All,

Please help me with this. I have seen many posts on the forums about this issue, but nobody seems to have gotten it to work. If I'm going about this the wrong way, please let me know what I should be looking at instead.

The Problem
We're deploying a few portlets from a single war file named cds-ui. I can bring up the portlets fine and everything seems to work. However, when I make an Ajax call from one of the portlets, getRemoteUser() returns null. The Ajax call is to /cds-ui/foo/bar.action which is outside of the portal environment at that point.

What I've tried
I've uncommented the <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> line in server.xml and put "portal.jaas.enable=true" into my portal-ext.properties file. When I do this, I get an "unable to locate a login configuration" exception. I checked that I have a jaas config file and that catalina.bat is pointing to it (I'm using the stock tomcat 5.5 version of Liferay, so it was setup like that automatically).

Can anybody please help me with this? We *need* this to either work or find some sort of workaround or the project is doomed ;)

Maybe I have to do something with the cds-ui projects web.xml file or somehow enable my app to use this?

Thanks!
-Michael

Are you trying to get a user name in your Ajax call?

The workaround for me was passing the username as a parameter of the Ajax call.

Yes, part of this is so that I can have a user for an ajax request. But also, I have some stand-alone, non-portal pages that need a user as well.

No, I cannot pass the username as a parameter on the request. ;)

Thanks for the help! Any other ideas?

-Michael

Well, outside of the portal there is no notion of the user, so you can't get the user name. The only way to get it is to pass it as a parameter.

Then what is the point of the SingleSignOn valve or the jaas stuff? I thought it was so I could authenticate users from a webapp other than ROOT...

Thanks,
-Michael

Maybe there is another way...

I can get the username after the user has logged in via the LOGIN cookie. If I don't use the getRemoteUser call and decide to go this route instead, how can I tell if a specific LOGIN value is actually logged in? (The LOGIN cookie sticks around after the user logs out).

Thanks,
-Michael

Ok, may be you can do something

Please read this topic:

http://www.liferay.com/web/guest/community/forums/message_boards/message/364813

> Maybe there is another way...
>
> I can get the username after the user has logged in via the LOGIN cookie. If I don't use the getRemoteUser call and decide to go this route instead, how can I tell if a specific LOGIN value is actually logged in? (The LOGIN cookie sticks around after the user logs out).

I've just created a new servlet filter to be used by external servlets
(those in portlet wars for example) which will allow them to be
authorized by the portal. It's extremely simply to use.

It has been checked into trunk and has been backported to 4.4.x (but
it's pretty clean and you could easily patch an earlier release).

Look at the recent changes to:

http://lportal.svn.sourceforge.net/lportal/?rev=12619&view=rev

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/action/LoginAction.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/action/LogoutAction.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/util/PortalUtil.java


http://lportal.svn.sourceforge.net/lportal/?rev=12631&view=rev

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/external/

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/external/ServletAuthorizingFilter.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/servletauthorizing/

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/servletauthorizing/ServletAuthorizingFilter.java

http://lportal.svn.sourceforge.net/lportal/?rev=12638&view=rev

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/util/PortalInstances.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/util/PortalUtil.java

For example, you would add this in your portlet war's web.xml:



Done! Now calls like req.getRemoteUser() "should" work.

Actually, the more people test this the better...

First of all, thanks for your help!

I went ahead and upgraded to Liferay 4.4.0. I tried putting the changes you mentioned above in my web.xml and at first everything seemed to work. I getRemoteUser returns the correct user now, but I'm getting weird hibernate exceptions. If I take the filter mappings out of my web.xml file everything goes back to working. (The exact exception is a ClassCast exception: "org.hibernate.hql.ast.HqlToken cannot be cast to antlr.Token")

I can't figure out why the filter would cause that error.

The only place I deviated from your instructions was that I am hitting a struts application for these ajax calls, not a servlet. So the url pattern I used was /* instead of my_servlet/* ...

Any ideas?

Thanks again!
-Michael

Nevermind that last post... I had a few different problems going on there. First, I didn't have portal.jaas.enable=true in my portal-ext.properties file and then I had to edit catalina.bat to use back slashes instead of forward slashes so tomcat could find jaas.config.

After I fixed that, it worked like a charm. I have a non-portal page that is deployed with my portlets that I can get to just fine. Plus, now all of my ajax calls have a user associated with them!!! :-D :-D :-D

The only problem I've found is that after I reboot tomcat, and try to go to "http://localhost:8080/user/joebloggs/home", I get forwarded to /c/portal/protected and get an "HTTP Status 403 - Access to the requested resource has been denied" tomcat error page. If I try again though, I get through to the joebloggs home page and I am logged in.

Any ideas?

Thanks again for your help! That patch was sorely needed!
-Michael