6586707: NTLM authentication with proxy fails
authorweijun
Tue, 23 Mar 2010 10:41:11 +0800
changeset 5161 bad56b1f38fb
parent 5160 c0e0c9a9d338
child 5162 0dbedf4fdb8c
6586707: NTLM authentication with proxy fails Reviewed-by: chegar
jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
--- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Mon Mar 22 11:55:54 2010 +0000
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Tue Mar 23 10:41:11 2010 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1995-2010 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1258,6 +1258,11 @@
                         doingNTLMp2ndStage = false;
                         continue;
                     }
+                } else {
+                    inNegotiateProxy = false;
+                    doingNTLMp2ndStage = false;
+                    if (!isUserProxyAuth)
+                        requests.remove("Proxy-Authorization");
                 }
 
                 // cache proxy authentication info
@@ -1303,7 +1308,7 @@
                             serverAuthentication.getAuthScheme() != NTLM) {
                             if (serverAuthentication.isAuthorizationStale (raw)) {
                                 /* we can retry with the current credentials */
-                                disconnectInternal();
+                                disconnectWeb();
                                 redirects++;
                                 requests.set(serverAuthentication.getHeaderName(),
                                             serverAuthentication.getHeaderValue(url, method));
@@ -1318,7 +1323,7 @@
                         currentServerCredentials = serverAuthentication;
 
                         if (serverAuthentication != null) {
-                            disconnectInternal();
+                            disconnectWeb();
                             redirects++; // don't let things loop ad nauseum
                             setCookieHeader();
                             continue;
@@ -1327,7 +1332,7 @@
                         reset ();
                         /* header not used for ntlm */
                         if (!serverAuthentication.setHeaders(this, null, raw)) {
-                            disconnectInternal();
+                            disconnectWeb();
                             throw new IOException ("Authentication failure");
                         }
                         doingNTLM2ndStage = false;
@@ -2320,6 +2325,22 @@
     }
 
     /**
+     * Disconnect from the web server at the first 401 error. Do not
+     * disconnect when using a proxy, a good proxy should have already
+     * closed the connection to the web server.
+     */
+    private void disconnectWeb() throws IOException {
+        if (usingProxy()) {
+            responseCode = -1;
+            // clean up, particularly, skip the content part
+            // of a 401 error response
+            reset();
+        } else {
+            disconnectInternal();
+        }
+    }
+
+    /**
      * Disconnect from the server (for internal use)
      */
     private void disconnectInternal() {