... as I debug a working request, I see, that the org.apache.catalina.authenticator.FormAuthenticator (...extends ValveBase) manages the login/association with the correct principal.
But this FormAuthenticator is not in the valve-"chain" for ajax4jsf-requests. How should I configure tomcat/my app to use the FormAuthenticator, too?
I think that the ajax you are using is not going through the portal and therefore does not have the same security.
Enabling tomcat sso should solve your issue.
thanks for you posting. I thought, that a SSO should do it (I tried JOSSO - today I think about OpenSSO...).
Anyway, I have in server/all/jboss-web.deployer/server.xml a .
I think that this should do it?!