tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Allen <>
Subject Nesting servlets with different credentials
Date Wed, 06 Jan 2010 21:09:26 GMT
I have two servlets, http://localhost:8080/s1 and 
http://localhost:8080/s2.  Both servlets
require BASIC authentication.

My application will call s1, and then s1 will turn around and call s2.  
However, the credentials
supplied to s2 need to be different than those supplied to s1.

Inside of s1,  I set up an instance of HttpClient and set the new 
credentials on it.  Here's
the code that does it:

        HostConfiguration config = new HostConfiguration();
        HttpClient client = new HttpClient();

        config.setHost(m_sHost, m_iPort, m_sProtocol);

        Credentials credentials = new 
UsernamePasswordCredentials(m_sUser, m_sPassword);
        client.getState().setCredentials(AuthScope.ANY, credentials);

I then call client.executeMethod with the appropriate arguments to call 
into s2.

The problem is that the call to s2 does not use the new credentials - it 
seems to be using the
credentials that were used to access s1.  In fact, I've removed the 
setting of the credentials
on the client, and the call to s2 still succeeds (although as the wrong 

I have verified this behavior by turning on logging in my JDBCRealm. I 
can see that authentication
occurs for the call to s1, but there is no other authentication call 
made.  I expected to see a second
authentication for s2, but there was nothing. It appears as though there
is some sort of caching going on here that I need to handle/disable.

Can anyone shed any light on what is going on, and how to fix it?


-- Greg

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message