I have two servlets, http://localhost:8080/s1 and
http://localhost:8080/s2. Both servlets
require BASIC authentication.
My application will call s1, and then s1 will turn around and call s2.
However, the credentials
supplied to s2 need to be different than those supplied to s1.
Inside of s1, I set up an instance of HttpClient and set the new
credentials on it. Here's
the code that does it:
HostConfiguration config = new HostConfiguration();
HttpClient client = new HttpClient();
config.setHost(m_sHost, m_iPort, m_sProtocol);
client.setHostConfiguration(config);
Credentials credentials = new
UsernamePasswordCredentials(m_sUser, m_sPassword);
client.getState().setCredentials(AuthScope.ANY, credentials);
client.getParams().setAuthenticationPreemptive(true);
I then call client.executeMethod with the appropriate arguments to call
into s2.
The problem is that the call to s2 does not use the new credentials - it
seems to be using the
credentials that were used to access s1. In fact, I've removed the
setting of the credentials
on the client, and the call to s2 still succeeds (although as the wrong
user).
I have verified this behavior by turning on logging in my JDBCRealm. I
can see that authentication
occurs for the call to s1, but there is no other authentication call
made. I expected to see a second
authentication for s2, but there was nothing. It appears as though there
is some sort of caching going on here that I need to handle/disable.
Can anyone shed any light on what is going on, and how to fix it?
Thanks,
-- Greg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
