hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: HttpClient using custom authentication in a multi-user environment
Date Tue, 04 May 2010 20:39:02 GMT
On Mon, 2010-05-03 at 17:37 -0400, Eric Rizzo wrote:
> I'm writing a "bridge" web app that needs to accept login from  
> credentials from users and use HttpClient to authenticate them to  
> another site/service. I also need to remember the session (track it in  
> my app's session) so that my app can continue interactions with the  
> other site/service.
> After reading the docs and tutorials (well, what seem like the  
> relevant parts), my thought is to use a single HttpClient instance and  
> store individual HttpContext instances with each of my user sessions.  
> Does that make sense, or would it be better to just use a separate  
> HttpClient instance per user? Or some other strategy?

Single HttpClient instance and a separate local HttpContext per user /
thread is the way to go

> As for the custom authentication, I'm struggling on how to plug in  
> there. I don't think I can just write a CredentialsProvider, because  
> the credentials should not be shared in the HttpClient (which is  
> shared for the whole app),

You can always set a different CredentialsProvider in the local context
which will override the one set at the client level

>  plus I have to get the credentials from my  
> own app's authentication process (using aSpring  
> AuthenticationProvider, if anyone cares) and the CrednetialsProvider  
> interface does not seem to provide enough contect for me to get the  
> credentials at login time.

Why is that?

> So, are there any example of this kind of thing or ideas for how best  
> to architect this? I've been unable to find any examples that seem to  
> apply, but am willing to do more reading or experimentation if pointed  
> in the right directions.

I still do see a good reason why you could not implement a custom
credentials provider and create a different instance of it on a per
user / thread basis.


To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message