stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8077155: LoginContext Subject ignored by jdk8 sun.net.www.protocol.http.HttpURLConnection

Browse Source 
Reviewed-by: michaelm
This commit is contained in:
Rob McKenna 2015-05-20 18:06:31 +01:00
parent 9cecb7f70a
commit efc37c5e71
2 changed files with 161 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
View File

@ -983,7 +983,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
SocketPermission p = URLtoSocketPermission(this.url);
if (p != null) {
try {
AccessController.doPrivileged(
AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public Void run() throws IOException {
plainConnect0();
@ -1244,7 +1244,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (p != null) {
try {
return AccessController.doPrivileged(
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public OutputStream run() throws IOException {
return getOutputStream0();
@ -1422,7 +1422,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (p != null) {
try {
return AccessController.doPrivileged(
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public InputStream run() throws IOException {
return getInputStream0();
@ -2565,7 +2565,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (p != null) {
try {
return AccessController.doPrivileged(
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public Boolean run() throws IOException {
return followRedirect0(loc, stat, locUrl0);

160
jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
View File

@ -40,21 +40,34 @@ import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.net.URLConnection;
import java.security.*;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.Config;
import java.util.Base64;
import sun.util.logging.PlatformLogger;
import java.util.Base64;
@ -197,7 +210,7 @@ public class HttpNegotiateServer {
proxyUrl = new URL("http://nosuchplace/a/b/c");
try {
Exception e1 = null, e2 = null;
Exception e1 = null, e2 = null, e3 = null;
try {
test6578647();
} catch (Exception e) {
@ -210,7 +223,14 @@ public class HttpNegotiateServer {
e2 = e;
e.printStackTrace();
}
if (e1 != null || e2 != null) {
try {
test8077155();
} catch (Exception e) {
e3 = e;
e.printStackTrace();
}
if (e1 != null || e2 != null || e3 != null) {
throw new RuntimeException("Test error");
}
} finally {
@ -254,6 +274,121 @@ public class HttpNegotiateServer {
}
}
static void testConnect() {
InputStream inputStream = null;
try {
URL url = webUrl;
URLConnection conn = url.openConnection();
conn.connect();
inputStream = conn.getInputStream();
byte[] b = new byte[inputStream.available()];
for (int j = 0; j < b.length; j++) {
b[j] = (byte) inputStream.read();
}
String s = new String(b);
System.out.println("Length: " + s.length());
System.out.println(s);
} catch (Exception ex) {
throw new RuntimeException(ex);
} finally {
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
static void test8077155() throws Exception {
final String username = WEB_USER;
final char[] password = WEB_PASS;
SecurityManager security = new SecurityManager();
Policy.setPolicy(new SecurityPolicy());
System.setSecurityManager(security);
CallbackHandler callback = new CallbackHandler() {
@Override
public void handle(Callback[] pCallbacks) throws IOException, UnsupportedCallbackException {
for (Callback cb : pCallbacks) {
if (cb instanceof NameCallback) {
NameCallback ncb = (NameCallback)cb;
ncb.setName(username);
} else if (cb instanceof PasswordCallback) {
PasswordCallback pwdcb = (PasswordCallback) cb;
pwdcb.setPassword(password);
}
}
}
};
final String jaasConfigName = "oracle.test.kerberos.login";
final String krb5LoginModule = "com.sun.security.auth.module.Krb5LoginModule";
Configuration loginConfig = new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
if (! jaasConfigName.equals(name)) {
return new AppConfigurationEntry[0];
}
Map<String, String> options = new HashMap<String, String>();
options.put("useTicketCache", Boolean.FALSE.toString());
options.put("useKeyTab", Boolean.FALSE.toString());
return new AppConfigurationEntry[] {
new AppConfigurationEntry(krb5LoginModule,
LoginModuleControlFlag.REQUIRED,
options)
};
}
};
// oracle context/subject/login
LoginContext context = null;
try {
context = new LoginContext("oracle.test.kerberos.login", null, callback, loginConfig);
context.login();
} catch (LoginException ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
Subject subject = context.getSubject();
final PrivilegedExceptionAction<Object> test_action = new PrivilegedExceptionAction<Object>() {
public Object run() throws Exception {
testConnect();
return null;
}
};
System.err.println("\n\nExpecting to succeed when executing with the the logged in subject.");
try {
Subject.doAs(subject, test_action);
System.err.println("\n\nConnection succeed when executing with the the logged in subject.");
} catch (PrivilegedActionException e) {
System.err.println("\n\nFailure unexpected when executing with the the logged in subject.");
e.printStackTrace();
throw new RuntimeException("Failed to login as subject");
}
try {
System.err.println("\n\nExpecting to fail when running with the current user's login.");
testConnect();
} catch (Exception ex) {
System.err.println("\nConnect failed when running with the current user's login:\n" + ex.getMessage());
}
}
/**
* Creates and starts an HTTP or proxy server that requires
* Negotiate authentication.
@ -366,3 +501,22 @@ public class HttpNegotiateServer {
}
}
}
class SecurityPolicy extends Policy {
private static Permissions perms;
public SecurityPolicy() {
super();
if (perms == null) {
perms = new Permissions();
perms.add(new AllPermission());
}
}
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return perms;
}
}