I'm trying to use BlazeDS with JAAS. The authentication mechanism is being provide by WebSphere 6.1 using Kerberos tokens via SPNEGO. The authentication system seems to work correctly and is protecting the correct URLs under the correct conditions. If I visit a pure Java servlet then in the servlet I can extract the token/principal using HTTPRequest.getUserPrincipal() so everything looks good.
The problem is that when using BlazeDS remoting, if I call a Java method and then try to get the principal using FlexContext.getUserPrincipal() the principal is always null, whereas I would expect it to be populated.
I know that WebSphere must be populating the principal correctly for standard HTTP requests since this works with a standard Java servlet, but it seems that it is not populating the principle during BlazeDS requests (or I am not accessing the principal in the correct way).
Does anyone have any idea how I can get this to work? Is there anything special I have to do to allow the token to be passed to BlazeDS or to retrieve it from BlazeDS?
I had a similar setup on a Flex project with LCDS/JAAS.
However, we did not do the authentication in Flex but in JSP. The login page was in JSP. Upon successful login, the user was redirected to the JSP wrapper for the Flex application. In the wrapper, we called getUserPrincipal() and then passed this on to the Flex application using the SWF parameters.
Thanks for your reply. I was having similar thoughts myself. I don't have a login page because the Kerberos token is automatically passed to the app server (this is a single sign-on system) but I could simply invoke a servlet, retrieve the token in the servlet and then store it in the session which can be accessed later during BlazeDS RPC calls. It's a bit messy though and it just seems strange that FlexContext.getUserPrincipal() shouldn't work.