I found that the security valve is never setting the subject in the session
attribute - is that intended or should line 95 of the
AbstractSecurityValve.java read

request.getRequest().getSession().setAttribute(PortalReservedParameters.SESS
ION_KEY_SUBJECT, subject); 

instead of the current (J2-M1) 

request.getRequest().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJE
CT, subject); 

Cheers, 
Tom 

Reply via email to