Support multiple Realms and honor Name

[ghost]

I want to access a page which has two realms (realmOne and realmTwo) whit different authentification. Everytime I want to use realmOne to authenticate. So I set the realm name to realmOne and add the credentials for authentication. Saddly the client uses realmTwo with the credentials and authentification failed. I assume it ignores the realm name?

[slandelle]

Reproducer, plz?

[ghost]

I cannot give you the concrete page because I am working in a confidential project. I try to discribe the problem as good as possible. I create a RequestBuilder:

RequestBuilder rb = new RequestBuilder()
                            .setMethod(site.getMethod())
                            .setUrl(site.getUrl())
                            .setFollowRedirects(config.getClientConfig().isFollowRedirects())
                            .setRealm(new Realm.RealmBuilder()
                                    .setScheme(AuthScheme.DIGEST)
                                    .setRealmName("REALM_ONE")
                                    .setPrincipal(site.getUsername())
                                    .setPassword(site.getPassword())
                                    .build());

I am using Fiddler to see what happen. In Fiddler I see the following: After the first request I get an http 401 (unauthorizided). In the header of this response are two authorization entries. First Entry: Authorization DIGEST realm="REALM_TWO" .... Second Entry: Authorization DIGEST realm="REALM_ONE" ....

The client requests again, but uses the first authorization header ("REALM_TWO"). This does not work because the username und password works just for "REALM_ONE". I already set the realm name in the request builder but it does not work.

[slandelle]

I don't think we currently support multiple realms. The best way to have it happen is to provide a reproducer. It doesn't have to be an access to your private application, it could be a simple standalone app, like Tomcat or Jetty based.