JDK-2188350 : 2nd call to HTTP/SPNEGO fails when http.auth.preference=Negotiate is set
  • Type: Backport
  • Backport of: JDK-6589477
  • Component: core-libs
  • Sub-Component: java.net
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2010-02-11
  • Updated: 2010-11-04
  • Resolved: 2010-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u21 b01Fixed 7Fixed
Description
The mod_auth_kerb module for Apache sends a response with "WWW-Authenticate: Nogotiate" but it only accepts raw Kerberos 5 AP-REQ tokens. In order for Java to work with this module, the client side must have "-Dhttp.auth.preference=kerberos" set. This leads to the same problem described in this bug report. Therefore, we probably should not say "This is not of high priority" anymore.
The subCR created for 6u20 is due to 6924535, which is filed by SNCF of France, a P3 bug.

Comments
EVALUATION Fixed as in JDK 7, plus reg test updated.
24-02-2010

WORK AROUND Use mod_auth_gss instead of mod_auth_krb5.
11-02-2010