Bug ID: JDK-4678055 Basic Authentication fails with multiple realms

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other
1.4.2 mantisFixed

Basic Authentication fails with multiple realms. 
I setup of two realms on apache server . Both realms have different user  databases. When I set Authenticator.setDefault() to one realm's user and then try to access the resource existing in second realm thru HttpURLConnection, then it throws the following exception.

java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
        at java.util.LinkedList.entry(LinkedList.java:356)
        at java.util.LinkedList.get(LinkedList.java:299)
        at sun.net.www.protocol.http.PathMap.get(AuthenticationInfo.java:375)
        at sun.net.www.protocol.http.AuthenticationInfo.getAuth(AuthenticationInfo.java:181)
        at sun.net.www.protocol.http.AuthenticationInfo.getServerAuth(AuthenticationInfo.java:171)
        at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:951)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:611)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:238)
        at BasicAuthTestCase.main(BasicAuthTestCase.java:34)


How to reproduce it:
====================
1. Take the attached BasicAuthTestCase.java
2. Need to setup two realms on apache(or may be any other server) . Both will be having two different user lists. 

For example I have  like...
realm -> AuthCheck/ -> It has a list of users 
realm -> NoAuth/  -> It has a list of users

3. Execute the attached code

Output:
------
java BasicAuthTestCase
Response url1: 401    ---> Accessed before setting Authenticator.setDefault()
npath = /AuthCheck/
opath = /AuthCheck/
second Response url1: 200 --> After setting user info
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 --> {Tried to access second realm }
        at java.util.LinkedList.entry(LinkedList.java:356)
        at java.util.LinkedList.get(LinkedList.java:299)
        at sun.net.www.protocol.http.PathMap.get(AuthenticationInfo.java:375)
        at sun.net.www.protocol.http.AuthenticationInfo.getAuth(AuthenticationInfo.java:181)
        at sun.net.www.protocol.http.AuthenticationInfo.getServerAuth(AuthenticationInfo.java:171)
        at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:951)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:611)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:238)
        at BasicAuthTestCase.main(BasicAuthTestCase.java:34)

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mantis FIXED IN: mantis INTEGRATED IN: mantis mantis-b04

14-06-2004

SUGGESTED FIX !sccsdiff -e ../../src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java 1.24 404 lines 2c2 < * @(#)AuthenticationInfo.java 1.24 02/04/15 --- > * %W% %E% 27c27 < * @version 1.24, 04/15/02 --- > * @version %I%, %G% 370c370 < if (list == null) { --- > if (list == null || list.size() == 0) { New regression test is in test/java/net/Authenticator/BasicTest5.java (not integrated yet).

11-06-2004

EVALUATION This only happens when the two realms have the same "realm string" so to speak, which would be unusual in practice, but it does expose an erroneous assumption in the source code, which causes the crash. The solution is simply to check for an empty linked list and return null AuthenticationInfo.java: 370c370 < if (list == null) { --- > if (list == null || list.size() == 0) { ###@###.### 2002-05-02

02-05-2002