On Tue, 2 Dec 2025 11:39:23 GMT, Daniel Jeliński <[email protected]> wrote:
> Currently the HttpUrlConnection throws a generic "Authentication failure" > exception when authentication fails locally. > > The authentication may fail for various reasons like: incorrect server > challenge message, unavailable encryption/digest algorithms, encoding errors > etc. The detailed failure information should be available to the user. > Without it, the exception is next to impossible to diagnose, see > [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example. > > This PR adds the original exception as the cause of the "Authentication > failure" exception. > > The detailed exception messages are enabled by the "hostInfo" and > "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that > "hostInfoExclSocket" is enabled by default. > > Added a new test to verify that the exception details are present when > jdk.includeInExceptions includes hostInfoExclSocket (default), and absent > otherwise. Existing tier1-3 tests continue to pass. Since more than NTLM authentication has been improved, should we test the other authentications too? test/jdk/sun/net/www/protocol/http/NTLMFailTest.java line 77: > 75: HttpURLConnection uc = (HttpURLConnection) > url.openConnection(); > 76: uc.setRequestMethod("HEAD"); > 77: uc.getInputStream().readAllBytes(); IIUC we're expecting this line to always throw IOException. Should we throw an assertion error just after line 77 in case the expected IO is not thrown? ------------- PR Review: https://git.openjdk.org/jdk/pull/28601#pullrequestreview-3552908556 PR Review Comment: https://git.openjdk.org/jdk/pull/28601#discussion_r2599262750
