Friday, April 15, 2005

Fix for JAAS Auth in Jetspeed

I've finally found a fix for our Jetspeed JAAS Authentication issue with Weblogic (thanks to help from a BEA consultant).

The problem occurs when using the JAASSessionValidator in Jetspeed to authenticate through the Weblogic app server, along with using the struts bridge from the apache portals project. After logging in as the same user in more than one session (by first logging in, and then opening another browser to log in again with the same userid), and going from one page to another in the same mode (view mode, for example), the server throws up this error:
Included resource or
file "/action/edit.jas;jsessionid=C7QZxyGkX0pm6Sp9ckM6vyfxTRJ4p1Tn0Ph3bdz
g3TJQX4pyDxwC!-2002059013" not found from requested resource "/jetspeed/portal/_

This appears to be a problem with how Jetspeed will rewrite URL's, and maybe it is more specifically related to the struts bridge. I say Jetspeed, and not Weblogic, because the problem can be resolved by telling Weblogic to only use cookies to relay session data instead of also rewriting url's. So we fixed this by placing this next configuration into the weblogic.xml file of ALL of our war files:


At least we found a work around!


Vlad said...


Can you give me any pointers on how to start with cinfiguring Jetspeed (2) to use Weblogic as it's JAAS provider?

Jeff Sheets said...

Sorry, but it has been more than 8 months since I last looked at Jetspeed. I wouldn't be able to give you a very good answer. But I know you can find all of your answers on the jetspeed-user mailing list. Try this jetspeed-user archives.