On Mon, 8 Dec 2025 19:25:23 GMT, Daniel Jeliński <[email protected]> wrote:
>> Currently the HttpUrlConnection throws a generic "Authentication failure" >> exception when authentication fails locally. >> >> The authentication may fail for various reasons like: incorrect server >> challenge message, unavailable encryption/digest algorithms, encoding errors >> etc. The detailed failure information should be available to the user. >> Without it, the exception is next to impossible to diagnose, see >> [JDK-8347778](https://bugs.openjdk.org/browse/JDK-8347778) for example. >> >> This PR adds the original exception as the cause of the "Authentication >> failure" exception. >> >> The detailed exception messages are enabled by the "hostInfo" and >> "hostInfoExclSocket" categories of "jdk.includeInExceptions". Note that >> "hostInfoExclSocket" is enabled by default. >> >> Added a new test to verify that the exception details are present when >> jdk.includeInExceptions includes hostInfoExclSocket (default), and absent >> otherwise. Existing tier1-3 tests continue to pass. > > Daniel Jeliński has updated the pull request incrementally with one > additional commit since the last revision: > > Fail test if no exception is thrown src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 351: > 349: return null; > 350: } > 351: } I was wondering if we should let the exception propagate in these cases as well. Though I think these methods get called primarily through pre-emptive authentication, which is less likely to fail (with an exception). So, maybe they are okay... ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28601#discussion_r2614469045
