3628177440
More information about the net-dev
mailing list