Do not set preemptive authentication in Kerberos mode

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@2059 3d1905a2-6b24-0410-a738-b14d5a86fcbd
2013-02-12 12:55:10 +00:00 · 2013-02-12 12:55:10 +00:00 · e3f70595fe
parent 1d19c6c680
commit e3f70595fe
4 changed files with 10 additions and 9 deletions
--- a/src/java/davmail/exchange/ExchangeSession.java
+++ b/src/java/davmail/exchange/ExchangeSession.java
@ -227,7 +227,7 @@ public abstract class ExchangeSession {
            }

            // avoid 401 roundtrips, only if NTLM is disabled and basic authentication enabled
-            if (isBasicAuthentication && !DavGatewayHttpClientFacade.hasNTLM(httpClient)) {
+            if (isBasicAuthentication && !DavGatewayHttpClientFacade.hasNTLMorNegotiate(httpClient)) {
                httpClient.getParams().setParameter(HttpClientParams.PREEMPTIVE_AUTHENTICATION, true);
            }

--- a/src/java/davmail/exchange/dav/DavExchangeSession.java
+++ b/src/java/davmail/exchange/dav/DavExchangeSession.java
@ -764,7 +764,7 @@ public class DavExchangeSession extends ExchangeSession {
                DavGatewayHttpClientFacade.executeMethod(httpClient, propFindMethod);
            } catch (IOException e) {
                // workaround for NTLM authentication only on /public
-                if (!DavGatewayHttpClientFacade.hasNTLM(httpClient)) {
+                if (!DavGatewayHttpClientFacade.hasNTLMorNegotiate(httpClient)) {
                    DavGatewayHttpClientFacade.addNTLM(httpClient);
                    DavGatewayHttpClientFacade.executeMethod(httpClient, propFindMethod);
                }
--- a/src/java/davmail/exchange/ews/EwsExchangeSession.java
+++ b/src/java/davmail/exchange/ews/EwsExchangeSession.java
@ -241,7 +241,7 @@ public class EwsExchangeSession extends ExchangeSession {
        }

        // enable preemptive authentication on non NTLM endpoints
-        if (!DavGatewayHttpClientFacade.hasNTLM(httpClient)) {
+        if (!DavGatewayHttpClientFacade.hasNTLMorNegotiate(httpClient)) {
            httpClient.getParams().setParameter(HttpClientParams.PREEMPTIVE_AUTHENTICATION, true);
        }

--- a/src/java/davmail/http/DavGatewayHttpClientFacade.java
+++ b/src/java/davmail/http/DavGatewayHttpClientFacade.java
@ -305,7 +305,7 @@ public final class DavGatewayHttpClientFacade {
    private static int checkNTLM(HttpClient httpClient, HttpMethod currentMethod) throws IOException {
        int status = currentMethod.getStatusCode();
        if ((status == HttpStatus.SC_UNAUTHORIZED || status == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED)
-                && acceptsNTLMOnly(currentMethod) && !hasNTLM(httpClient)) {
+                && acceptsNTLMOnly(currentMethod) && !hasNTLMorNegotiate(httpClient)) {
            LOGGER.debug("Received " + status + " unauthorized at " + currentMethod.getURI() + ", retrying with NTLM");
            resetMethod(currentMethod);
            addNTLM(httpClient);
@ -415,7 +415,7 @@ public final class DavGatewayHttpClientFacade {
            status = httpClient.executeMethod(method);
            // check NTLM
            if ((status == HttpStatus.SC_UNAUTHORIZED || status == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED)
-                    && acceptsNTLMOnly(method) && !hasNTLM(httpClient)) {
+                    && acceptsNTLMOnly(method) && !hasNTLMorNegotiate(httpClient)) {
                LOGGER.debug("Received " + status + " unauthorized at " + method.getURI() + ", retrying with NTLM");
                resetMethod(method);
                addNTLM(httpClient);
@ -574,9 +574,10 @@ public final class DavGatewayHttpClientFacade {
     * @param httpClient HttpClient instance
     * @return true if NTLM is enabled
     */
-    public static boolean hasNTLM(HttpClient httpClient) {
+    public static boolean hasNTLMorNegotiate(HttpClient httpClient) {
        Object authPrefs = httpClient.getParams().getParameter(AuthPolicy.AUTH_SCHEME_PRIORITY);
-        return authPrefs == null || (authPrefs instanceof List<?> && ((Collection) authPrefs).contains(AuthPolicy.NTLM));
+        return authPrefs == null || (authPrefs instanceof List<?> &&
+                (((Collection) authPrefs).contains(AuthPolicy.NTLM) || ((Collection) authPrefs).contains("Negotiate")));
    }

    /**
@ -659,7 +660,7 @@ public final class DavGatewayHttpClientFacade {
        method.setFollowRedirects(false);
        int status = httpClient.executeMethod(method);
        if (status == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED
-                && acceptsNTLMOnly(method) && !hasNTLM(httpClient)) {
+                && acceptsNTLMOnly(method) && !hasNTLMorNegotiate(httpClient)) {
            resetMethod(method);
            LOGGER.debug("Received " + status + " unauthorized at " + method.getURI() + ", retrying with NTLM");
            addNTLM(httpClient);
@ -682,7 +683,7 @@ public final class DavGatewayHttpClientFacade {
        method.setFollowRedirects(followRedirects);
        int status = httpClient.executeMethod(method);
        if ((status == HttpStatus.SC_UNAUTHORIZED || status == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED)
-                && acceptsNTLMOnly(method) && !hasNTLM(httpClient)) {
+                && acceptsNTLMOnly(method) && !hasNTLMorNegotiate(httpClient)) {
            resetMethod(method);
            LOGGER.debug("Received " + status + " unauthorized at " + method.getURI() + ", retrying with NTLM");
            addNTLM(httpClient);