diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
index 017a9c163..d68d9a96e 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
@@ -42,7 +42,7 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
      * The host from which this user authenticated.
      */
     private final String remoteHost;
- 
+
     /**
      * Creates a new RemoteAuthenticatedUser, deriving the associated remote
      * host from the given credentials.
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
index 16cf91797..2c3b89e5c 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
@@ -95,6 +95,45 @@ public class Credentials implements Serializable {
      */
     private transient HttpSession session;
 
+    /**
+     * Construct a Credentials object with the given username, password,
+     * and HTTP request.  The information is assigned to the various
+     * storage objects, and the remote hostname and address is parsed out
+     * of the request object.
+     * 
+     * @param username
+     *     The username that was provided for authentication.
+     * 
+     * @param password
+     *     The password that was provided for authentication.
+     * 
+     * @param request 
+     *     The HTTP request associated with the authentication
+     *     request.
+     */
+    public Credentials(String username, String password, HttpServletRequest request) {
+        this.username = username;
+        this.password = password;
+        this.request = request;
+        
+        // Use X-Forwarded-For to get remote address, if present and valid
+        String header = request.getHeader("X-Forwarded-For");
+        if (header != null) {
+            Matcher matcher = X_FORWARDED_FOR.matcher(header);
+            if (matcher.matches())
+                this.remoteAddress = matcher.group(1);
+        }
+        // Header not present, just use remote address
+        else {
+            this.remoteAddress = request.getRemoteAddr();
+        }
+        
+        this.remoteHostname = request.getRemoteHost();
+        
+        this.session = request.getSession(false);
+        
+    }
+    
     /**
      * Returns the password associated with this set of credentials.
      * @return The password associated with this username/password pair, or
@@ -150,21 +189,6 @@ public class Credentials implements Serializable {
      */
     public void setRequest(HttpServletRequest request) {
         this.request = request;
-        
-        // Use X-Forwarded-For to get remote address, if present and valid
-        String header = request.getHeader("X-Forwarded-For");
-        if (header != null) {
-            Matcher matcher = X_FORWARDED_FOR.matcher(header);
-            if (matcher.matches())
-                this.remoteAddress = matcher.group(1);
-        }
-        // Header not present, just use remote address
-        else {
-            this.remoteAddress = request.getRemoteAddr();
-        }
-        
-        this.remoteHostname = request.getRemoteHost();
-        
     }
 
     /**
diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java
index fb1d92944..e1ff66fd7 100644
--- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java
@@ -55,7 +55,7 @@ public class TokenRESTService {
      * Logger for this class.
      */
     private static final Logger logger = LoggerFactory.getLogger(TokenRESTService.class);
-    
+
     /**
      * Service for authenticating users and managing their Guacamole sessions.
      */
@@ -117,13 +117,7 @@ public class TokenRESTService {
         } // end Authorization header fallback
 
         // Build credentials
-        Credentials credentials = new Credentials();
-        credentials.setUsername(username);
-        credentials.setPassword(password);
-        credentials.setRequest(request);
-        credentials.setSession(request.getSession(false));
-
-        return credentials;
+        return new Credentials(username, password, request);
 
     }
 
diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java
index 8f3abfea3..d7d4bdc3f 100644
--- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java
@@ -155,11 +155,8 @@ public class UserResource
             @Context HttpServletRequest request) throws GuacamoleException {
 
         // Build credentials
-        Credentials credentials = new Credentials();
-        credentials.setUsername(user.getIdentifier());
-        credentials.setPassword(userPasswordUpdate.getOldPassword());
-        credentials.setRequest(request);
-        credentials.setSession(request.getSession(false));
+        Credentials credentials = new Credentials(user.getIdentifier(),
+                userPasswordUpdate.getOldPassword(), request);
 
         // Verify that the old password was correct
         try {