JDK-6520665 : NTLM Authentication not requested, throws null exception
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 5.0,5.0u11
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: linux,solaris_10
  • CPU: x86,sparc
  • Submitted: 2007-02-02
  • Updated: 2011-03-08
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7
1.4.2_30Fixed 6u4Fixed 7 b12Fixed
Related Reports
Duplicate :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)

ADDITIONAL OS VERSION INFORMATION :
2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686 i386 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
Using java.net.HttpURLConnection to access an NTLM protected site.
Don't want to use new NTLMAuthentication feature (using my own code).
Did not specify an Authenticator, following http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html suggestions...


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Open an HttpUrlConnection on a NTLM protected site without specifying a java.net.Authenticator.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
a "401" response code
ACTUAL -
NullPointerException

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
	at sun.net.www.protocol.http.NTLMAuthentication.init(NTLMAuthentication.java:138)
	at sun.net.www.protocol.http.NTLMAuthentication.<init>(NTLMAuthentication.java:133)
	at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:1700)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1091)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Possible patch:
in sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication() substitute (line 1700 on current source?)
ret = new NTLMAuthentication(false, url1, a);
with
if (a != null) {
  ret = new NTLMAuthentication(false, url1, a);
}

Comments
EVALUATION This fix should also fix 6357133.
27-03-2007

SUGGESTED FIX ------- HttpURLConnection.java ------- *method sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication* 1565,1566c1565,1576 < tryTransparentNTLMProxy = false; < ret = new NTLMAuthentication(true, host, port, a); --- > /* If we are not trying transparent authentication then > * we need to have a PasswordAuthentication instance. For > * transparent authentication (Windows only) the username > * and password will be picked up from the current logged > * on users credentials. > */ > if (tryTransparentNTLMProxy || > (!tryTransparentNTLMProxy && a != null)) { > ret = new NTLMAuthentication(true, host, port, a); > } > > tryTransparentNTLMProxy = false; *method sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication* 1700d1721 < tryTransparentNTLMProxy = false; < ret = new NTLMAuthentication(false, url1, a); 1698a1709,1720 > > /* If we are not trying transparent authentication then > * we need to have a PasswordAuthentication instance. For > * transparent authentication (Windows only) the username > * and password will be picked up from the current logged > * on users credentials. > */ > if (tryTransparentNTLMServer || > (!tryTransparentNTLMServer && a != null)) { > ret = new NTLMAuthentication(false, url1, a); > } > > tryTransparentNTLMServer = false; *** (#1 of 1): [ UNSAVED ] ###@###.###
27-03-2007

EVALUATION This is an issue only on Unix systems. On windows a value of null for the PasswordAuthentication instance will force the implementation to use the current logged on users credentials. That is why we cannot simply make the changes suggested in the description section. See the "Suggested Fix" section of the bug report to see a more suitable fix for this issue. We also need to make the same changes to sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication
27-03-2007