archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8209094: Improve web server connections

Browse source 
Reviewed-by: chegar, dfuchs, mschoene, igerasim
This commit is contained in:
Michael McMahon 2018-10-05 08:54:10 +01:00
parent 8f14f8b2a7
commit ef75339a1e
6 changed files with 170 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

38
src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View file

@ -32,6 +32,7 @@ import java.net.UnknownHostException;
import java.net.URL;
import java.util.Objects;
import java.util.Properties;
import sun.net.NetProperties;
import sun.net.www.HeaderParser;
import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme;
@ -56,11 +57,33 @@ public class NTLMAuthentication extends AuthenticationInfo {
private static final String defaultDomain;
/* Whether cache is enabled for NTLM */
private static final boolean ntlmCache;
enum TransparentAuth {
DISABLED, // disable for all hosts (default)
TRUSTED_HOSTS, // use Windows trusted hosts settings
ALL_HOSTS // attempt for all hosts
}
private static final TransparentAuth authMode;
static {
Properties props = GetPropertyAction.privilegedGetProperties();
defaultDomain = props.getProperty("http.auth.ntlm.domain", "domain");
String ntlmCacheProp = props.getProperty("jdk.ntlm.cache", "true");
ntlmCache = Boolean.parseBoolean(ntlmCacheProp);
String modeProp = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return NetProperties.get("jdk.http.ntlm.transparentAuth");
}
});
if ("trustedHosts".equalsIgnoreCase(modeProp))
authMode = TransparentAuth.TRUSTED_HOSTS;
else if ("allHosts".equalsIgnoreCase(modeProp))
authMode = TransparentAuth.ALL_HOSTS;
else
authMode = TransparentAuth.DISABLED;
}
private void init0() {
@ -166,9 +189,21 @@ public class NTLMAuthentication extends AuthenticationInfo {
* transparent Authentication.
*/
public static boolean isTrustedSite(URL url) {
return NTLMAuthCallback.isTrustedSite(url);
if (NTLMAuthCallback != null)
return NTLMAuthCallback.isTrustedSite(url);
switch (authMode) {
case TRUSTED_HOSTS:
return isTrustedSite(url.toString());
case ALL_HOSTS:
return true;
default:
return false;
}
}
static native boolean isTrustedSite(String url);
/**
* Not supported. Must use the setHeaders() method
*/
@ -218,5 +253,4 @@ public class NTLMAuthentication extends AuthenticationInfo {
return false;
}
}
}

106
src/java.base/windows/native/libnet/NTLMAuthentication.c Normal file
View file

@ -0,0 +1,106 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
#include <jni.h>
#include <windows.h>
#include "jni_util.h"
#include <urlmon.h>
JNIEXPORT jboolean JNICALL Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite(JNIEnv *env, jclass clazz, jstring url )
{
HRESULT hr;
DWORD dwZone;
DWORD pPolicy = 0;
IInternetSecurityManager *spSecurityManager;
jboolean ret;
// Create IInternetSecurityManager
hr = CoInternetCreateSecurityManager(NULL, &spSecurityManager, (DWORD)0);
if (FAILED(hr)) {
return JNI_FALSE;
}
const LPCWSTR bstrURL = (LPCWSTR)((*env)->GetStringChars(env, url, NULL));
if (bstrURL == NULL) {
if (!(*env)->ExceptionCheck(env))
JNU_ThrowOutOfMemoryError(env, NULL);
spSecurityManager->lpVtbl->Release(spSecurityManager);
return JNI_FALSE;
}
// Determines the policy for the URLACTION_CREDENTIALS_USE action and display
// a user interface, if the policy indicates that the user should be queried
hr = spSecurityManager->lpVtbl->ProcessUrlAction(
spSecurityManager,
bstrURL,
URLACTION_CREDENTIALS_USE,
(LPBYTE)&pPolicy,
sizeof(DWORD), 0, 0, 0, 0);
if (FAILED(hr)) {
ret = JNI_FALSE;
goto cleanupAndReturn;
}
// If these two User Authentication Logon options is selected
// Anonymous logon
// Prompt for user name and password
if (pPolicy == URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY ||
pPolicy == URLPOLICY_CREDENTIALS_MUST_PROMPT_USER) {
ret = JNI_FALSE;
goto cleanupAndReturn;
}
// Option "Automatic logon with current user name and password" is selected
if (pPolicy == URLPOLICY_CREDENTIALS_SILENT_LOGON_OK) {
ret = JNI_TRUE;
goto cleanupAndReturn;
}
// Option "Automatic logon only in intranet zone" is selected
if (pPolicy == URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT) {
// Gets the zone index from the specified URL
hr = spSecurityManager->lpVtbl->MapUrlToZone(
spSecurityManager, bstrURL, &dwZone, 0);
if (FAILED(hr)) {
ret = JNI_FALSE;
goto cleanupAndReturn;
}
// Check if the URL is in Local or Intranet zone
if (dwZone == URLZONE_INTRANET || dwZone == URLZONE_LOCAL_MACHINE) {
ret = JNI_TRUE;
goto cleanupAndReturn;
}
}
ret = JNI_FALSE;
cleanupAndReturn:
(*env)->ReleaseStringChars(env, url, bstrURL);
spSecurityManager->lpVtbl->Release(spSecurityManager);
return ret;
}