6997851: Create NTLM AuthenticationCallBack class to avoid NTLM info leakage on client side
authorchegar
Mon, 10 Jan 2011 18:12:43 +0000
changeset 8815 9a3f042d307e
parent 8814 f899ad8ada82
child 8816 29f983feda95
6997851: Create NTLM AuthenticationCallBack class to avoid NTLM info leakage on client side Reviewed-by: michaelm
jdk/make/sun/net/FILES_java.gmk
jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java
jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java
jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
--- a/jdk/make/sun/net/FILES_java.gmk	Mon Nov 01 11:32:50 2010 -0400
+++ b/jdk/make/sun/net/FILES_java.gmk	Mon Jan 10 18:12:43 2011 +0000
@@ -100,6 +100,7 @@
 	sun/net/www/protocol/http/NegotiateAuthentication.java \
 	sun/net/www/protocol/http/Negotiator.java \
 	sun/net/www/protocol/http/ntlm/NTLMAuthentication.java \
+	sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java \
 	sun/net/www/protocol/http/spnego/NegotiatorImpl.java \
 	sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java \
 	sun/net/www/protocol/http/logging/HttpLogFormatter.java \
--- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Mon Nov 01 11:32:50 2010 -0400
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Mon Jan 10 18:12:43 2011 +0000
@@ -2173,6 +2173,13 @@
                         if (tryTransparentNTLMServer) {
                             tryTransparentNTLMServer =
                                     NTLMAuthenticationProxy.proxy.supportsTransparentAuth;
+                            /* If the platform supports transparent authentication
+                             * then check if we are in a secure environment
+                             * whether, or not, we should try transparent authentication.*/
+                            if (tryTransparentNTLMServer) {
+                                tryTransparentNTLMServer =
+                                        NTLMAuthenticationProxy.proxy.isTrustedSite(url);
+                            }
                         }
                         a = null;
                         if (tryTransparentNTLMServer) {
--- a/jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java	Mon Nov 01 11:32:50 2010 -0400
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java	Mon Jan 10 18:12:43 2011 +0000
@@ -36,12 +36,14 @@
  */
 class NTLMAuthenticationProxy {
     private static Method supportsTA;
+    private static Method isTrustedSite;
     private static final String clazzStr = "sun.net.www.protocol.http.ntlm.NTLMAuthentication";
     private static final String supportsTAStr = "supportsTransparentAuth";
+    private static final String isTrustedSiteStr = "isTrustedSite";
 
     static final NTLMAuthenticationProxy proxy = tryLoadNTLMAuthentication();
     static final boolean supported = proxy != null ? true : false;
-    static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth(supportsTA) : false;
+    static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth() : false;
 
     private final Constructor<? extends AuthenticationInfo> threeArgCtr;
     private final Constructor<? extends AuthenticationInfo> fiveArgCtr;
@@ -82,9 +84,22 @@
      * authentication (try with the current users credentials before
      * prompting for username and password, etc).
      */
-    private static boolean supportsTransparentAuth(Method method) {
+    private static boolean supportsTransparentAuth() {
         try {
-            return (Boolean)method.invoke(null);
+            return (Boolean)supportsTA.invoke(null);
+        } catch (ReflectiveOperationException roe) {
+            finest(roe);
+        }
+
+        return false;
+    }
+
+    /* Transparent authentication should only be tried with a trusted
+     * site ( when running in a secure environment ).
+     */
+    public static boolean isTrustedSite(URL url) {
+        try {
+            return (Boolean)isTrustedSite.invoke(null, url);
         } catch (ReflectiveOperationException roe) {
             finest(roe);
         }
@@ -112,6 +127,7 @@
                                             int.class,
                                             PasswordAuthentication.class);
                 supportsTA = cl.getDeclaredMethod(supportsTAStr);
+                isTrustedSite = cl.getDeclaredMethod(isTrustedSiteStr, java.net.URL.class);
                 return new NTLMAuthenticationProxy(threeArg,
                                                    fiveArg);
             }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java	Mon Jan 10 18:12:43 2011 +0000
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.net.www.protocol.http.ntlm;
+
+import java.net.URL;
+
+/**
+ * This class is used to call back to deployment to determine if a given
+ * URL is trusted. Transparent authentication (try with logged in users
+ * credentials without prompting) should only be tried with trusted sites.
+ */
+public abstract class NTLMAuthenticationCallback {
+    private static volatile NTLMAuthenticationCallback callback =
+            new DefaultNTLMAuthenticationCallback();
+
+    public static void setNTLMAuthenticationCallback(
+            NTLMAuthenticationCallback callback) {
+        NTLMAuthenticationCallback.callback = callback;
+    }
+
+    public static NTLMAuthenticationCallback getNTLMAuthenticationCallback() {
+        return callback;
+    }
+
+    /**
+     * Returns true if the given site is trusted, i.e. we can try
+     * transparent Authentication.
+     */
+    public abstract boolean isTrustedSite(URL url);
+
+    static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback {
+        @Override
+        public boolean isTrustedSite(URL url) { return true; }
+    }
+}
+
--- a/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java	Mon Nov 01 11:32:50 2010 -0400
+++ b/jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java	Mon Jan 10 18:12:43 2011 +0000
@@ -68,6 +68,9 @@
 public class NTLMAuthentication extends AuthenticationInfo {
     private static final long serialVersionUID = 170L;
 
+    private static final NTLMAuthenticationCallback NTLMAuthCallback =
+        NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
+
     private String hostname;
     private static String defaultDomain; /* Domain to use if not specified by user */
 
@@ -81,6 +84,14 @@
         return false;
     }
 
+    /**
+     * Returns true if the given site is trusted, i.e. we can try
+     * transparent Authentication.
+     */
+    public static boolean isTrustedSite(URL url) {
+        return NTLMAuthCallback.isTrustedSite(url);
+    }
+
     private void init0() {
 
         hostname = java.security.AccessController.doPrivileged(
--- a/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java	Mon Nov 01 11:32:50 2010 -0400
+++ b/jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java	Mon Jan 10 18:12:43 2011 +0000
@@ -45,6 +45,9 @@
 
     private static final long serialVersionUID = 100L;
 
+    private static final NTLMAuthenticationCallback NTLMAuthCallback =
+        NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
+
     private String hostname;
     private static String defaultDomain; /* Domain to use if not specified by user */
 
@@ -143,6 +146,14 @@
     }
 
     /**
+     * Returns true if the given site is trusted, i.e. we can try
+     * transparent Authentication.
+     */
+    public static boolean isTrustedSite(URL url) {
+        return NTLMAuthCallback.isTrustedSite(url);
+    }
+
+    /**
      * Not supported. Must use the setHeaders() method
      */
     @Override