First, I know this most likely won't ever be fixed because it has been end of lifed, but the Gatein project is still in Beta, as thus not a viable alternative.

Anyway, I have been having problems where my Single Sign-On users can't access their dashboard after login. I have tracked the problem down to Kerberos users having a realm (ssoUser@REALM). If I just use ssoUser, then everything works fine.

In reviewing the code, I find that after logging in as ssoUser@REALM, that the code in PageCustomizerInterceptor:197

User user = controllerCtx.getUser();

only returns ssoUser, not ssoUser@REALM.

This is the username that is used for checking my security level in the PortalObjectPermission:295-299

Principal user = (Principal)i.next();
String userName = user.getName();

//
return userName.equals(i2.next());


This evaluates to ssoUser@REALM.equals(ssoUser), since the Principal still has the correct user@REALM, but i2.next() is taken from the 'path:/username', which is dashboard:/ssoUser.