8186600: Improve property negotiations

Reviewed-by: valeriep, ahgross, mullan

8186600: Improve property negotiations
Reviewed-by: valeriep, ahgross, mullan
27a9d6bb · igerasim · e51bd75a · 27a9d6bb · 27a9d6bb · 27a9d6bb
3 changed file
--- a/src/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
+++ b/src/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import sun.net.www.protocol.http.HttpCallerInfo;
+import sun.security.jgss.LoginConfigImpl;
 /**
 * @since 1.6
@@ -61,6 +62,8 @@ public class NegotiateCallbackHandler implements CallbackHandler {
    private void getAnswer() {
        if (!answered) {
            answered = true;
+            if (LoginConfigImpl.HTTP_USE_GLOBAL_CREDS) {
                PasswordAuthentication passAuth =
                        Authenticator.requestPasswordAuthentication(
                                hci.host, hci.addr, hci.port, hci.protocol,
@@ -76,6 +79,7 @@ public class NegotiateCallbackHandler implements CallbackHandler {
                }
            }
        }
+    }
    public void handle(Callback[] callbacks) throws
            UnsupportedCallbackException, IOException {

--- a/src/share/classes/sun/security/jgss/GSSUtil.java
+++ b/src/share/classes/sun/security/jgss/GSSUtil.java
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -270,24 +270,17 @@ public class GSSUtil {
     */
    public static boolean useSubjectCredsOnly(GSSCaller caller) {
-        // HTTP/SPNEGO doesn't use the standard JAAS framework. Instead, it
+        String propValue = GetPropertyAction.privilegedGetProperty(
-        // uses the java.net.Authenticator style, therefore always return
+                "javax.security.auth.useSubjectCredsOnly");
-        // false here.
+        // Invalid values should be ignored and the default assumed.
        if (caller instanceof HttpCaller) {
-            return false;
+            // Default for HTTP/SPNEGO is false.
+            return "true".equalsIgnoreCase(propValue);
+        } else {
+            // Default for JGSS is true.
+            return !("false".equalsIgnoreCase(propValue));
        }
-        /*
-         * Don't use GetBooleanAction because the default value in the JRE
-         * (when this is unset) has to treated as true.
-         */
-        String propValue = AccessController.doPrivileged(
-                new GetPropertyAction("javax.security.auth.useSubjectCredsOnly",
-                "true"));
-        /*
-         * This property has to be explicitly set to "false". Invalid
-         * values should be ignored and the default "true" assumed.
-         */
-        return (!propValue.equalsIgnoreCase("false"));
    }
    /**

--- a/src/share/classes/sun/security/jgss/LoginConfigImpl.java
+++ b/src/share/classes/sun/security/jgss/LoginConfigImpl.java
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.util.HashMap;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 import org.ietf.jgss.Oid;
+import sun.security.action.GetPropertyAction;
 /**
 * A Configuration implementation especially designed for JGSS.
@@ -44,6 +45,16 @@ public class LoginConfigImpl extends Configuration {
    private static final sun.security.util.Debug debug =
        sun.security.util.Debug.getInstance("gssloginconfig", "\t[GSS LoginConfigImpl]");
+    public static final boolean HTTP_USE_GLOBAL_CREDS;
+    static {
+        String prop = GetPropertyAction
+                .privilegedGetProperty("http.use.global.creds");
+        //HTTP_USE_GLOBAL_CREDS = "true".equalsIgnoreCase(prop); // default false
+        HTTP_USE_GLOBAL_CREDS = !"false".equalsIgnoreCase(prop); // default true
+    }
    /**
     * A new instance of LoginConfigImpl must be created for each login request
     * since it's only used by a single (caller, mech) pair
@@ -177,8 +188,12 @@ public class LoginConfigImpl extends Configuration {
                options.put("doNotPrompt", "true");
                options.put("principal", "*");
                options.put("isInitiator", "false");
+            } else {
+                if (caller instanceof HttpCaller && !HTTP_USE_GLOBAL_CREDS) {
+                    options.put("useTicketCache", "false");
                } else {
                    options.put("useTicketCache", "true");
+                }
                options.put("doNotPrompt", "false");
            }
            return new AppConfigurationEntry[] {