RFR: 8340182: Java HttpClient does not follow default retry limit of 3 retries [v4]

Daniel Fuchs dfuchs at openjdk.org
Tue Jun 10 15:13:30 UTC 2025


On Tue, 10 Jun 2025 13:39:19 GMT, p-nima <duke at openjdk.org> wrote:

>> The AuthenticationFilter did not respect the default retry limit of 3 retries in case of invalid credentials supplied.
>> 
>> This PR helps to resolve the bug and tests it with default and updated retry limit set via `jdk.httpclient.auth.retrylimit=1`.
>> 
>> The test is green with tiers 1, 2, 3 and the test is stable.
>
> p-nima has updated the pull request incrementally with one additional commit since the last revision:
> 
>   apply review feedback and improve readability

test/jdk/java/net/httpclient/HttpClientAuthRetryLimitTest.java line 136:

> 134:                 } else {
> 135:                     assertEquals(0, totalRequestCount - 1);
> 136:                 }

Ok - so now we're getting somewhere. This lets me think that the change in the AuthenticationFilter is not right. The specification says:

> jdk.httpclient.auth.retrylimit (default: 3)
> The number of attempts the Basic authentication filter will attempt to retry a failed authentication. 

When I read this, I expect that if the limit is 0, no retries, then the Authenticator will be called once, and if the authentication fails with these credentials, then the request will fail.
If the limit is 1, then we will retry once, which means the Authenticator should be called twice, and so on.

So maybe we should always assert that totalRequestCount == `Math.max(RETRY_LIMIT, 0) + 1`?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25490#discussion_r2138160412


More information about the net-dev mailing list