United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6520665 NTLM Authentication not requested, throws null exception
JDK-6520665 : NTLM Authentication not requested, throws null exception

Details
Type:
Bug
Submit Date:
2007-02-02
Status:
Closed
Updated Date:
2011-03-08
Project Name:
JDK
Resolved Date:
2011-03-08
Component:
core-libs
OS:
linux,solaris_10
Sub-Component:
java.net
CPU:
x86,sparc
Priority:
P4
Resolution:
Fixed
Affected Versions:
5.0,5.0u11
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Duplicate:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)

ADDITIONAL OS VERSION INFORMATION :
2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686 i386 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
Using java.net.HttpURLConnection to access an NTLM protected site.
Don't want to use new NTLMAuthentication feature (using my own code).
Did not specify an Authenticator, following http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html suggestions...


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Open an HttpUrlConnection on a NTLM protected site without specifying a java.net.Authenticator.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
a "401" response code
ACTUAL -
NullPointerException

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
	at sun.net.www.protocol.http.NTLMAuthentication.init(NTLMAuthentication.java:138)
	at sun.net.www.protocol.http.NTLMAuthentication.<init>(NTLMAuthentication.java:133)
	at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:1700)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1091)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Possible patch:
in sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication() substitute (line 1700 on current source?)
ret = new NTLMAuthentication(false, url1, a);
with
if (a != null) {
  ret = new NTLMAuthentication(false, url1, a);
}

                                    

Comments
EVALUATION

This is an issue only on Unix systems. On windows a value of null for the  PasswordAuthentication instance will force the implementation to use the current logged on users credentials. That is why we cannot simply make the changes suggested in the description section. See the "Suggested Fix" section of the bug report to see a more suitable fix for this issue. 

We also need to make the same changes to sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication
                                     
2007-03-27
SUGGESTED FIX

------- HttpURLConnection.java -------

  *method sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication*
1565,1566c1565,1576
<                   tryTransparentNTLMProxy = false;
<                   ret = new NTLMAuthentication(true, host, port, a);
---
>                   /* If we are not trying transparent authentication then
>                    * we need to have a PasswordAuthentication instance. For
>                    * transparent authentication (Windows only) the username
>                    * and password will be picked up from the current logged
>                    * on users credentials.
>                   */
>                   if (tryTransparentNTLMProxy ||
>                         (!tryTransparentNTLMProxy && a != null)) {
>                       ret = new NTLMAuthentication(true, host, port, a);
>                   }
>
>                   tryTransparentNTLMProxy = false;

  *method sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication*
1700d1721
<                   tryTransparentNTLMProxy = false;
<                   ret = new NTLMAuthentication(false, url1, a);
1698a1709,1720
>
>                   /* If we are not trying transparent authentication then
>                    * we need to have a PasswordAuthentication instance. For
>                    * transparent authentication (Windows only) the username
>                    * and password will be picked up from the current logged
>                    * on users credentials.
>                    */
>                   if (tryTransparentNTLMServer ||
>                         (!tryTransparentNTLMServer && a != null)) {
>                       ret = new NTLMAuthentication(false, url1, a);
>                   }
>
>                   tryTransparentNTLMServer = false;


*** (#1 of 1): [ UNSAVED ] ###@###.###
                                     
2007-03-27
EVALUATION

This fix should also fix 6357133.
                                     
2007-03-27



Hardware and Software, Engineered to Work Together