http-client-branch: honor legacy jdk.http.auth.* property when handling proxy-authorization
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/AuthenticationFilter.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/AuthenticationFilter.java Wed Jan 31 16:18:41 2018 +0000
@@ -34,8 +34,11 @@
import java.net.URL;
import java.util.Base64;
import java.util.LinkedList;
+import java.util.List;
import java.util.Objects;
import java.util.WeakHashMap;
+
+import jdk.incubator.http.internal.common.Log;
import jdk.incubator.http.internal.common.Utils;
import static java.net.Authenticator.RequestorType.PROXY;
import static java.net.Authenticator.RequestorType.SERVER;
@@ -56,6 +59,10 @@
static final int UNAUTHORIZED = 401;
static final int PROXY_UNAUTHORIZED = 407;
+ private static final List<String> BASIC_DUMMY =
+ List.of("Basic " + Base64.getEncoder()
+ .encodeToString("o:o".getBytes(ISO_8859_1)));
+
// A public no-arg constructor is required by FilterFactory
public AuthenticationFilter() {}
@@ -157,6 +164,21 @@
sb.append(pw.getUserName()).append(':').append(pw.getPassword());
String s = encoder.encodeToString(sb.toString().getBytes(ISO_8859_1));
String value = "Basic " + s;
+ if (proxy) {
+ if (r.isConnect()) {
+ if (!Utils.PROXY_TUNNEL_FILTER
+ .test(hdrname, List.of(value))) {
+ Log.logError("{0} disabled", hdrname);
+ return;
+ }
+ } else if (r.proxy() != null) {
+ if (!Utils.PROXY_FILTER
+ .test(hdrname, List.of(value))) {
+ Log.logError("{0} disabled", hdrname);
+ return;
+ }
+ }
+ }
r.setSystemHeader(hdrname, value);
}
@@ -232,6 +254,22 @@
return null; // error gets returned to app
}
+ if (proxy) {
+ if (r.isConnectResponse) {
+ if (!Utils.PROXY_TUNNEL_FILTER
+ .test("Proxy-Authorization", BASIC_DUMMY)) {
+ Log.logError("{0} disabled", "Proxy-Authorization");
+ return null;
+ }
+ } else if (req.proxy() != null) {
+ if (!Utils.PROXY_FILTER
+ .test("Proxy-Authorization", BASIC_DUMMY)) {
+ Log.logError("{0} disabled", "Proxy-Authorization");
+ return null;
+ }
+ }
+ }
+
AuthInfo au = proxy ? exchange.proxyauth : exchange.serverauth;
if (au == null) {
// if no authenticator, let the user deal with 407/401
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Exchange.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Exchange.java Wed Jan 31 16:18:41 2018 +0000
@@ -308,7 +308,8 @@
bodyIgnored = MinimalFuture.completedFuture(null);
Response proxyResponse = ((ProxyAuthenticationRequired)t).proxyResponse;
Response syntheticResponse = new Response(request, this,
- proxyResponse.headers, proxyResponse.statusCode, proxyResponse.version);
+ proxyResponse.headers, proxyResponse.statusCode,
+ proxyResponse.version, true);
return MinimalFuture.completedFuture(syntheticResponse);
} else if (t != null) {
return MinimalFuture.failedFuture(t);
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Http1Request.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Http1Request.java Wed Jan 31 16:18:41 2018 +0000
@@ -35,8 +35,7 @@
import java.net.InetSocketAddress;
import java.util.Objects;
import java.util.concurrent.Flow;
-import java.util.function.Predicate;
-
+import java.util.function.BiPredicate;
import jdk.incubator.http.Http1Exchange.Http1BodySubscriber;
import jdk.incubator.http.internal.common.HttpHeadersImpl;
import jdk.incubator.http.internal.common.Log;
@@ -82,9 +81,10 @@
}
}
+
private void collectHeaders0(StringBuilder sb) {
- Predicate<String> filter = connection.isTunnel()
- ? Utils.NO_PROXY_HEADER : Utils.ALL_HEADERS;
+ BiPredicate<String,List<String>> filter =
+ connection.headerFilter(request);
// If we're sending this request through a tunnel,
// then don't send any preemptive proxy-* headers that
@@ -99,11 +99,12 @@
sb.append("\r\n");
}
- private void collectHeaders1(StringBuilder sb, HttpHeaders headers, Predicate<String> filter) {
+ private void collectHeaders1(StringBuilder sb, HttpHeaders headers,
+ BiPredicate<String, List<String>> filter) {
for (Map.Entry<String,List<String>> entry : headers.map().entrySet()) {
String key = entry.getKey();
- if (!filter.test(key)) continue;
List<String> values = entry.getValue();
+ if (!filter.test(key, values)) continue;
for (String value : values) {
sb.append(key).append(": ").append(value).append("\r\n");
}
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpConnection.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpConnection.java Wed Jan 31 16:18:41 2018 +0000
@@ -40,6 +40,7 @@
import java.util.concurrent.CompletionStage;
import java.util.concurrent.ConcurrentLinkedDeque;
import java.util.concurrent.Flow;
+import java.util.function.BiPredicate;
import java.util.function.Predicate;
import jdk.incubator.http.HttpClient.Version;
import jdk.incubator.http.internal.common.Demand;
@@ -218,20 +219,68 @@
HttpClientImpl client) {
if (proxy != null)
return new AsyncSSLTunnelConnection(addr, client, alpn, proxy,
- proxyHeaders(request));
+ proxyTunnelHeaders(request));
else
return new AsyncSSLConnection(addr, client, alpn);
}
+ /**
+ * This method is used to build a filter that will accept or
+ * veto (header-name, value) tuple for transmission on the
+ * wire.
+ * The filter is applied to the headers when sending the headers
+ * to the remote party.
+ * Which tuple is accepted/vetoed depends on:
+ * <pre>
+ * - whether the connection is a tunnel connection
+ * [talking to a server through a proxy tunnel]
+ * - whether the method is CONNECT
+ * [establishing a CONNECT tunnel through a proxy]
+ * - whether the request is using a proxy
+ * (and the connection is not a tunnel)
+ * [talking to a server through a proxy]
+ * - whether the request is a direct connection to
+ * a server (no tunnel, no proxy).
+ * </pre>
+ * @param request
+ * @return
+ */
+ BiPredicate<String,List<String>> headerFilter(HttpRequestImpl request) {
+ if (isTunnel()) {
+ // talking to a server through a proxy tunnel
+ // don't send proxy-* headers to a plain server
+ assert !request.isConnect();
+ return Utils.NO_PROXY_HEADERS_FILTER;
+ } else if (request.isConnect()) {
+ // establishing a proxy tunnel
+ // check for proxy tunnel disabled schemes
+ // assert !this.isTunnel();
+ assert request.proxy() == null;
+ return Utils.PROXY_TUNNEL_FILTER;
+ } else if (request.proxy() != null) {
+ // talking to a server through a proxy (no tunnel)
+ // check for proxy disabled schemes
+ // assert !isTunnel() && !request.isConnect();
+ return Utils.PROXY_FILTER;
+ } else {
+ // talking to a server directly (no tunnel, no proxy)
+ // don't send proxy-* headers to a plain server
+ // assert request.proxy() == null && !request.isConnect();
+ return Utils.NO_PROXY_HEADERS_FILTER;
+ }
+ }
+
// Composes a new immutable HttpHeaders that combines the
// user and system header but only keeps those headers that
// start with "proxy-"
- private static HttpHeaders proxyHeaders(HttpRequestImpl request) {
+ private static HttpHeaders proxyTunnelHeaders(HttpRequestImpl request) {
Map<String, List<String>> combined = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
combined.putAll(request.getSystemHeaders().map());
combined.putAll(request.headers().map()); // let user override system
- // keep only proxy-*
- return ImmutableHeaders.of(combined, Utils.IS_PROXY_HEADER);
+
+ // keep only proxy-* - and also strip authorization headers
+ // for disabled schemes
+ return ImmutableHeaders.of(combined, Utils.PROXY_TUNNEL_FILTER);
}
/* Returns either a plain HTTP connection or a plain tunnelling connection
@@ -242,7 +291,7 @@
HttpClientImpl client) {
if (request.isWebSocket() && proxy != null)
return new PlainTunnelingConnection(addr, proxy, client,
- proxyHeaders(request));
+ proxyTunnelHeaders(request));
if (proxy == null)
return new PlainHttpConnection(addr, client);
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpRequestImpl.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpRequestImpl.java Wed Jan 31 16:18:41 2018 +0000
@@ -165,6 +165,10 @@
this.version = Optional.of(HttpClient.Version.HTTP_1_1);
}
+ final boolean isConnect() {
+ return "CONNECT".equalsIgnoreCase(method);
+ }
+
/**
* Creates a HttpRequestImpl from the given set of Headers and the associated
* "parent" request. Fields not taken from the headers are taken from the
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/ImmutableHeaders.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/ImmutableHeaders.java Wed Jan 31 16:18:41 2018 +0000
@@ -29,6 +29,7 @@
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
+import java.util.function.BiPredicate;
import java.util.function.Predicate;
import static java.util.Collections.emptyMap;
import static java.util.Collections.unmodifiableList;
@@ -57,14 +58,21 @@
Predicate<? super String> keyAllowed) {
requireNonNull(src, "src");
requireNonNull(keyAllowed, "keyAllowed");
- return new ImmutableHeaders(src, keyAllowed);
+ return new ImmutableHeaders(src, headerAllowed(keyAllowed));
+ }
+
+ public static ImmutableHeaders of(Map<String, List<String>> src,
+ BiPredicate<? super String, ? super List<String>> headerAllowed) {
+ requireNonNull(src, "src");
+ requireNonNull(headerAllowed, "headerAllowed");
+ return new ImmutableHeaders(src, headerAllowed);
}
private ImmutableHeaders(Map<String, List<String>> src,
- Predicate<? super String> keyAllowed) {
+ BiPredicate<? super String, ? super List<String>> headerAllowed) {
Map<String, List<String>> m = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
src.entrySet().stream()
- .filter(e -> keyAllowed.test(e.getKey()))
+ .filter(e -> headerAllowed.test(e.getKey(), e.getValue()))
.forEach(e ->
{
List<String> values = new ArrayList<>(e.getValue());
@@ -74,6 +82,10 @@
this.map = unmodifiableMap(m);
}
+ private static BiPredicate<String, List<String>> headerAllowed(Predicate<? super String> keyAllowed) {
+ return (n,v) -> keyAllowed.test(n);
+ }
+
@Override
public Map<String, List<String>> map() {
return map;
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Response.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Response.java Wed Jan 31 16:18:41 2018 +0000
@@ -36,17 +36,29 @@
final HttpRequestImpl request;
final Exchange<?> exchange;
final HttpClient.Version version;
+ final boolean isConnectResponse;
Response(HttpRequestImpl req,
Exchange<?> exchange,
HttpHeaders headers,
int statusCode,
HttpClient.Version version) {
+ this(req, exchange, headers, statusCode, version,
+ "CONNECT".equalsIgnoreCase(req.method()));
+ }
+
+ Response(HttpRequestImpl req,
+ Exchange<?> exchange,
+ HttpHeaders headers,
+ int statusCode,
+ HttpClient.Version version,
+ boolean isConnectResponse) {
this.headers = headers;
this.request = req;
this.version = version;
this.exchange = exchange;
this.statusCode = statusCode;
+ this.isConnectResponse = isConnectResponse;
}
HttpRequestImpl request() {
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Stream.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/Stream.java Wed Jan 31 16:18:41 2018 +0000
@@ -32,7 +32,6 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentLinkedDeque;
import java.util.concurrent.ConcurrentLinkedQueue;
@@ -40,6 +39,7 @@
import java.util.concurrent.Flow;
import java.util.concurrent.Flow.Subscription;
import java.util.concurrent.atomic.AtomicReference;
+import java.util.function.BiPredicate;
import jdk.incubator.http.HttpResponse.BodySubscriber;
import jdk.incubator.http.internal.common.*;
import jdk.incubator.http.internal.frame.*;
@@ -491,16 +491,45 @@
return f;
}
+ private boolean hasProxyAuthorization(HttpHeaders headers) {
+ return headers.firstValue("proxy-authorization")
+ .isPresent();
+ }
+
+ // Determines whether we need to build a new HttpHeader object.
+ //
+ // Ideally we should pass the filter to OutgoingHeaders refactor the
+ // code that creates the HeaderFrame to honor the filter.
+ // We're not there yet - so depending on the filter we need to
+ // apply and the content of the header we will try to determine
+ // whether anything might need to be filtered.
+ // If nothing needs filtering then we can just use the
+ // original headers.
+ private boolean needsFiltering(HttpHeaders headers,
+ BiPredicate<String, List<String>> filter) {
+ if (filter == Utils.PROXY_TUNNEL_FILTER || filter == Utils.PROXY_FILTER) {
+ // we're either connecting or proxying
+ // slight optimization: we only need to filter out
+ // disabled schemes, so if there are none just
+ // pass through.
+ return Utils.proxyHasDisabledSchemes(filter == Utils.PROXY_TUNNEL_FILTER)
+ && hasProxyAuthorization(headers);
+ } else {
+ // we're talking to a server, either directly or through
+ // a tunnel.
+ // Slight optimization: we only need to filter out
+ // proxy authorization headers, so if there are none just
+ // pass through.
+ return hasProxyAuthorization(headers);
+ }
+ }
+
private HttpHeaders filter(HttpHeaders headers) {
- if (connection().isTunnel()) {
- boolean needsFiltering = headers
- .firstValue("proxy-authorization")
- .isPresent();
- // don't send proxy-* headers to the target server.
- if (needsFiltering) {
- return ImmutableHeaders.of(headers.map(),
- Utils.NO_PROXY_HEADER);
- }
+ HttpConnection conn = connection();
+ BiPredicate<String, List<String>> filter =
+ conn.headerFilter(request);
+ if (needsFiltering(headers, filter)) {
+ return ImmutableHeaders.of(headers.map(), filter);
}
return headers;
}
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/internal/common/Utils.java Wed Jan 31 15:52:35 2018 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/internal/common/Utils.java Wed Jan 31 16:18:41 2018 +0000
@@ -55,8 +55,10 @@
import java.util.TreeSet;
import java.util.concurrent.CompletionException;
import java.util.concurrent.ExecutionException;
+import java.util.function.BiPredicate;
import java.util.function.Predicate;
import java.util.function.Supplier;
+import java.util.stream.Collectors;
import java.util.stream.Stream;
import static java.util.stream.Collectors.joining;
@@ -110,11 +112,80 @@
public static final Predicate<String>
ALLOWED_HEADERS = header -> !DISALLOWED_HEADERS_SET.contains(header);
- public static final Predicate<String> IS_PROXY_HEADER = (k) ->
+ private static final Predicate<String> IS_PROXY_HEADER = (k) ->
k != null && k.length() > 6 && "proxy-".equalsIgnoreCase(k.substring(0,6));
- public static final Predicate<String> NO_PROXY_HEADER =
+ private static final Predicate<String> NO_PROXY_HEADER =
IS_PROXY_HEADER.negate();
- public static final Predicate<String> ALL_HEADERS = (s) -> true;
+ private static final Predicate<String> ALL_HEADERS = (s) -> true;
+
+ private static final Set<String> PROXY_AUTH_DISABLED_SCHEMES;
+ private static final Set<String> PROXY_AUTH_TUNNEL_DISABLED_SCHEMES;
+ static {
+ String proxyAuthDisabled =
+ getNetProperty("jdk.http.auth.proxying.disabledSchemes");
+ String proxyAuthTunnelDisabled =
+ getNetProperty("jdk.http.auth.tunneling.disabledSchemes");
+ PROXY_AUTH_DISABLED_SCHEMES =
+ proxyAuthDisabled == null ? Set.of() :
+ Stream.of(proxyAuthDisabled.split(","))
+ .map(String::trim)
+ .filter((s) -> !s.isEmpty())
+ .collect(Collectors.toUnmodifiableSet());
+ PROXY_AUTH_TUNNEL_DISABLED_SCHEMES =
+ proxyAuthTunnelDisabled == null ? Set.of() :
+ Stream.of(proxyAuthTunnelDisabled.split(","))
+ .map(String::trim)
+ .filter((s) -> !s.isEmpty())
+ .collect(Collectors.toUnmodifiableSet());
+ }
+
+ private static final String WSPACES = " \t\r\n";
+ private static final boolean isAllowedForProxy(String name,
+ List<String> value,
+ Set<String> disabledSchemes,
+ Predicate<String> allowedKeys) {
+ if (!allowedKeys.test(name)) return false;
+ if (disabledSchemes.isEmpty()) return true;
+ if (name.equalsIgnoreCase("proxy-authorization")) {
+ if (value.isEmpty()) return false;
+ for (String scheme : disabledSchemes) {
+ int slen = scheme.length();
+ for (String v : value) {
+ int vlen = v.length();
+ if (vlen == slen) {
+ if (v.equalsIgnoreCase(scheme)) {
+ return false;
+ }
+ } else if (vlen > slen) {
+ if (v.substring(0,slen).equalsIgnoreCase(scheme)) {
+ int c = v.codePointAt(slen);
+ if (WSPACES.indexOf(c) > -1
+ || Character.isSpaceChar(c)
+ || Character.isWhitespace(c)) {
+ return false;
+ }
+ }
+ }
+ }
+ }
+ }
+ return true;
+ }
+
+ public static final BiPredicate<String, List<String>> PROXY_TUNNEL_FILTER =
+ (s,v) -> isAllowedForProxy(s, v, PROXY_AUTH_TUNNEL_DISABLED_SCHEMES,
+ IS_PROXY_HEADER);
+ public static final BiPredicate<String, List<String>> PROXY_FILTER =
+ (s,v) -> isAllowedForProxy(s, v, PROXY_AUTH_DISABLED_SCHEMES,
+ ALL_HEADERS);
+ public static final BiPredicate<String, List<String>> NO_PROXY_HEADERS_FILTER =
+ (n,v) -> Utils.NO_PROXY_HEADER.test(n);
+
+
+ public static boolean proxyHasDisabledSchemes(boolean tunnel) {
+ return tunnel ? ! PROXY_AUTH_TUNNEL_DISABLED_SCHEMES.isEmpty()
+ : ! PROXY_AUTH_DISABLED_SCHEMES.isEmpty();
+ }
public static ByteBuffer getBuffer() {
return ByteBuffer.allocate(BUFSIZE);
--- a/test/jdk/java/net/httpclient/DigestEchoClient.java Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/DigestEchoClient.java Wed Jan 31 16:18:41 2018 +0000
@@ -50,6 +50,7 @@
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;
import jdk.testlibrary.SimpleSSLContext;
+import sun.net.NetProperties;
import sun.net.www.HeaderParser;
import static java.lang.System.out;
import static java.lang.String.format;
@@ -64,7 +65,11 @@
* @build jdk.testlibrary.SimpleSSLContext DigestEchoServer DigestEchoClient
* @modules jdk.incubator.httpclient
* java.base/sun.net.www
+ * java.base/sun.net
* @run main/othervm DigestEchoClient
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=
+ * -Djdk.http.auth.tunneling.disabledSchemes=
+ * DigestEchoClient
*/
public class DigestEchoClient {
@@ -137,6 +142,14 @@
private static final ConcurrentMap<String, EchoServers> servers = new ConcurrentHashMap<>();
}
+ final static String PROXY_DISABLED = NetProperties.get("jdk.http.auth.proxying.disabledSchemes");
+ final static String TUNNEL_DISABLED = NetProperties.get("jdk.http.auth.tunneling.disabledSchemes");
+ static {
+ System.out.println("jdk.http.auth.proxying.disabledSchemes=" + PROXY_DISABLED);
+ System.out.println("jdk.http.auth.tunneling.disabledSchemes=" + TUNNEL_DISABLED);
+ }
+
+
static final AtomicInteger NC = new AtomicInteger();
static final Random random = new Random();
@@ -266,6 +279,40 @@
}
}
+ boolean isSchemeDisabled() {
+ String disabledSchemes;
+ if (isProxy(authType)) {
+ disabledSchemes = useSSL
+ ? TUNNEL_DISABLED
+ : PROXY_DISABLED;
+ } else return false;
+ if (disabledSchemes == null
+ || disabledSchemes.isEmpty()) {
+ return false;
+ }
+ String scheme;
+ switch (authScheme) {
+ case DIGEST:
+ scheme = "Digest";
+ break;
+ case BASIC:
+ scheme = "Basic";
+ break;
+ case BASICSERVER:
+ scheme = "Basic";
+ break;
+ case NONE:
+ return false;
+ default:
+ throw new InternalError("Unknown auth scheme: " + authScheme);
+ }
+ return Stream.of(disabledSchemes.split(","))
+ .map(String::trim)
+ .filter(scheme::equalsIgnoreCase)
+ .findAny()
+ .isPresent();
+ }
+
final static AtomicLong basics = new AtomicLong();
final static AtomicLong basicCount = new AtomicLong();
// @Test
@@ -305,7 +352,8 @@
assert !client.authenticator().isPresent();
if (auth == null) auth = "Basic " + getBasicAuth("arthur");
try {
- if ((i > 0 || preemptive) && (!isTunnel || i == 0)) {
+ if ((i > 0 || preemptive)
+ && (!isTunnel || i == 0 || isSchemeDisabled())) {
// In case of a SSL tunnel through proxy then only the
// first request should require proxy authorization
// Though this might be invalidated if the server decides
@@ -346,7 +394,7 @@
throw new RuntimeException("Unexpected exception: " + t, t);
}
- if (addHeaders && !preemptive && i==0) {
+ if (addHeaders && !preemptive && (i==0 || isSchemeDisabled())) {
assert resp.statusCode() == 401 || resp.statusCode() == 407;
request = HttpRequest.newBuilder(uri).version(version)
.POST(reqBody).header(authorizationKey(authType), auth).build();
@@ -356,12 +404,31 @@
resp = client.send(request, asLines());
}
}
- assert resp.statusCode() == 200;
- List<String> respLines = resp.body().collect(Collectors.toList());
- long stop = System.nanoTime();
- synchronized (basicCount) {
- long n = basicCount.getAndIncrement();
- basics.set((basics.get() * n + (stop - start)) / (n + 1));
+ final List<String> respLines;
+ try {
+ if (isSchemeDisabled()) {
+ if (resp.statusCode() != 407) {
+ throw new RuntimeException("expected 407 not received");
+ }
+ System.out.println("Scheme disabled for [" + authType
+ + ", " + authScheme
+ + ", " + (useSSL ? "HTTP" : "HTTPS")
+ + "]: Received expected " + resp.statusCode());
+ continue;
+ } else {
+ System.out.println("Scheme enabled for [" + authType
+ + ", " + authScheme
+ + ", " + (useSSL ? "HTTPS" : "HTTP")
+ + "]: Expecting 200");
+ assert resp.statusCode() == 200;
+ respLines = resp.body().collect(Collectors.toList());
+ }
+ } finally {
+ long stop = System.nanoTime();
+ synchronized (basicCount) {
+ long n = basicCount.getAndIncrement();
+ basics.set((basics.get() * n + (stop - start)) / (n + 1));
+ }
}
if (!lines.equals(respLines)) {
throw new RuntimeException("Unexpected response: " + respLines);
@@ -418,7 +485,7 @@
// In case of a tunnel connection only the first request
// which establishes the tunnel needs to authenticate with
// the proxy.
- if (challenge != null && !isTunnel) {
+ if (challenge != null && (!isTunnel || isSchemeDisabled())) {
assert cnonceStr != null;
String auth = digestResponse(uri, digestMethod, challenge, cnonceStr);
try {
@@ -442,7 +509,7 @@
// This assert may need to be relaxed if our server happened to
// decide to close the tunnel connection, in which case we would
// receive 407 again...
- assert challenge == null || !isTunnel
+ assert challenge == null || !isTunnel || isSchemeDisabled()
: "No proxy auth should be required after establishing an SSL tunnel";
System.out.println("Received " + resp.statusCode() + " answering challenge...");
@@ -476,12 +543,27 @@
}
System.out.println(resp);
}
- assert resp.statusCode() == 200;
- List<String> respLines = resp.body().collect(Collectors.toList());
- long stop = System.nanoTime();
- synchronized (digestCount) {
- long n = digestCount.getAndIncrement();
- digests.set((digests.get() * n + (stop - start)) / (n + 1));
+ final List<String> respLines;
+ try {
+ if (isSchemeDisabled()) {
+ if (resp.statusCode() != 407) {
+ throw new RuntimeException("expected 407 not received");
+ }
+ System.out.println("Scheme disabled for [" + authType
+ + ", " + authScheme +
+ ", " + (useSSL ? "HTTP" : "HTTPS")
+ + "]: Received expected " + resp.statusCode());
+ continue;
+ } else {
+ assert resp.statusCode() == 200;
+ respLines = resp.body().collect(Collectors.toList());
+ }
+ } finally {
+ long stop = System.nanoTime();
+ synchronized (basicCount) {
+ long n = basicCount.getAndIncrement();
+ basics.set((basics.get() * n + (stop - start)) / (n + 1));
+ }
}
if (!lines.equals(respLines)) {
throw new RuntimeException("Unexpected response: " + respLines);
--- a/test/jdk/java/net/httpclient/DigestEchoClientSSL.java Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/DigestEchoClientSSL.java Wed Jan 31 16:18:41 2018 +0000
@@ -24,11 +24,17 @@
/**
* @test
* @bug 8087112
+ * @summary this test verifies that a client may provides authorization
+ * headers directly when connecting with a server over SSL.
* @library /lib/testlibrary
* @build jdk.testlibrary.SimpleSSLContext DigestEchoServer DigestEchoClient DigestEchoClientSSL
* @modules jdk.incubator.httpclient
* java.base/sun.net.www
+ * java.base/sun.net
* @run main/othervm DigestEchoClientSSL SSL
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=
+ * -Djdk.http.auth.tunneling.disabledSchemes=
+ * DigestEchoClientSSL SSL PROXY
*/
public class DigestEchoClientSSL {
--- a/test/jdk/java/net/httpclient/DigestEchoServer.java Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/DigestEchoServer.java Wed Jan 31 16:18:41 2018 +0000
@@ -1434,10 +1434,25 @@
pw.print(response);
pw.flush();
} else {
- // This should not happen. If it does let our serverImpl
- // deal with it.
- throw new IOException("Tunnel: Unexpected status line: "
- + requestLine);
+ // This should not happen. If it does then just print an
+ // error - both on out and err, and close the accepted
+ // socket
+ System.out.println("WARNING: Tunnel: Unexpected status line: "
+ + requestLine + " received by "
+ + ss.getLocalSocketAddress()
+ + " from "
+ + toClose.getRemoteSocketAddress()
+ + " - closing accepted socket");
+ // Print on err
+ System.err.println("WARNING: Tunnel: Unexpected status line: "
+ + requestLine + " received by "
+ + ss.getLocalSocketAddress()
+ + " from "
+ + toClose.getRemoteSocketAddress());
+ // close accepted socket.
+ toClose.close();
+ System.err.println("Tunnel: accepted socket closed.");
+ continue;
}
// Pipe the input stream of the client connection to the
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/net/httpclient/ProxyAuthDisabledSchemes.java Wed Jan 31 16:18:41 2018 +0000
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @summary this test verifies that a client may provides authorization
+ * headers directly when connecting with a server, and
+ * it verifies that the client honor the jdk.http.auth.*.disabledSchemes
+ * net properties.
+ * @bug 8087112
+ * @library /lib/testlibrary
+ * @build jdk.testlibrary.SimpleSSLContext DigestEchoServer DigestEchoClient ProxyAuthDisabledSchemes
+ * @modules jdk.incubator.httpclient
+ * java.base/sun.net.www
+ * java.base/sun.net
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=Basic,Digest
+ * -Djdk.http.auth.tunneling.disabledSchemes=Digest,Basic
+ * ProxyAuthDisabledSchemes
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=Basic
+ * -Djdk.http.auth.tunneling.disabledSchemes=Basic
+ * ProxyAuthDisabledSchemes CLEAR PROXY
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=Digest
+ * -Djdk.http.auth.tunneling.disabledSchemes=Digest
+ * ProxyAuthDisabledSchemes CLEAR PROXY
+ */
+
+public class ProxyAuthDisabledSchemes {
+ public static void main(String[] args) throws Exception {
+ DigestEchoClient.main(args);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/net/httpclient/ProxyAuthDisabledSchemesSSL.java Wed Jan 31 16:18:41 2018 +0000
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8087112
+ * @summary this test verifies that a client may provides authorization
+ * headers directly when connecting with a server over SSL, and
+ * it verifies that the client honor the jdk.http.auth.*.disabledSchemes
+ * net properties.
+ * @library /lib/testlibrary
+ * @build jdk.testlibrary.SimpleSSLContext DigestEchoServer DigestEchoClient ProxyAuthDisabledSchemesSSL
+ * @modules jdk.incubator.httpclient
+ * java.base/sun.net.www
+ * java.base/sun.net
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=Basic,Digest
+ * -Djdk.http.auth.tunneling.disabledSchemes=Digest,Basic
+ * ProxyAuthDisabledSchemesSSL SSL
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=Basic
+ * -Djdk.http.auth.tunneling.disabledSchemes=Basic
+ * ProxyAuthDisabledSchemesSSL SSL PROXY
+ * @run main/othervm -Djdk.http.auth.proxying.disabledSchemes=Digest
+ * -Djdk.http.auth.tunneling.disabledSchemes=Digest
+ * ProxyAuthDisabledSchemesSSL SSL PROXY
+ */
+
+public class ProxyAuthDisabledSchemesSSL {
+ public static void main(String[] args) throws Exception {
+ assert "SSL".equals(args[0]);
+ DigestEchoClient.main(args);
+ }
+}
--- a/test/jdk/java/net/httpclient/TimeoutBasic.java Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/TimeoutBasic.java Wed Jan 31 16:18:41 2018 +0000
@@ -153,6 +153,11 @@
count++;
try {
HttpResponse<?> resp = client.sendAsync(request, discard(null)).join();
+ out.println("Unexpected response for: " + request);
+ out.println("\t from " + ss.getLocalSocketAddress());
+ out.println("Response is: " + resp);
+ out.println("Headers: " + resp.headers().map());
+ out.println("Body (should be null): " + resp.body());
throw new RuntimeException("Unexpected response: " + resp.statusCode());
} catch (CompletionException e) {
if (!(e.getCause() instanceof HttpTimeoutException)) {
--- a/test/jdk/java/net/httpclient/security/0.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/0.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/1.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/1.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/10.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/10.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -60,6 +60,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/11.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/11.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -62,6 +62,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/12.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/12.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -62,6 +62,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/14.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/14.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/15.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/15.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -64,6 +64,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/2.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/2.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/3.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/3.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/4.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/4.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -62,6 +62,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/5.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/5.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/6.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/6.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/7.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/7.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/8.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/8.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/9.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/9.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write"; // delete???
permission java.util.PropertyPermission "jdk.httpclient.*","read";
+ permission java.util.PropertyPermission "jdk.http.auth.*","read";
permission java.net.NetPermission "getProxySelector";
};
--- a/test/jdk/java/net/httpclient/security/filePerms/httpclient.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/security/filePerms/httpclient.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
// ## look at the different property names!
+ permission java.util.PropertyPermission "jdk.http.auth.proxying.disabledSchemes","read";
+ permission java.util.PropertyPermission "jdk.http.auth.tunneling.disabledSchemes","read";
permission java.util.PropertyPermission "jdk.httpclient.HttpClient.log","read"; // name!
permission java.util.PropertyPermission "jdk.httpclient.auth.retrylimit","read";
permission java.util.PropertyPermission "jdk.httpclient.connectionWindowSize","read";
--- a/test/jdk/java/net/httpclient/websocket/security/httpclient.policy Wed Jan 31 15:52:35 2018 +0000
+++ b/test/jdk/java/net/httpclient/websocket/security/httpclient.policy Wed Jan 31 16:18:41 2018 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+// Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@
permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
// ## look at the different property names!
+ permission java.util.PropertyPermission "jdk.http.auth.proxying.disabledSchemes","read";
+ permission java.util.PropertyPermission "jdk.http.auth.tunneling.disabledSchemes","read";
permission java.util.PropertyPermission "jdk.httpclient.HttpClient.log","read"; // name!
permission java.util.PropertyPermission "jdk.httpclient.auth.retrylimit","read";
permission java.util.PropertyPermission "jdk.httpclient.connectionWindowSize","read";