2013-01-21 23:35:36 -05:00
2019-06-28 15:58:10 +01:00
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
2013-01-21 23:35:36 -05:00
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
/* @test
* @bug 8004502
2019-03-27 09:06:43 -07:00
* @library /test/lib
2013-01-21 23:35:36 -05:00
* @summary Sanity check that NTLM will not be selected by the http protocol
* handler when running on a profile that does not support NTLM
2015-05-28 10:54:48 -07:00
* @modules java.base/sun.net.www
2016-12-01 08:57:53 +00:00
* java.base/sun.net.www.protocol.http:open
2013-01-21 23:35:36 -05:00
* @run main/othervm NoNTLM
2019-06-28 15:58:10 +01:00
* @run main/othervm -Djava.net.preferIPv6Addresses=true NoNTLM
2013-01-21 23:35:36 -05:00
2016-11-09 14:24:41 +03:00
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.Authenticator;
import java.net.HttpURLConnection;
2019-03-27 09:06:43 -07:00
import java.net.InetAddress;
2016-11-09 14:24:41 +03:00
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
2019-03-27 09:06:43 -07:00
import jdk.test.lib.net.URIBuilder;
2013-01-21 23:35:36 -05:00
import sun.net.www.MessageHeader;
public class NoNTLM {
static final String CRLF = "\r\n";
static final String OKAY =
"HTTP/1.1 200" + CRLF +
"Content-Length: 0" + CRLF +
"Connection: close" + CRLF +
static class Client implements Runnable {
private final URL url;
private volatile IOException ioe;
private volatile int respCode;
Client(int port) throws IOException {
2019-03-27 09:06:43 -07:00
this.url = URIBuilder.newBuilder()
System.out.println("Client URL: " + this.url);
2013-01-21 23:35:36 -05:00
public void run() {
try {
HttpURLConnection uc =
try {
} catch (IOException x) {
respCode = uc.getResponseCode();
throw x;
} catch (IOException x) {
if (respCode == 0)
respCode = -1;
ioe = x;
IOException ioException() {
return ioe;
int respCode() {
return respCode;
static void start(int port) throws IOException {
Client client = new Client(port);
new Thread(client).start();
* Return the http response with WWW-Authenticate headers for the given
* authentication schemes.
static String authReplyFor(String... schemes) {
// construct the server reply
String reply = "HTTP/1.1 401 Unauthorized" + CRLF +
"Content-Length: 0"+ CRLF +
"Connection: close" + CRLF;
for (String s: schemes) {
switch (s) {
case "Basic" :
reply += "WWW-Authenticate: Basic realm=\"wallyworld\"" + CRLF;
case "Digest" :
reply += "WWW-Authenticate: Digest" +
" realm=\"wallyworld\"" +
" domain=/" +
" nonce=\"abcdefghijklmnopqrstuvwxyz\"" +
" qop=\"auth\"" + CRLF;
case "NTLM" :
reply += "WWW-Authenticate: NTLM" + CRLF;
default :
throw new RuntimeException("Should not get here");
reply += CRLF;
return reply;
* Test the http protocol handler with the given authentication schemes
* in the WWW-Authenticate header.
static void test(String... schemes) throws IOException {
// the authentication scheme that the client is expected to choose
String expected = null;
for (String s: schemes) {
if (expected == null) {
expected = s;
} else if (s.equals("Digest")) {
expected = s;
// server reply
String reply = authReplyFor(schemes);
System.out.println("Expect client to choose: " + expected);
2019-06-28 15:58:10 +01:00
InetAddress loopback = InetAddress.getLoopbackAddress();
try (ServerSocket ss = new ServerSocket(0, 0, loopback)) {
2013-01-21 23:35:36 -05:00
// client ---- GET ---> server
// client <--- 401 ---- server
try (Socket s = ss.accept()) {
new MessageHeader().parseHeader(s.getInputStream());
// client ---- GET ---> server
// client <--- 200 ---- server
String auth;
try (Socket s = ss.accept()) {
MessageHeader mh = new MessageHeader();
auth = mh.findValue("Authorization");
// check Authorization header
if (auth == null)
throw new RuntimeException("Authorization header not found");
System.out.println("Server received Authorization header: " + auth);
String[] values = auth.split(" ");
if (!values[0].equals(expected))
throw new RuntimeException("Unexpected value");
* Test the http protocol handler with one WWW-Authenticate header with
* the value "NTLM".
static void testNTLM() throws Exception {
// server reply
String reply = authReplyFor("NTLM");
System.out.println("Expect client to fail with 401 Unauthorized");
2019-06-28 15:58:10 +01:00
InetAddress loopback = InetAddress.getLoopbackAddress();
try (ServerSocket ss = new ServerSocket(0, 0, loopback)) {
2013-01-21 23:35:36 -05:00
Client client = new Client(ss.getLocalPort());
Thread thr = new Thread(client);
// client ---- GET ---> server
// client <--- 401 ---- client
try (Socket s = ss.accept()) {
new MessageHeader().parseHeader(s.getInputStream());
// the client should fail with 401
System.out.println("Waiting for client to terminate");
IOException ioe = client.ioException();
if (ioe != null)
System.out.println("Client failed: " + ioe);
int respCode = client.respCode();
if (respCode != 0 && respCode != -1)
System.out.println("Client received HTTP response code: " + respCode);
if (respCode != HttpURLConnection.HTTP_UNAUTHORIZED)
throw new RuntimeException("Unexpected response code");
public static void main(String[] args) throws Exception {
2019-06-28 15:58:10 +01:00
boolean ntlmSupported = false;
2013-01-21 23:35:36 -05:00
try {
2016-11-09 14:24:41 +03:00
Class<?> ntlmProxyClass = Class.forName("sun.net.www.protocol.http.NTLMAuthenticationProxy", true, NoNTLM.class.getClassLoader());
Field ntlmSupportedField = ntlmProxyClass.getDeclaredField("supported");
if (ntlmSupportedField.getBoolean(null)) {
2019-06-28 15:58:10 +01:00
System.out.println("NTLM is supported.");
ntlmSupported = true;
2016-11-09 14:24:41 +03:00
2013-01-21 23:35:36 -05:00
} catch (ClassNotFoundException okay) { }
// setup Authenticator
Authenticator.setDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("user", "pass".toCharArray());
// test combinations of authentication schemes
test("Basic", "Digest");
2019-06-28 15:58:10 +01:00
if (ntlmSupported) {
System.out.println("NTLM is supported: client would select NTLM: skipping `test(\"Basic\", \"NTLM\")`..");
} else {
test("Basic", "NTLM");
2013-01-21 23:35:36 -05:00
test("Digest", "NTLM");
test("Basic", "Digest", "NTLM");
2019-06-28 15:58:10 +01:00
if (ntlmSupported) {
System.out.println("NTLM is supported: client would select NTLM: skipping `testNTLM()`..");
} else {
// test NTLM only, this should fail with "401 Unauthorized"
2013-01-21 23:35:36 -05:00
System.out.println("TEST PASSED");