On Tue, 10 Jun 2025 13:39:19 GMT, p-nima <d...@openjdk.org> wrote:
>> The AuthenticationFilter did not respect the default retry limit of 3
>> retries in case of invalid credentials supplied.
>>
>> This PR helps to resolve the bug and tests it with default and updated retry
>> limit set via `jdk.httpclient.auth.retrylimit=1`.
>>
>> The test is green with tiers 1, 2, 3 and the test is stable.
>
> p-nima has updated the pull request incrementally with one additional commit
> since the last revision:
>
> apply review feedback and improve readability
test/jdk/java/net/httpclient/HttpClientAuthRetryLimitTest.java line 136:
> 134: } else {
> 135: assertEquals(0, totalRequestCount - 1);
> 136: }
Ok - so now we're getting somewhere. This lets me think that the change in the
AuthenticationFilter is not right. The specification says:
> jdk.httpclient.auth.retrylimit (default: 3)
> The number of attempts the Basic authentication filter will attempt to retry
> a failed authentication.
When I read this, I expect that if the limit is 0, no retries, then the
Authenticator will be called once, and if the authentication fails with these
credentials, then the request will fail.
If the limit is 1, then we will retry once, which means the Authenticator
should be called twice, and so on.
So maybe we should always assert that totalRequestCount ==
`Math.max(RETRY_LIMIT, 0) + 1`?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25490#discussion_r2138160412
