hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Barry Pitman <barrypit...@gmail.com>
Subject Multiple X509 client certificates (SSLSocketFactory) per HttpClient instance
Date Mon, 12 Sep 2011 13:36:17 GMT

I have a web application which makes use of a third party SOAP web service
which requires X509 client authentication. The details of the client cert
used for the connection to the 3rd party are used for authentication and
authorization. My application needs to be able to use different client
certificates depending on the current user in my application.

I know that I could create multiple HttpClient instances, each configured
with separate SSLSocketFactories like this:

Scheme("https", 443, customSslSocketFactory)),

and select the correct HttpClient instance at runtime, but ideally I'd like
to have one threadsafe DefaultHttpClient instance, and be able to provide a
Scheme/SchemeRegistry at runtime via HttpContext (similar to the way one can
provide an AuthCache using HttpContext):

BasicHttpContext httpContext = new BasicHttpContext();
httpContext.setAttribute(ClientContext.AUTH_CACHE, authCache);
httpClient.execute(httpPost, httpContext);

I can set my custom SchemeRegistry on HttpContext like this, but it doesn't
look like the static field ClientContext.SCHEME_REGISTRY is used by
HttpClient anywhere.

HttpContext httpContext = new BasicHttpContext();
httpContext.setAttribute(ClientContext.SCHEME_REGISTRY, schemeRegistry);

Is it possible to configure an HttpClient instance so that it will use
different client certificates at runtime depending on some configurable


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message