On Tue, 10 Jun 2025 13:39:19 GMT, p-nima <d...@openjdk.org> wrote:

>> The AuthenticationFilter did not respect the default retry limit of 3 
>> retries in case of invalid credentials supplied.
>> 
>> This PR helps to resolve the bug and tests it with default and updated retry 
>> limit set via `jdk.httpclient.auth.retrylimit=1`.
>> 
>> The test is green with tiers 1, 2, 3 and the test is stable.
>
> p-nima has updated the pull request incrementally with one additional commit 
> since the last revision:
> 
>   apply review feedback and improve readability

test/jdk/java/net/httpclient/HttpClientAuthRetryLimitTest.java line 136:

> 134:                 } else {
> 135:                     assertEquals(0, totalRequestCount - 1);
> 136:                 }

Ok - so now we're getting somewhere. This lets me think that the change in the 
AuthenticationFilter is not right. The specification says:

> jdk.httpclient.auth.retrylimit (default: 3)
> The number of attempts the Basic authentication filter will attempt to retry 
> a failed authentication. 

When I read this, I expect that if the limit is 0, no retries, then the 
Authenticator will be called once, and if the authentication fails with these 
credentials, then the request will fail.
If the limit is 1, then we will retry once, which means the Authenticator 
should be called twice, and so on.

So maybe we should always assert that totalRequestCount == 
`Math.max(RETRY_LIMIT, 0) + 1`?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25490#discussion_r2138160412

Reply via email to