Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7043860

NTML impl of SaslServer doesn't throw ISE from getAuthorizationID() method

XMLWordPrintable

    • b04
    • generic
    • generic
    • Verified

        Platform: Windows, Solaris
        JDK: Oracle JDK7
        (not reproducible on Sun's JDK6 as NTLMServer is not present there)

        The com.sun.security.sasl.ntlm.NTLMServer implementaiton of method

         http://download.java.net/jdk7/docs/api/javax/security/sasl/SaslServer.html#getAuthorizationID%28%29

        Does not throw specified:

        Throws:
            IllegalStateException - if this authentication session has not completed

        Please see the following code sample:

        --------------------------------------------------------------------------------------------
        package sasl;

        import javax.security.auth.callback.Callback;
        import javax.security.auth.callback.CallbackHandler;
        import javax.security.auth.callback.UnsupportedCallbackException;
        import javax.security.sasl.Sasl;
        import javax.security.sasl.SaslException;
        import javax.security.sasl.SaslServer;
        import javax.security.sasl.SaslServerFactory;
        import java.io.IOException;
        import java.util.ArrayList;
        import java.util.Collections;

        public class GetAuthorizationID {

            public static void main(String[] args) throws SaslException {
                ArrayList<SaslServerFactory> list = Collections.list(Sasl.getSaslServerFactories());
                for (SaslServerFactory saslServerFactory : list) {
                    System.err.println("saslServerFactory = " + saslServerFactory);
                    String[] mechanismNames = saslServerFactory.getMechanismNames(null);
                    if (mechanismNames.length == 1 && "NTLM".equals(mechanismNames[0])) {
                        SaslServer saslServer =
                                saslServerFactory.createSaslServer("NTLM", "ldap", "abc", null, new CallbackHandler() {
                                    @Override
                                    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { }
                                });
                        System.err.println("saslServer = " + saslServer);
                        System.err.println("saslServer.isComplete() = " + saslServer.isComplete());
                        // IllegalStateException is expected here
                        saslServer.getAuthorizationID();
                        System.err.println("No IllegalStateException");
                    }
                }
            }
        }
        --------------------------------------------------------------------------------------------

        The output will look like:

        saslServerFactory = com.sun.security.sasl.gsskerb.FactoryImpl@9dc1bb
        saslServerFactory = com.sun.security.sasl.ServerFactoryImpl@d9dbd1
        saslServerFactory = com.sun.security.sasl.ntlm.FactoryImpl@1bb3c06
        saslServer = com.sun.security.sasl.ntlm.NTLMServer@4e75bc
        saslServer.isComplete() = false
        No IllegalStateException
        saslServerFactory = com.sun.security.sasl.digest.FactoryImpl@d0a64a
        Deferral request rationale:
        It's too late in the process for non-trivial fixes. Will fix this in JDK 8.

              weijun Weijun Wang
              dbessono Dmitry Bessonov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: