Mercurial > hg > shenandoah-preopenjdk-archive > openjdk8 > jdk

changeset 10196:64bbdc0360cd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8044215: Unable to initiate SpNego using a S4U2Proxy GSSCredential (Krb5ProxyCredential) Reviewed-by: mullan
author weijun
date Tue, 14 Oct 2014 10:08:32 +0800
parents f7337085ddbd
children a6b81ca3248a
files src/share/classes/sun/security/jgss/krb5/Krb5Context.java test/sun/security/krb5/auto/S4U2proxy.java
diffstat 2 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Mon Oct 13 11:25:42 2014 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Tue Oct 14 10:08:32 2014 +0800
@@ -241,8 +241,11 @@
      * establishment.
      */
     public final void requestCredDeleg(boolean value) throws GSSException {
-        if (state == STATE_NEW && isInitiator())
-            credDelegState  = value;
+        if (state == STATE_NEW && isInitiator()) {
+            if (myCred == null || !(myCred instanceof Krb5ProxyCredential)) {
+                credDelegState  = value;
+            }
+        }
     }
 
     /**
--- a/test/sun/security/krb5/auto/S4U2proxy.java	Mon Oct 13 11:25:42 2014 -0700
+++ b/test/sun/security/krb5/auto/S4U2proxy.java	Tue Oct 14 10:08:32 2014 +0800
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6355584
+ * @bug 6355584 8044215
  * @summary Introduce constrained Kerberos delegation
  * @compile -XDignore.symbol.file S4U2proxy.java
  * @run main/othervm S4U2proxy krb5
@@ -69,6 +69,10 @@
         Context p = s.delegated();
 
         p.startAsClient(OneKDC.BACKEND, mech);
+
+        // 8044215: requestCredDeleg is useless and harmless
+        p.x().requestCredDeleg(true);
+
         b.startAsServer(mech);
         Context.handshake(p, b);