HttpURLConnection caching the credentials when authenticator is used
843790Dec 3 2009 — edited Dec 3 2009Hello Friends,
I am using java.net.HttpURLConnection for web based communication over http(s) protocol. My client is an eclipse application. Eclipse by default registers a default authenticator (org.eclipse.ui.internal.net.auth.NetAuthenticator), as a result all the secure calls are intercepted by this interceptor. For e.g. if my response code is 401, it will be intercepted by this authenticator and user will be asked to re-enter the credentials. In our application we have a custom login UI for inputting the credentials. If user provides the correct credentials, everything works fine. The problem happens when user provide incorrect credentials. Below are the steps for erroneous scenario:
1. User enter incorrect credentials.
2. Server sends 401
3. call is intercepted by authenticator, eclipse's default authenticator shows a pop up window for re-entering the credentials.
4. User enters correct credentials
5. server sends the response 200.
6. call goes back to application.
7. Now user logs of.
8. Try to login again using application specific custom login pop-up dialogue.
9. User enters incorrect credentials, but this time sun.net.www.protocol.http.HttpURLConnection class use the information from previous login and it successfully logs into the server. This is not an expected behavior. I do not know where is caching for user credentials happening as this is sun's implementation and I do not have the source code for the same.
Have anyone of you faced the similar issue before? and have any solution or recommendation?
Waiting for a reply.
Thanks in advance!
Best regards,
Gagan