8044215: Unable to initiate SpNego using a S4U2Proxy GSSCredential (Krb5ProxyCredential)
Reviewed-by: mullan
--- a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java Tue Oct 14 10:07:44 2014 +0800
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java Tue Oct 14 10:08:32 2014 +0800
@@ -244,8 +244,11 @@
* establishment.
*/
public final void requestCredDeleg(boolean value) throws GSSException {
- if (state == STATE_NEW && isInitiator())
- credDelegState = value;
+ if (state == STATE_NEW && isInitiator()) {
+ if (myCred == null || !(myCred instanceof Krb5ProxyCredential)) {
+ credDelegState = value;
+ }
+ }
}
/**
--- a/jdk/test/sun/security/krb5/auto/S4U2proxy.java Tue Oct 14 10:07:44 2014 +0800
+++ b/jdk/test/sun/security/krb5/auto/S4U2proxy.java Tue Oct 14 10:08:32 2014 +0800
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6355584
+ * @bug 6355584 8044215
* @summary Introduce constrained Kerberos delegation
* @compile -XDignore.symbol.file S4U2proxy.java
* @run main/othervm S4U2proxy krb5
@@ -69,6 +69,10 @@
Context p = s.delegated();
p.startAsClient(OneKDC.BACKEND, mech);
+
+ // 8044215: requestCredDeleg is useless and harmless
+ p.x().requestCredDeleg(true);
+
b.startAsServer(mech);
Context.handshake(p, b);