mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-28 07:14:30 +02:00
8303809: Dispose context in SPNEGO NegotiatorImpl
Reviewed-by: dfuchs, weijun
This commit is contained in:
parent
9f9ab02ff6
commit
10f1674625
5 changed files with 70 additions and 0 deletions
|
@ -519,4 +519,13 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone
|
||||||
s2 = new String (pw.getPassword());
|
s2 = new String (pw.getPassword());
|
||||||
s.defaultWriteObject ();
|
s.defaultWriteObject ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Releases any system or cryptographic resources.
|
||||||
|
* It is up to implementors to override disposeContext()
|
||||||
|
* to take necessary action.
|
||||||
|
*/
|
||||||
|
public void disposeContext() {
|
||||||
|
// do nothing
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2009,6 +2009,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
if (serverAuthKey != null) {
|
if (serverAuthKey != null) {
|
||||||
AuthenticationInfo.endAuthRequest(serverAuthKey);
|
AuthenticationInfo.endAuthRequest(serverAuthKey);
|
||||||
}
|
}
|
||||||
|
if (proxyAuthentication != null) {
|
||||||
|
proxyAuthentication.disposeContext();
|
||||||
|
}
|
||||||
|
if (serverAuthentication != null) {
|
||||||
|
serverAuthentication.disposeContext();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2252,6 +2258,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
if (proxyAuthKey != null) {
|
if (proxyAuthKey != null) {
|
||||||
AuthenticationInfo.endAuthRequest(proxyAuthKey);
|
AuthenticationInfo.endAuthRequest(proxyAuthKey);
|
||||||
}
|
}
|
||||||
|
if (proxyAuthentication != null) {
|
||||||
|
proxyAuthentication.disposeContext();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// restore original request headers
|
// restore original request headers
|
||||||
|
@ -2502,6 +2511,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
}
|
}
|
||||||
if (ret != null) {
|
if (ret != null) {
|
||||||
if (!ret.setHeaders(this, p, raw)) {
|
if (!ret.setHeaders(this, p, raw)) {
|
||||||
|
ret.disposeContext();
|
||||||
ret = null;
|
ret = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2674,6 +2684,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
|
|
||||||
if (ret != null ) {
|
if (ret != null ) {
|
||||||
if (!ret.setHeaders(this, p, raw)) {
|
if (!ret.setHeaders(this, p, raw)) {
|
||||||
|
ret.disposeContext();
|
||||||
ret = null;
|
ret = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2700,6 +2711,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
DigestAuthentication da = (DigestAuthentication)
|
DigestAuthentication da = (DigestAuthentication)
|
||||||
currentProxyCredentials;
|
currentProxyCredentials;
|
||||||
da.checkResponse (raw, method, getRequestURI());
|
da.checkResponse (raw, method, getRequestURI());
|
||||||
|
currentProxyCredentials.disposeContext();
|
||||||
currentProxyCredentials = null;
|
currentProxyCredentials = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2710,6 +2722,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
DigestAuthentication da = (DigestAuthentication)
|
DigestAuthentication da = (DigestAuthentication)
|
||||||
currentServerCredentials;
|
currentServerCredentials;
|
||||||
da.checkResponse (raw, method, url);
|
da.checkResponse (raw, method, url);
|
||||||
|
currentServerCredentials.disposeContext();
|
||||||
currentServerCredentials = null;
|
currentServerCredentials = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -242,6 +242,22 @@ class NegotiateAuthentication extends AuthenticationInfo {
|
||||||
return negotiator.nextToken(token);
|
return negotiator.nextToken(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Releases any system resources and cryptographic information stored in
|
||||||
|
* the context object and invalidates the context.
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void disposeContext() {
|
||||||
|
if (negotiator != null) {
|
||||||
|
try {
|
||||||
|
negotiator.disposeContext();
|
||||||
|
} catch (IOException ioEx) {
|
||||||
|
//do not rethrow IOException
|
||||||
|
}
|
||||||
|
negotiator = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// MS will send a final WWW-Authenticate even if the status is already
|
// MS will send a final WWW-Authenticate even if the status is already
|
||||||
// 200 OK. The token can be fed into initSecContext() again to determine
|
// 200 OK. The token can be fed into initSecContext() again to determine
|
||||||
// if the server can be trusted. This is not the same concept as Digest's
|
// if the server can be trusted. This is not the same concept as Digest's
|
||||||
|
|
|
@ -82,5 +82,7 @@ public abstract class Negotiator {
|
||||||
logger.finest("NegotiateAuthentication: " + e);
|
logger.finest("NegotiateAuthentication: " + e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void disposeContext() throws IOException { };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -127,6 +127,11 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
"fallback to other scheme if allowed. Reason:");
|
"fallback to other scheme if allowed. Reason:");
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
try {
|
||||||
|
disposeContext();
|
||||||
|
} catch (Exception ex) {
|
||||||
|
//dispose context silently
|
||||||
|
}
|
||||||
throw new IOException("Negotiate support not initiated", e);
|
throw new IOException("Negotiate support not initiated", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -149,6 +154,9 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
@Override
|
@Override
|
||||||
public byte[] nextToken(byte[] token) throws IOException {
|
public byte[] nextToken(byte[] token) throws IOException {
|
||||||
try {
|
try {
|
||||||
|
if (context == null) {
|
||||||
|
throw new IOException("Negotiate support cannot continue. Context is invalidated");
|
||||||
|
}
|
||||||
return context.initSecContext(token, 0, token.length);
|
return context.initSecContext(token, 0, token.length);
|
||||||
} catch (GSSException e) {
|
} catch (GSSException e) {
|
||||||
if (DEBUG) {
|
if (DEBUG) {
|
||||||
|
@ -158,4 +166,26 @@ public class NegotiatorImpl extends Negotiator {
|
||||||
throw new IOException("Negotiate support cannot continue", e);
|
throw new IOException("Negotiate support cannot continue", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Releases any system resources and cryptographic information stored in
|
||||||
|
* the context object and invalidates the context.
|
||||||
|
*
|
||||||
|
* @throws IOException containing a reason of failure in the cause
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void disposeContext() throws IOException {
|
||||||
|
try {
|
||||||
|
if (context != null) {
|
||||||
|
context.dispose();
|
||||||
|
}
|
||||||
|
} catch (GSSException e) {
|
||||||
|
if (DEBUG) {
|
||||||
|
System.out.println("Cannot release resources. Reason:");
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
throw new IOException("Cannot release resources", e);
|
||||||
|
};
|
||||||
|
context = null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue