Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8270290

NTLM authentication fails if HEAD request is used

    XMLWordPrintable

Details

    • b18
    • generic
    • generic
    • Verified

    Backports

      Description

        When HEAD request to HTTPS resource is used with a proxy server that requires NTLM, authentication fails when server returns large (8kb+) body along with NTLMSSP_CHALLENGE response.

        Failure example:

        java.util.NoSuchElementException
        at java.base/java.util.StringTokenizer.nextToken(StringTokenizer.java:347)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling0(HttpURLConnection.java:2191)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2136)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:181)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1665)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1589)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)

        Problem happens because HttpURLConnection#reset() is called on NTLM stage 2 to consume (and discard) NTLMSSP_CHALLENGE response body. But reset() does not discard the body when the request method (of the initial client request) is HEAD. If HTTPS resource is requested (in this case CONNECT request is sent to proxy server to establish TLS tunnel) and NTLMSSP_CHALLENGE response size is larger than a buffer in BufferedInputStream, then status code of the following response (to NTLMSSP_AUTH request) cannot be read (because there is stale data in socket) and authentication fails.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8276710 NTLM authentication fails if HEAD request is used

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8276867 NTLM authentication fails if HEAD request is used

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8277898 NTLM authentication fails if HEAD request is used

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8280033 NTLM authentication fails if HEAD request is used

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8281145 NTLM authentication fails if HEAD request is used

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            links to

            Web Link 8u backport review thread

            Commit Commit openjdk/jdk11u-dev/242bbefe

            Commit Commit openjdk/jdk17u/de474887

            Commit Commit openjdk/jdk/3e0d7c33

            Review Review openjdk/jdk11u-dev/666

            Review Review openjdk/jdk17u/161

            Review Review openjdk/jdk/4753

            Activity

              People

                akasko Alex Kasko
                akasko Alex Kasko
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: