-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg,
On 1/6/2010 4:09 PM, Greg Allen wrote: > I have two servlets, http://localhost:8080/s1 and > http://localhost:8080/s2. Both servlets > require BASIC authentication. > > My application will call s1, and then s1 will turn around and call s2. > However, the credentials > supplied to s2 need to be different than those supplied to s1. > > Inside of s1, I set up an instance of HttpClient and set the new > credentials on it. Here's > the code that does it: > > HostConfiguration config = new HostConfiguration(); > HttpClient client = new HttpClient(); > > config.setHost(m_sHost, m_iPort, m_sProtocol); > client.setHostConfiguration(config); > > Credentials credentials = new > UsernamePasswordCredentials(m_sUser, m_sPassword); > client.getState().setCredentials(AuthScope.ANY, credentials); > client.getParams().setAuthenticationPreemptive(true); > > I then call client.executeMethod with the appropriate arguments to call > into s2. > > The problem is that the call to s2 does not use the new credentials - it > seems to be using the > credentials that were used to access s1. In fact, I've removed the > setting of the credentials > on the client, and the call to s2 still succeeds (although as the wrong > user). Your above code seems to look okay to me. Will it run outside of Tomcat - -- just a standalone Java program run directly from the command-line? I'm not sure how the credentials from the original request would be mixed-up with the completely unrelated HTTP connection that you are making using HttpClient. Is it possible that your observations are inaccurate? Perhaps the authentication you are seeing is due to a separate primary request and not this HttpClient-based request. > I have verified this behavior by turning on logging in my JDBCRealm. I > can see that authentication > occurs for the call to s1, but there is no other authentication call > made. I expected to see a second > authentication for s2, but there was nothing. It appears as though there > is some sort of caching going on here that I need to handle/disable. > > Can anyone shed any light on what is going on, and how to fix it? Tomcat is not interfering with your HttpClient connection. I would try to get it working with a simple Java class first, and then move it back into the servlet environment once it's working properly. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktI72QACgkQ9CaO5/Lv0PDK/gCfQaKHmaAI0eCXpqwoRpK0LhWE 20IAnRHLKMPEOkigfayKtThaoQaOpqEg =rRhz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
