OpenJDK / loom / loom
changeset 28545:1628787df68a
8048035: Ensure proper proxy protocols
Reviewed-by: alanb, chegar
| author | michaelm |
|---|---|
| date | Wed, 10 Sep 2014 10:33:43 +0100 |
| parents | a132e8e301e5 |
| children | 47d9b4eb8fad |
| files | jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java |
| diffstat | 1 files changed, 14 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Fri Aug 29 20:16:35 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Wed Sep 10 10:33:43 2014 +0100 @@ -337,6 +337,7 @@ /* try auth without calling Authenticator. Used for transparent NTLM authentication */ private boolean tryTransparentNTLMServer = true; private boolean tryTransparentNTLMProxy = true; + private boolean useProxyResponseCode = false; /* Used by Windows specific code */ private Object authObj; @@ -2239,6 +2240,15 @@ if (tryTransparentNTLMProxy) { tryTransparentNTLMProxy = NTLMAuthenticationProxy.supportsTransparentAuth; + /* If the platform supports transparent authentication + * then normally it's ok to do transparent auth to a proxy + * because we generally trust proxies (chosen by the user) + * But not in the case of 305 response where the server + * chose it. */ + if (tryTransparentNTLMProxy && useProxyResponseCode) { + tryTransparentNTLMProxy = false; + } + } a = null; if (tryTransparentNTLMProxy) { @@ -2610,6 +2620,10 @@ requests.set(0, method + " " + getRequestURI()+" " + httpVersion, null); connected = true; + // need to remember this in case NTLM proxy authentication gets + // used. We can't use transparent authentication when user + // doesn't know about proxy. + useProxyResponseCode = true; } else { // maintain previous headers, just change the name // of the file we're getting