Mercurial > hg > release > icedtea7-forest-2.5 > jdk
changeset 8121:e64096846c20
8048035: Ensure proper proxy protocols
Reviewed-by: michaelm, coffeys
author | robm |
---|---|
date | Tue, 21 Oct 2014 15:33:45 +0100 |
parents | 1d17f4662714 |
children | 481749b8ba88 |
files | src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java |
diffstat | 1 files changed, 13 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Mon Oct 20 12:35:24 2014 -0700 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Tue Oct 21 15:33:45 2014 +0100 @@ -315,6 +315,7 @@ /* try auth without calling Authenticator. Used for transparent NTLM authentication */ private boolean tryTransparentNTLMServer = true; private boolean tryTransparentNTLMProxy = true; + private boolean useProxyResponseCode = false; /* Used by Windows specific code */ private Object authObj; @@ -2032,6 +2033,14 @@ if (tryTransparentNTLMProxy) { tryTransparentNTLMProxy = NTLMAuthenticationProxy.proxy.supportsTransparentAuth; + /* If the platform supports transparent authentication + * then normally it's ok to do transparent auth to a proxy + * because we generally trust proxies (chosen by the user) + * But not in the case of 305 response where the server + * chose it. */ + if (tryTransparentNTLMProxy && useProxyResponseCode) { + tryTransparentNTLMProxy = false; + } } a = null; if (tryTransparentNTLMProxy) { @@ -2364,6 +2373,10 @@ requests.set(0, method + " " + getRequestURI()+" " + httpVersion, null); connected = true; + // need to remember this in case NTLM proxy authentication gets + // used. We can't use transparent authentication when user + // doesn't know about proxy. + useProxyResponseCode = true; } else { // maintain previous headers, just change the name // of the file we're getting