First off, hey howdy Ranchers! Long time no see
Now on to the problem. Basically, I have a client application that runs a bunch of applets. Our application, at start up, creates a Authenticator and sets it as default. When we first try to get a session from the server (running on Weblogic), which is all done through servlets, we get the little username/password as expected.
The problem is the users have decided they want the ability for an application adminstrator to be able to log in within the same session (so different credentials than logged in previously) and do some administrative stuff, like release a locked resource.
So the flow would be User A (non-administrator) opens the application, realizes something is hosed with a resource, and asks User B (administrator) to release it. User B clicks on an Administrator Release button, which creates a new Authenticator, sets the current default to null (which according to the API should remove any current authenticator) and then sets the default to the new one. A session is then created which when requested should ask the new user for their username and password. That's then validated and checked for admin rights, and the resource is released. We reset back to the previous authenticator, and User A can then go about their work.
I would expect to have the new Authenticator's request for username and password be shown, however it appears to be using the previous credentials, even when I null out the default authenticator without resetting the default.
Oh yeah, this is all on SDK 1.4.1_13. Yay for being behind the times!
I would love to post code snippets, but das ist verboten where I work.
And hopefully this makes sense.
Thanks for any help, peace!
[ July 07, 2008: Message edited by: jason adam ]