Details
-
Bug
-
Resolution: Fixed
-
P4
-
9
-
b85
-
generic
-
generic
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8142115 | emb-9 | Artem Smotrakov | P4 | Resolved | Fixed | team |
Description
The following permissions are required (security manager should be set) if HttpURLConnection tries to load a document which is protected with NTLM:
permission java.util.PropertyPermission "ntlm.debug", "read";
permission java.util.PropertyPermission "ntlm.version", "read";
Without the permissions above, HttpURLConnection can't pass NTLM auth, and fails with 401 error:
java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:45104/test/
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at NTLMAuthWithSM.main(NTLMAuthWithSM.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:519)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:92)
at java.lang.Thread.run(Thread.java:746)
The system properties above are read in the following classes:
http://hg.openjdk.java.net/jdk9/dev/jdk/file/tip/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java#l58
...
private static final boolean DEBUG =
System.getProperty("ntlm.debug") != null;
...
http://hg.openjdk.java.net/jdk9/dev/jdk/file/tip/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java#l146
...
client = new Client(System.getProperty("ntlm.version"), hostname,
username, ntdomain, password);
...
Those permissions look unnecessary. They may be read in doPrivileged() blocks:
http://cr.openjdk.java.net/~asmotrak/ntlm_auth_with_sm/webrev.00/
permission java.util.PropertyPermission "ntlm.debug", "read";
permission java.util.PropertyPermission "ntlm.version", "read";
Without the permissions above, HttpURLConnection can't pass NTLM auth, and fails with 401 error:
java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:45104/test/
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at NTLMAuthWithSM.main(NTLMAuthWithSM.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:519)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:92)
at java.lang.Thread.run(Thread.java:746)
The system properties above are read in the following classes:
http://hg.openjdk.java.net/jdk9/dev/jdk/file/tip/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java#l58
...
private static final boolean DEBUG =
System.getProperty("ntlm.debug") != null;
...
http://hg.openjdk.java.net/jdk9/dev/jdk/file/tip/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java#l146
...
client = new Client(System.getProperty("ntlm.version"), hostname,
username, ntdomain, password);
...
Those permissions look unnecessary. They may be read in doPrivileged() blocks:
http://cr.openjdk.java.net/~asmotrak/ntlm_auth_with_sm/webrev.00/
Attachments
Issue Links
- backported by
-
JDK-8142115 NTLM impl should use doPrivileged when it reads system properties
-
- Resolved
-
- relates to
-
-
- Closed
-