JDK-4678055 : Basic Authentication fails with multiple realms
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 1.4.1
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_8,windows_2000
  • CPU: generic,x86
  • Submitted: 2002-05-01
  • Updated: 2002-10-11
  • Resolved: 2002-10-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2 mantisFixed
Related Reports
Duplicate :  
Description
Basic Authentication fails with multiple realms. 
I setup of two realms on apache server . Both realms have different user  databases. When I set Authenticator.setDefault() to one realm's user and then try to access the resource existing in second realm thru HttpURLConnection, then it throws the following exception.

java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
        at java.util.LinkedList.entry(LinkedList.java:356)
        at java.util.LinkedList.get(LinkedList.java:299)
        at sun.net.www.protocol.http.PathMap.get(AuthenticationInfo.java:375)
        at sun.net.www.protocol.http.AuthenticationInfo.getAuth(AuthenticationInfo.java:181)
        at sun.net.www.protocol.http.AuthenticationInfo.getServerAuth(AuthenticationInfo.java:171)
        at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:951)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:611)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:238)
        at BasicAuthTestCase.main(BasicAuthTestCase.java:34)


How to reproduce it:
====================
1. Take the attached BasicAuthTestCase.java
2. Need to setup two realms on apache(or may be any other server) . Both will be having two different user lists. 

For example I have  like...
realm -> AuthCheck/ -> It has a list of users 
realm -> NoAuth/  -> It has a list of users

3. Execute the attached code

Output:
------
java BasicAuthTestCase
Response url1: 401    ---> Accessed before setting Authenticator.setDefault()
npath = /AuthCheck/
opath = /AuthCheck/
second Response url1: 200 --> After setting user info
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 --> {Tried to access second realm }
        at java.util.LinkedList.entry(LinkedList.java:356)
        at java.util.LinkedList.get(LinkedList.java:299)
        at sun.net.www.protocol.http.PathMap.get(AuthenticationInfo.java:375)
        at sun.net.www.protocol.http.AuthenticationInfo.getAuth(AuthenticationInfo.java:181)
        at sun.net.www.protocol.http.AuthenticationInfo.getServerAuth(AuthenticationInfo.java:171)
        at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:951)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:611)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:238)
        at BasicAuthTestCase.main(BasicAuthTestCase.java:34)



Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mantis FIXED IN: mantis INTEGRATED IN: mantis mantis-b04
2004-06-14

SUGGESTED FIX !sccsdiff -e ../../src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java 1.24 404 lines 2c2 < * @(#)AuthenticationInfo.java 1.24 02/04/15 --- > * %W% %E% 27c27 < * @version 1.24, 04/15/02 --- > * @version %I%, %G% 370c370 < if (list == null) { --- > if (list == null || list.size() == 0) { New regression test is in test/java/net/Authenticator/BasicTest5.java (not integrated yet).
2004-06-11

EVALUATION This only happens when the two realms have the same "realm string" so to speak, which would be unusual in practice, but it does expose an erroneous assumption in the source code, which causes the crash. The solution is simply to check for an empty linked list and return null AuthenticationInfo.java: 370c370 < if (list == null) { --- > if (list == null || list.size() == 0) { ###@###.### 2002-05-02
2002-05-02