8048035: Ensure proper proxy protocols

Reviewed-by: chegar, coffeys

8048035: Ensure proper proxy protocols
Reviewed-by: chegar, coffeys
4556ca73 · michaelm · 7f8d92e4 · 4556ca73
隐藏空白更改
内联并排

Showing with 13 addition and 0 deletion

src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java .../classes/sun/net/www/protocol/http/HttpURLConnection.java +13 -0

未找到文件。
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
@@ -336,6 +336,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
    /* try auth without calling Authenticator. Used for transparent NTLM authentication */
    private boolean tryTransparentNTLMServer = true;
    private boolean tryTransparentNTLMProxy = true;
+    private boolean useProxyResponseCode = false;

    /* Used by Windows specific code */
    private Object authObj;
@@ -2243,6 +2244,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
                        if (tryTransparentNTLMProxy) {
                            tryTransparentNTLMProxy =
                                    NTLMAuthenticationProxy.supportsTransparentAuth;
+                            /* If the platform supports transparent authentication
+                             * then normally it's ok to do transparent auth to a proxy
+                             * because we generally trust proxies (chosen by the user)
+                             * But not in the case of 305 response where the server
+                             * chose it. */
+                            if (tryTransparentNTLMProxy && useProxyResponseCode) {
+                                tryTransparentNTLMProxy = false;
+                            }
                        }
                        a = null;
                        if (tryTransparentNTLMProxy) {
@@ -2614,6 +2623,10 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
            requests.set(0, method + " " + getRequestURI()+" "  +
                             httpVersion, null);
            connected = true;
+            // need to remember this in case NTLM proxy authentication gets
+            // used. We can't use transparent authentication when user
+            // doesn't know about proxy.
+            useProxyResponseCode = true;
        } else {
            // maintain previous headers, just change the name
            // of the file we're getting