JDK-7176784 : Windows authentication not working on some computers
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 7u4
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86
  • Submitted: 2012-06-13
  • Updated: 2015-05-14
  • Resolved: 2012-06-27
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6u60Fixed 7u6Fixed 8 b45Fixed
On some computers the windows authentication of Java is not working. 
On the same machine, the same user and the same HTTP URL the windows login 
is working in the brower. 

By debugging the problem, monitor the network monitor and find Java 
is not sending the third message of the NTLM handshake.

Look in Java sources and debug the problem, find that NTLMAuthSequence.getNextToken() 
return null in the error case. This result in follow exception:

Exception in thread "main" java.io.IOException: Internal authentication error

 at sun.net.www.protocol.http.ntlm.NTLMAuthSequence.getAuthHeader(Unknown Source)

 at TestNtlm.main(TestNtlm.java:29)

Attached a test program and the log output from the failing system.
Java version - 1.7.0_04-b22. It is not a regression and the problem occur on Java 6; 
however, after upgrade to 7u4 and the problem persistent.

The OS is a Windows 7 32 Bit.

No java.io.IOException in TestNtlm. Consider it a good fix.

EVALUATION Trivially, increase the native buffer size from 512 to 1024. JDK8 Changeset: 4a4a04bfeece Author: chegar Date: 2012-06-25 14:19 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4a4a04bfeece 7176784: Windows authentication not working on some computers Reviewed-by: michaelm ! src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthSequence.c

EVALUATION From submitter: "They found the native sources from NTLMAuthSequence and create a test program with this souces that print debug information. The cause of the problem is that the call to pInitializeSecurityContext return with SEC_E_INSUFFICIENT_MEMORY. The cause of the problem seems that you use only a buffer of 512 bytes for the security token. This is too small on computers with long names. There are 2 positions in the NTLMAuthSequence.c file with 512. If you incremet this value then it should work in this case. Better will be if you use the allocation from InitializeSecurityContext."