JDK-8077155 : LoginContext Subject ignored by jdk8 sun.net.www.protocol.http.HttpURLConnection
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 8
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-04-07
  • Updated: 2016-05-27
  • Resolved: 2015-05-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u45Fixed 9 b66Fixed
Related Reports
Relates :  
Description
When running with a security manager and a policy that grants "permission java.security.AllPermission;" an attempt to run HttpURLConnection.getInputStream as a logged in subject against a server requiring negotiate authentication will fail.



Comments
The root of the problem is described in the following stack trace. This indicates that the logged in subjects credentials are not available to the getInputStream calls. javax.security.auth.login.LoginException: No password provided at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:919) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at sun.security.jgss.GSSUtil.login(GSSUtil.java:258) at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:158) at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:335) at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:331) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:330) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:145) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at sun.net.www.protocol.http.spnego.NegotiatorImpl.init(NegotiatorImpl.java:107) at sun.net.www.protocol.http.spnego.NegotiatorImpl.<init>(NegotiatorImpl.java:116) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at sun.net.www.protocol.http.Negotiator.getNegotiator(Negotiator.java:64) at sun.net.www.protocol.http.NegotiateAuthentication.isSupportedImpl(NegotiateAuthentication.java:130) at sun.net.www.protocol.http.NegotiateAuthentication.isSupported(NegotiateAuthentication.java:102) at sun.net.www.protocol.http.AuthenticationHeader.parse(AuthenticationHeader.java:180) at sun.net.www.protocol.http.AuthenticationHeader.<init>(AuthenticationHeader.java:126) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1670) at sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:90) at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1435) at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1433) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(AccessController.java:713) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1432) at Bug_KerberosHttpAccess.connectToOozie(Bug_KerberosHttpAccess.java:78) at Bug_KerberosHttpAccess.access$000(Bug_KerberosHttpAccess.java:68) at Bug_KerberosHttpAccess$3.run(Bug_KerberosHttpAccess.java:164) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at Bug_KerberosHttpAccess.main(Bug_KerberosHttpAccess.java:173)
2015-05-20