Bug ID: 6520665 NTLM Authentication not requested, throws null exception

6520665 : NTLM Authentication not requested, throws null exception

Details

Type:	Bug	Submit Date:	2007-02-02
Status:	Closed	Updated Date:	2011-03-08
Project Name:	JDK	Resolved Date:	2011-03-08
Component:	core-libs	OS:	linux,solaris_10
Sub-Component:	java.net	CPU:	x86,sparc
Priority:	P4
Resolution:	Fixed
Affected Versions:	5.0,5.0u11
Fixed Versions:	7

Related Reports

Backport:	JDK-2149272 - NTLM Authentication not requested, throws null exception
Backport:	JDK-2148156 - NTLM Authentication not requested, throws null exception
Backport:	JDK-2204411 - NTLM Authentication not requested, throws null exception
Duplicate:	JDK-6554986 - JDK 1.5.0_11 Fails with NPE when Tunneling through Netscape Proxy Server 3.51
Relates:	JDK-6357133 - java.net.Authenticator does not work as expected with Integrated Windows Authentication (Kerberos)

Sub Tasks

Description

FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)

ADDITIONAL OS VERSION INFORMATION :
2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686 i386 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
Using java.net.HttpURLConnection to access an NTLM protected site.
Don't want to use new NTLMAuthentication feature (using my own code).
Did not specify an Authenticator, following http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html suggestions...


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Open an HttpUrlConnection on a NTLM protected site without specifying a java.net.Authenticator.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
a "401" response code
ACTUAL -
NullPointerException

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
	at sun.net.www.protocol.http.NTLMAuthentication.init(NTLMAuthentication.java:138)
	at sun.net.www.protocol.http.NTLMAuthentication.<init>(NTLMAuthentication.java:133)
	at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:1700)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1091)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Possible patch:
in sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication() substitute (line 1700 on current source?)
ret = new NTLMAuthentication(false, url1, a);
with
if (a != null) {
  ret = new NTLMAuthentication(false, url1, a);
}

Comments

EVALUATION

This is an issue only on Unix systems. On windows a value of null for the  PasswordAuthentication instance will force the implementation to use the current logged on users credentials. That is why we cannot simply make the changes suggested in the description section. See the "Suggested Fix" section of the bug report to see a more suitable fix for this issue. 

We also need to make the same changes to sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication

2007-03-27

SUGGESTED FIX

------- HttpURLConnection.java -------

  *method sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication*
1565,1566c1565,1576
<                   tryTransparentNTLMProxy = false;
<                   ret = new NTLMAuthentication(true, host, port, a);
---
>                   /* If we are not trying transparent authentication then
>                    * we need to have a PasswordAuthentication instance. For
>                    * transparent authentication (Windows only) the username
>                    * and password will be picked up from the current logged
>                    * on users credentials.
>                   */
>                   if (tryTransparentNTLMProxy ||
>                         (!tryTransparentNTLMProxy && a != null)) {
>                       ret = new NTLMAuthentication(true, host, port, a);
>                   }
>
>                   tryTransparentNTLMProxy = false;

  *method sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication*
1700d1721
<                   tryTransparentNTLMProxy = false;
<                   ret = new NTLMAuthentication(false, url1, a);
1698a1709,1720
>
>                   /* If we are not trying transparent authentication then
>                    * we need to have a PasswordAuthentication instance. For
>                    * transparent authentication (Windows only) the username
>                    * and password will be picked up from the current logged
>                    * on users credentials.
>                    */
>                   if (tryTransparentNTLMServer ||
>                         (!tryTransparentNTLMServer && a != null)) {
>                       ret = new NTLMAuthentication(false, url1, a);
>                   }
>
>                   tryTransparentNTLMServer = false;


*** (#1 of 1): [ UNSAVED ] ###@###.###

2007-03-27

EVALUATION

This fix should also fix 6357133.

2007-03-27

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together