Mercurial > hg > icedtea8-forest > jdk
changeset 10642:1e79baf89075 jdk8u31-b05
8048035: Ensure proper proxy protocols
Reviewed-by: chegar, coffeys
author | michaelm |
---|---|
date | Mon, 20 Oct 2014 10:29:30 +0100 |
parents | 1132c905ad52 |
children | 03311c858a40 |
files | src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java |
diffstat | 1 files changed, 13 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Wed Oct 15 15:41:50 2014 -0700 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Mon Oct 20 10:29:30 2014 +0100 @@ -336,6 +336,7 @@ /* try auth without calling Authenticator. Used for transparent NTLM authentication */ private boolean tryTransparentNTLMServer = true; private boolean tryTransparentNTLMProxy = true; + private boolean useProxyResponseCode = false; /* Used by Windows specific code */ private Object authObj; @@ -2243,6 +2244,14 @@ if (tryTransparentNTLMProxy) { tryTransparentNTLMProxy = NTLMAuthenticationProxy.supportsTransparentAuth; + /* If the platform supports transparent authentication + * then normally it's ok to do transparent auth to a proxy + * because we generally trust proxies (chosen by the user) + * But not in the case of 305 response where the server + * chose it. */ + if (tryTransparentNTLMProxy && useProxyResponseCode) { + tryTransparentNTLMProxy = false; + } } a = null; if (tryTransparentNTLMProxy) { @@ -2614,6 +2623,10 @@ requests.set(0, method + " " + getRequestURI()+" " + httpVersion, null); connected = true; + // need to remember this in case NTLM proxy authentication gets + // used. We can't use transparent authentication when user + // doesn't know about proxy. + useProxyResponseCode = true; } else { // maintain previous headers, just change the name // of the file we're getting