4 Replies Latest reply on Apr 1, 2008 7:43 AM by julien1

Subject/Principal is not associated with (ajax)-request

carstenrudat Mar 31, 2008 12:03 PM

Hi all,

on JBoss Portal 2.6.4 with current jsf bridge, I am not able to perform an ajax4jsf request. The current user will not associated to the request.

I can see a SimplePrincipal-object in the session-object's attributes, but it will not be used.

I think the org.jboss.web.tomcat.securitySecurityAssociationValve should do this. I'd debugged the invoke-method and I saw, that for normal requests there was a JBossGenericPrincipal object found. On a ajax4jsf request there is no object found (even, if the session shows the SimplePrincipal).

Is there a way to get this running? Currently, I don't want to use the SEAM-Authorization, because it's not very near at the j2ee standard.

Thanks
Carsten

1. Re: Subject/Principal is not associated with (ajax)-request

carstenrudat Mar 31, 2008 3:33 PM (in response to carstenrudat)

... as I debug a working request, I see, that the org.apache.catalina.authenticator.FormAuthenticator (...extends ValveBase) manages the login/association with the correct principal.

But this FormAuthenticator is not in the valve-"chain" for ajax4jsf-requests. How should I configure tomcat/my app to use the FormAuthenticator, too?

Carsten
Actions
2. Re: Subject/Principal is not associated with (ajax)-request

julien1 Mar 31, 2008 5:25 PM (in response to carstenrudat)

I think that the ajax you are using is not going through the portal and therefore does not have the same security.

Enabling tomcat sso should solve your issue.
Actions
3. Re: Subject/Principal is not associated with (ajax)-request

carstenrudat Apr 1, 2008 4:22 AM (in response to carstenrudat)

Hi Julien,

thanks for you posting. I thought, that a SSO should do it (I tried JOSSO - today I think about OpenSSO...).
Anyway, I have in server/all/jboss-web.deployer/server.xml a .

I think that this should do it?!

Carsten
Actions
4. Re: Subject/Principal is not associated with (ajax)-request

julien1 Apr 1, 2008 7:43 AM (in response to carstenrudat)

Read this : http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn
Actions

Go to original post