From 5e999034a3c2ea89a80c0656eee07a1aa72c255b Mon Sep 17 00:00:00 2001 From: Michael McMahon Date: Mon, 10 Dec 2012 14:56:44 +0000 Subject: [PATCH] 8003948: NTLM/Negotiate authentication problem Reviewed-by: chegar, weijun --- .../classes/sun/net/www/MessageHeader.java | 37 ++++++++++ .../www/protocol/http/HttpURLConnection.java | 17 +++++ jdk/test/sun/net/www/MessageHeaderTest.java | 74 +++++++++++++++++++ 3 files changed, 128 insertions(+) create mode 100644 jdk/test/sun/net/www/MessageHeaderTest.java diff --git a/jdk/src/share/classes/sun/net/www/MessageHeader.java b/jdk/src/share/classes/sun/net/www/MessageHeader.java index dbb2cfc7c3a..3a46def13b3 100644 --- a/jdk/src/share/classes/sun/net/www/MessageHeader.java +++ b/jdk/src/share/classes/sun/net/www/MessageHeader.java @@ -137,6 +137,43 @@ class MessageHeader { return null; } + /** + * Removes bare Negotiate and Kerberos headers when an "NTLM ..." + * appears. All Performed on headers with key being k. + * @return true if there is a change + */ + public boolean filterNTLMResponses(String k) { + boolean found = false; + for (int i=0; i 5 + && values[i].substring(0, 5).equalsIgnoreCase("NTLM ")) { + found = true; + break; + } + } + if (found) { + int j = 0; + for (int i=0; i { int index = 0; int next = -1; diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 87fdaa82bf2..8003b5a5433 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -1326,6 +1326,16 @@ public class HttpURLConnection extends java.net.HttpURLConnection { if (logger.isLoggable(PlatformLogger.FINE)) { logger.fine(responses.toString()); } + + boolean b1 = responses.filterNTLMResponses("WWW-Authenticate"); + boolean b2 = responses.filterNTLMResponses("Proxy-Authenticate"); + if (b1 || b2) { + if (logger.isLoggable(PlatformLogger.FINE)) { + logger.fine(">>>> Headers are filtered"); + logger.fine(responses.toString()); + } + } + inputStream = http.getInputStream(); respCode = getResponseCode(); @@ -1784,6 +1794,13 @@ public class HttpURLConnection extends java.net.HttpURLConnection { logger.fine(responses.toString()); } + if (responses.filterNTLMResponses("Proxy-Authenticate")) { + if (logger.isLoggable(PlatformLogger.FINE)) { + logger.fine(">>>> Headers are filtered"); + logger.fine(responses.toString()); + } + } + statusLine = responses.getValue(0); StringTokenizer st = new StringTokenizer(statusLine); st.nextToken(); diff --git a/jdk/test/sun/net/www/MessageHeaderTest.java b/jdk/test/sun/net/www/MessageHeaderTest.java new file mode 100644 index 00000000000..aceb635cfae --- /dev/null +++ b/jdk/test/sun/net/www/MessageHeaderTest.java @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8003948 + * @run main MessageHeaderTest + */ +import java.io.*; +import sun.net.www.MessageHeader; + +public class MessageHeaderTest { + public static void main (String[] args) throws Exception { + for (int i=0; i<7; i++) { + ByteArrayInputStream bis = new ByteArrayInputStream(headers[i].getBytes()); + MessageHeader h = new MessageHeader(bis); + String before = h.toString(); + before = before.substring(before.indexOf('{')); + boolean result = h.filterNTLMResponses("WWW-Authenticate"); + String after = h.toString(); + after = after.substring(after.indexOf('{')); + if (!expected[i].equals(after)) { + throw new RuntimeException(Integer.toString(i) + " expected != after"); + } + if (result != expectedResult[i]) { + throw new RuntimeException(Integer.toString(i) + " result != expectedResult"); + } + } + } + + static String expected[] = { + "{null: HTTP/1.1 200 Ok}{Foo: bar}{Bar: foo}{WWW-Authenticate: NTLM sdsds}", + "{null: HTTP/1.1 200 Ok}{Foo: bar}{Bar: foo}{WWW-Authenticate: }", + "{null: HTTP/1.1 200 Ok}{Foo: bar}{Bar: foo}{WWW-Authenticate: NTLM sdsds}", + "{null: HTTP/1.1 200 Ok}{Foo: bar}{Bar: foo}{WWW-Authenticate: NTLM sdsds}", + "{null: HTTP/1.1 200 Ok}{Foo: bar}{Bar: foo}{WWW-Authenticate: NTLM sdsds}{Bar: foo}", + "{null: HTTP/1.1 200 Ok}{WWW-Authenticate: Negotiate}{Foo: bar}{Bar: foo}{WWW-Authenticate: NTLM}{Bar: foo}{WWW-Authenticate: Kerberos}", + "{null: HTTP/1.1 200 Ok}{Foo: foo}{Bar: }{WWW-Authenticate: NTLM blob}{Bar: foo blob}" + }; + + static boolean[] expectedResult = { + false, false, true, true, true, false, false + }; + + static String[] headers = { + "HTTP/1.1 200 Ok\r\nFoo: bar\r\nBar: foo\r\nWWW-Authenticate: NTLM sdsds", + "HTTP/1.1 200 Ok\r\nFoo: bar\r\nBar: foo\r\nWWW-Authenticate:", + "HTTP/1.1 200 Ok\r\nFoo: bar\r\nBar: foo\r\nWWW-Authenticate: NTLM sdsds\r\nWWW-Authenticate: Negotiate", + "HTTP/1.1 200 Ok\r\nFoo: bar\r\nBar: foo\r\nWWW-Authenticate: NTLM sdsds\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: Kerberos", + "HTTP/1.1 200 Ok\r\nWWW-Authenticate: Negotiate\r\nFoo: bar\r\nBar: foo\r\nWWW-Authenticate: NTLM sdsds\r\nBar: foo\r\nWWW-Authenticate: Kerberos", + "HTTP/1.1 200 Ok\r\nWWW-Authenticate: Negotiate\r\nFoo: bar\r\nBar: foo\r\nWWW-Authenticate: NTLM\r\nBar: foo\r\nWWW-Authenticate: Kerberos", + "HTTP/1.1 200 Ok\r\nFoo: foo\r\nBar:\r\nWWW-Authenticate: NTLM blob\r\nBar: foo blob" + }; +}