United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8077155 : LoginContext Subject ignored by jdk8 sun.net.www.protocol.http.HttpURLConnection

Details
Type:
Bug
Submit Date:
2015-04-07
Status:
Resolved
Updated Date:
2016-05-27
Project Name:
JDK
Resolved Date:
2015-05-20
Component:
core-libs
OS:
Sub-Component:
java.net
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:

Related Reports
Backport:
Backport:
Relates:

Sub Tasks

Description
When running with a security manager and a policy that grants "permission java.security.AllPermission;" an attempt to run HttpURLConnection.getInputStream as a logged in subject against a server requiring negotiate authentication will fail.



                                    

Comments
The root of the problem is described in the following stack trace. This indicates that the logged in subjects credentials are not available to the getInputStream calls.

javax.security.auth.login.LoginException: No password provided
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:919)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at sun.security.jgss.GSSUtil.login(GSSUtil.java:258)
at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:158)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:335)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:331)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:330)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:145)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at sun.net.www.protocol.http.spnego.NegotiatorImpl.init(NegotiatorImpl.java:107)
at sun.net.www.protocol.http.spnego.NegotiatorImpl.<init>(NegotiatorImpl.java:116)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at sun.net.www.protocol.http.Negotiator.getNegotiator(Negotiator.java:64)
at sun.net.www.protocol.http.NegotiateAuthentication.isSupportedImpl(NegotiateAuthentication.java:130)
at sun.net.www.protocol.http.NegotiateAuthentication.isSupported(NegotiateAuthentication.java:102)
at sun.net.www.protocol.http.AuthenticationHeader.parse(AuthenticationHeader.java:180)
at sun.net.www.protocol.http.AuthenticationHeader.<init>(AuthenticationHeader.java:126)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1670)
at sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:90)
at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1435)
at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1433)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java:713)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1432)
at Bug_KerberosHttpAccess.connectToOozie(Bug_KerberosHttpAccess.java:78)
at Bug_KerberosHttpAccess.access$000(Bug_KerberosHttpAccess.java:68)
at Bug_KerberosHttpAccess$3.run(Bug_KerberosHttpAccess.java:164)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at Bug_KerberosHttpAccess.main(Bug_KerberosHttpAccess.java:173) 
                                     
2015-05-20



Hardware and Software, Engineered to Work Together