I think when SPNEGO is specified to be the default mechanism for JGSS
(as the property name implies), it should be up to the SPNEGO
implementation to specify what its default concrete mechanism should be.
I think your new constant DEFAULT_MECH_OID2 should conceptually at the
SPNEGO mech provider level instead of at the GSS level, i.e. inside
class sun.security.jgss.ProviderList.
Thus, it's better to move this constant to the SPNEGO mech provider
level since it's only used by SpNego.
In addition, since the default mech for JGSS does not change at runtime,
you should initialize this default mech for SPNEGO accordingly, so that
you don't have to do the if-default-JGSS-Mech-is-SPNEGO check for every
invocation of SpNegoMechFactory.getNameElement(...).
Valerie
On 03/05/09 00:41, Xuelei Fan wrote:
"sun.security.jgss.mechanism", it is a undocumented property, right? I
think it is hard to explain why SPNEGO is request, but KRB5 given, it
is not the expected behavior. Why not thrown a GSSException?
Andrew
Weijun Wang wrote:
Hi Andrew or Valerie
Please take a review at this bug fix:
http://cr.openjdk.java.net/~weijun/6770883/webrev.01/
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6770883
Basically. Since SPNEGO is a pseudo-mech that's meant to negotiate a
real concrete mech, SPNEGO itself cannot be used as the underlying
default mech under.
Thanks
Max
