On Thu, 13 Jan 2022 12:10:11 GMT, Michael McMahon <micha...@openjdk.org> wrote:
> Hi, > > This change adds Channel Binding Token (CBT) support to HTTPS > (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos) > authentication scheme. When enabled, the implementation preemptively includes > a CBT with authentication requests over Kerberos. The feature is enabled as > follows: > > A system property "jdk.spnego.cbt" is defined which can have the values > "never" (default), which means the feature is disabled, "always", which means > the CBT is included for all https Negotiate authentications, or it can take > the form "domain:a,b.c,*.d.com" which is a comma separated list of > domains/hosts where the feature is enabled, and disabled everywhere else. In > the given example, the CBT would be included in authentication requests for > hosts "a", "b.c" and all hosts under the domain "d.com" and all of its > sub-domains. > > A test will be added separately to the implementation. > > Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842 > > Thanks, > Michael This pull request has now been integrated. Changeset: de3113b9 Author: Michael McMahon <micha...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/de3113b998550021bb502cd6f766036fb8351e7d Stats: 858 lines in 12 files changed: 696 ins; 146 del; 16 mod 8279842: HTTPS Channel Binding support for Java GSS/Kerberos Co-authored-by: Weijun Wang <weijun.w...@oracle.com> Reviewed-by: dfuchs, weijun, darcy ------------- PR: https://git.openjdk.java.net/jdk/pull/7065
