You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by bu...@apache.org on 2003/03/26 09:43:25 UTC

DO NOT REPLY [Bug 18355] New: - HttpState cannot differentiate credentials for different hosts with same Realm names

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355

HttpState cannot differentiate credentials for different hosts with same Realm names

           Summary: HttpState cannot differentiate credentials for different
                    hosts with same Realm names
           Product: Commons
           Version: 1.0 Alpha
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: HttpClient
        AssignedTo: commons-httpclient-dev@jakarta.apache.org
        ReportedBy: brown2@reflexe.fr


It seems that one needs a separate HttpState per client per host: from the 
javadocs, if (by coincidence or by design) more than one host uses the same 
realm name, such as "Private", then there's an unresolvable conflict, as 
HttpState can only store one set of credentials for a given name...

According to Oleg Kalnichevski, it is plausible just to extend the HttpState 
class with additional methods that would require host to be specified along the
authentication realm when dealing with credentials.

See postings on "Commons HttpClient Project" mailing list for more info (dated 
21/03/2003).