Code review request: 8000653: SPNEGO tests fail at context.getDelegCred().getRemainingInitLifetime(mechOid)
Wang Weijun
weijun.wang at oracle.com
Fri Mar 8 09:13:53 UTC 2013
Hi Valerie
Please review this code change
http://cr.openjdk.java.net/~weijun/8000653/webrev.00/
The reason is that if a SPNEGO GSSContext is established with krb5 underneath, its getDelegCred() only returns one krb5 cred element. I need to add more for mechs that are "compatible" with this mech. Currently it's only spnego so I hard code it.
This change seems to have made the following lines in GSSContextImpl.initSecContext(stream,stream) obsolete, but I'll keep them unchanged for safety.
try {
credElement = myCred.getElement(mechOid, true);
} catch (GSSException ge) {
if (GSSUtil.isSpNegoMech(mechOid) &&
ge.getMajor() == GSSException.NO_CRED) {
credElement = myCred.getElement
(myCred.getMechs()[0], true);
} else {
throw ge;
}
}
All regression tests run fine.
Thanks
Max
More information about the security-dev
mailing list