http server authentication

I have a servlet application deployed on a tomcat 7.0 server (call it Server A) . The app will take user's credential and pass it to another server (Server B) to retrieve data.

Problem:

user Alice from machine 1 logged into Server A开发者_JAVA技巧. Server A uses Alice's credential to access Server B. getPasswordAuthentication () is used to pass Alice's credential to Server B. Subsequently, user Bob from machine 2 logged into Server A. Server A will continue to use Alice's credential to access Server B. I noticed that getPasswordAuthentication () is not invoked for user Bob.

Is there a way to force authentication every time when Server A tries to access Server B? ps: If restart the tomcat on Server A, authentication will be performed for the first request to Server B after the restart.

Your feedback is greatly appreciated.

you need to explicitly clear the cache prior to access server b's resources by using AuthCacheValue.setAuthCache(new AuthCacheImpl());

This is because the credentials are cached by default and there is no configuration to specify caching behavior.

import sun.net.www.protocol.http.AuthCacheValue;
import sun.net.www.protocol.http.AuthCacheImpl;
[....]
AuthCacheValue.setAuthCache(new AuthCacheImpl());

You didn't specify what authentication scheme is being used. "Basic HTTP Authentication"? You also didn't mention what happens to the cookies which server B returns.

Either your server is caching the basic http authentication in some global variable that all sessions share, or you are caching the cookies returned by server B in some global variable that all sessions share. In any case, the authentication material needs to be in session data on server A.